Dear HN, can we please reduce the frequency of the same inane NSA wits in every single discussion? If there are new informations or interesting opinions I’m glad to read them, but repeating ”NSA! ah-ah!” in every single article doesn’t add anything or help anyone. Awareness is already very good in these quarters, I think any HN user knows the situation and has formed an opinion about whether to assume that every communication is tapped or how much encryption is sufficient for their case.

Thank you.

I actually think that the fact that NSA's spying isn't just used for anti-terrorism purposes but also for industrial espionage is news to some people - even on HN. And it's extremely relevant to decision makers who are considering Amazon WorkSpaces.

Posting about it on HN isn't going to do anything. Have you called your congressman? Your senator? Your president? If you can't answer yes to all 3, take 5 minutes to do that instead of posting another comment on HN.

I'm also not American - and I figure it's worth pointing out the risks and responses from a non-US person's point of view to the HN crowd.

As I see things, the only possible way that the NSA's misuse of their powers (specifically regarding non-US persons) is likely to get curbed is when companies realise there's significant revenue implications. I have _zero_ voice in US intelligence gathering policy. I _do_ though, have the ear of people buying services from US companies who _do_ have a voice in forming/changing those policies. Google's position at the top of the web search food chain, and the amazing advertising business they've built on top of it, might not be enough to justify the risks involved in exposing all that data to the NSA. Microsoft/Yahoo/Google's enourmous slice of the webmail market is also a dubious value proposition if you evaluate the risks in a certain light. Amazon's dominance of the "cloud" market isn't unassailable if you take legal jurisdiction and corporate ownership into account. Salesforce becomes suspect as well for non-US users (both as a CRM and their entire force.com platform).

Those are my most likely allies in lobbying for non-US-citizen's basic human rights online. If Google, Microsoft, Apple, Yahoo, Amazon, PayPal/eBay, Facebook et al. don't start telling your government that they're losing significant revenue because of the behaviour of US intelligence gathering services, then "outsiders" like me are inevitably going to have to find alternative jurisdiction to buy those services (and to create/use replacement services with robust modern anti-nation-state-snooping levels of crypto baked in from the start. Who wants to bet against Silent Circle's Darkmail becoming a serious SMTP replacement because the Brazilian or Equadorian or German or Chinese government mandates it's use nationally - even if it's only done as a political point-scoring "stunt", something like that could be a _major_ win for global internet privacy.)

Well, what are the risks off exposing your data to the NSA? This seems to be assumed to be this terrible thing, making it worth it to undertake expensive and annoying measures to avoid it. Do you really think this is going to be worth it to anybody? What is the story by which a specific calamity befalls someone whose data is caught in the NSA dragnet?

As others have pointed out, the NSA can spy at will everywhere else in the world. Nevermind that Germanies spies are probably in on the scheme.

The risk from private bad actors on the internet is much higher.

Industrial espionage is a very real thing with very real risks for larger companies. Here is one example of how NSA could use (and may have used) the data they're collecting to help American economic interests: http://www.techdirt.com/articles/20130909/04383424450/latest...

From examples I've read about and noticed over the last 5 or 6 months - things like "parallel reconstruction" leading to non-intelligence services targeting people for drug offences, things like journalists being bailed up at customs by DHS staff with printouts of personal email, things like the Perobas (the Brazilian oil company) revelations/suspicions. And _most_ obviously, the Snowden leaks themselves. Snowden leaked everything he did publicly at _great_ personal cost – is it even _vaguely_ plausible that others in similar positions to him haven't abused the NSA data collection for much-better-hidden personal gain? If I could have been snooping on all incoming and outgoing YCombinator email over the last 5 or 10 years, how many "lucky" investments do you suppose I could have made?

Even if I agreed that it was appropriate/acceptable for trusted NSA staff to have access to all global email/phonecalls/whatever - it's _obvious_ they don't have adequate protection in place to prevent mis-use. When they've got cutesy nicknames like "LOVEINT" for things that are obviously so common, yet are (or should be) criminal abuse of positions/power – how could anyone accept "the NSA dragnet"?

I understand "national security" is important. I understand "stopping terrorists" is needed.

I also think if the US government, people, and businesses think "the rest of the world" will just sadly watch on as they allow the NSA to continue doing what they are doing, they are mistaken - and the blowback will be _astoundingly_ counter-productive for the NSA's _important_ goals. When it becomes clear that we need (and can create) things like strong crypto with easily useable software, TOR-like anonymising techniques (but not, of course, your US government designed and probably exploited TOR), encryption where we trust both the math and the implementation (and by "trust" I mean trust mathematicians and software crypto experts from non-US backgrounds, and preferably from conflicting backgrounds as well - I'd take software/crypto advice agreed to by a majority of Russian & Indian & Brazilian & Equadorian & Chinese experts over conficting advice from Schnier or Zimmermann or and US or Five Eyes affiliated person/business) – we will. And when "the next level" of "secure against the NSA" communication tools become available and widespread - and widely made available to politicians, businesses, journalists, and regular citizens - guess who _else_ will have it? And how will the NSA conduct their "war on terror" then? (and their less acknowledged but very real "war on drugs" and "war on non-US companies profits" and "war on journalists critical of US policy" and "war on US citizens demanding their government be held accountable"?)

That is an interesting observation of blowback from NSA overreach (stronger crypto enabling bonafide bad actors to escape detection).

I appreciate the response, as I feel like many people post here with sort of an implicit perspective that it is obvious that pervasive NSA spying is a catastrophe.

I still maintain that all of the issues you've outlined are not going to considered that bad by your average citizen. Especially in comparison to the pain and cost of duplicating Google's type of services on a personal or organizational level.

So what is interesting to me is that, if you grant my premise that your average civilian is not going to be that upset by this, so many tech types have such an opposite response.

While it may be more doable for a techy to set up secure web services, it still strikes me as an outlandish use of resources given that the vast majority of them truly don't have anything to fear from the NSA.

Figures like Snowden are a special case, as are anti authoritarian crypto activists, as the intelligence community obviously sees them as a threat.

My thinking generally is that there is no way to stop the NSA and similar agencies from spying like crazy. So if we all just assume that all of our electronic communications are non private, it simplifies the issue. (Considering the internet as public space). So to have secure computing, you simply can't hook your computer to the internet.

What is more disturbing to me than the spying is the ridiculous over use of secrecy and classification, which I think breeds far more opportunities for abuse. For pulling the curtain back on this, Snowden is a hero.

I'm not American. And awareness is first step.

> I actually think that the fact that NSA's spying isn't just used for anti-terrorism purposes but also for industrial espionage is news to some people

Is there any evidence that this is the case?

The Guardian, Reuters, et al have written about this.

I was involved in an investigation and Amazon was the only company involved that downright said "our lawyers reviewed your claims and your warrant is too vague and is unsupported." Goes to show that judges sign anything these days; it's important to have a company that has your back. Comcast gave me up in a second.

Likely easier for them to penetrate a typical corporate network than Amazon's

Unless Amazon is secretly in bed with them as well

Amazon are building the CIA a cloud, so they'll at least be talking.

CIA contracts don't come cheap.