Ed Snowden crocked cloud, says VMware CEO Pat Gelsinger Edward Snowden crocked the cloud for everyone, says VMware CEO Pat Gelsinger. Speaking at VMworld 2015 today in San Francisco, Gelsinger said he once assumed that organizations would decide to work with an infrastructure-as-a-service company, a platform-as-a-service supplier, and some software-as-a-service outfits, and then …
Seems unfair to blame Snowden - the blame surely lies with the various countries' spy agencies and their all-your-data-is-belong-to-us attitude.
All Snowden did was make it very, very clear what was going on. It's up to each of us now to make the judgement call - either "eh, everyone spies on everyone else, it's a fact of life, deal with it"... or "store my valuable data in the cloud? Why wouldn't I just save time and mail it directly to GCHQ/NSA/...? No way José!" according to preference/paranoia level.
The real dynamite was laid down long before Snowden was even in his first job... You can all say thank you to Uncle Sam for that catastrophe. Now bow down whilst we verify your anal passages for "terrorist" threats....
I wonder who the real terrorists actually are, the so called savages of the desert or the power greedy animals that control the banks/media etc...
One way to protect data from snooping is to maintain it in encrypted form, not just 'at rest' in hard drives etc., but in computer memory and even in processing. This sounds impossible, but it's not - quite. See https://en.wikipedia.org/wiki/Homomorphic_encryption. This fairly new science or methodology performs all the minimal required computational activities - add, multiply, boolean ops, etc. - on encrypted data using encrypted algorithms. It was long thought impossible but now has been proven to work at least to some extent. IDK if Turing-completeness has been shown.
This methodology would allow a dataset and all of its operations be unsnoopable, even in a compromised computer whose memory can be read by a third party. I believe that this will eventually become an essential tool for the post-human set. A computer intelligence or 'uploaded human' is basically a large complex 'agent' that can move itself around the cloud, and process its functions on any computer in the cloud. But to maintain its identity it _must_ have boundaries, _must_ be able to keep secrets about its internal state. To do so in a complex unpredictable cloud where the agent (or components thereof) may be running on any computer anywhere, every bit of information within the agent must be protected even from memory dumps. AFAIK homomorphic encryption is the only way to assure that.
There is a huge price, which will make computer makers happy. Unless I'm wrong, or quantum computing or something takes over, this method will require two, three, or four orders of magnitude more processing power to accomplish any task.
Homomorphic Encryption is absurd - it isn't computationally useful unless you like pretending it's the 1940's on extremely powerful and expensive hardware; and it will likely always be thus (nobody can see a path through the quagmire and it's not like it's going to magically appear and even if it does it's decades away).
The solution to this particular technical problem is a legal one; and that looks decades away too.
I think much of what the spy agencies were doing was already illegal so I don't see how new laws are going to improve the situation. Especially when you've got clowns like Obama refusing to prosecute people who ordered and/or committed acts of torture on detainees because, well, 'we need to look forward as opposed to looking backwards'. Not to mention the raft of retroactive laws the UK are trying to pass to make previously illegal acts legal.
But I suppose since Obama has expanded domestic spying into an authoritarian's wet dream he wanted to ensure there was precedence for not prosecuting the previous administration's Constitutional abuses.
I said it's a legal problem not that it needs new law. It needs civilian oversight and courts willing and capable of enforcing the existing law. Neither of those are true today.
The US has a separate problem in which none of it's legal protections apply to non-US citizens outside the US - even if that changes we're a long way from them acknowledging that's even a problem (and killing their tech sector by not using it is probably an way to start clearing that up).
I'm having a hard time seeing it that way. If we must use that comparison then I'd say it's more like the other way around. Didn't Capitalism lose a point by being reigned in by new data sovereignty laws? Didn't Freedom win a point by striking a blow against those who would take our freedoms away?
"....Didn't Capitalism lose a point by being reigned in by new data sovereignty laws?...." Well, not really. The Big Biz chaps still needed to work Worldwide, so they bought more systems to make more clouds to fit the local laws (or just paid insultants to make it look like their big cloud was actually several small clouds and pretended no data was shared). The insultancy companies and resellers all went bananas with the salespitch around the idea Big Biz now needed several clouds rather than one, neatly solving their previous problem of "how do you sell a second cloud to a company you have already sold one to?" And the "security" insultants selling encryption software/hardware have thanked $DEITY for Ed Snowjoke. It's a bit like the Y2K bug - a lot of hot air, a lot of saleswork, a lot of legislation, and a LOT of money, made off a relatively minor problem.
The problem was created by over-reaching organs of the state. It would leak eventually. Glad it's leaked already not in future. (The states are guaranteed to leak our data and are doing so frequently. So many were living in an idiot's paradise.) Don't blame Snowden, the messenger.
-10 for that company. (Thought failure)
Unfortunately many nation states are now moving to guarantee that insecurity endures, they hope perpetually. Not the fault of freedom loving people who understand this world.
Beginning of the Computocalypse?
"multinational businesses will need to pick a collection of suppliers that comply with various jurisdictions' requirements"
As opposed to their usual attitude of "do it however we bloody want and ignore what we're told by local authorities while pretending to listen politely".
My heart bleeds for them, really it does.
Whilst the statement "Ed Snowden crocked cloud..." might even be true, I would say that the cloud was going to be crocked at some stage anyway. Did we really all believe that the world had transformed into some fairly-land like place where everybody trusted everybody and there would be never be any chance that anybody would ever do anything as naughty as snooping? If we did, I'm glad we got the wake-up call. Thanks Ed!
that you can get to be CEO of an operation like VMware and think that there won't be difficulties with the varying data retention laws in different jurisidctions if you use just one 'data cloud' globally? Snowden's got nothing to do with it, legal problems would have arisen sooner or later.
I wish I got paid so much for my flights of fantasy!
>that you can get to be CEO of an operation like VMware and think that there won't be difficulties with the varying data retention laws in different jurisidctions if you use just one 'data cloud' globally?
I'm sure he does know. He's trolling because otherwise his event would really not be newsworthy.
'Tis but click-bait which aids him and the press.
It's ridiculous to put anything on Snowden regarding the aftermath of his revelations, isn't it! Poke fingers at the CAUSE of all this hell: #OurStupidGovernments. Wishing we could stick our heads back in the sand, wishing patriot Snowden had never taken down The Surveillance Curtain, is foolish.
Can we move along now with our response to these profound attacks on our citizen privacy?
I was just discussing a similar issue with the CEO of Bright Plaza (and inventor of self-encypting drives) - http://brightplaza.com. Without going into gory detail, one can strongly encrypt a file in country X using split-key technology. Put portions of the key in countries with strong privacy, without moving them over compromised links (i.e. US pipes). Then the data can be transmitted anywhere and stored anywhere, securely. Done correctly this would prevent any legal method to force exposure of the key. To access the file, simply return the encrypted file to the original country (or transmit to another desired country, where the split key can be restored and the file decrypted.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
