Microsoft's Brad Smith on the Collapse of Safe Harbor

Microsoft's President Brad Smith has a blog post discussing what to do now that the US-EU safe-harbor agreement has collapsed.

He outlines four steps:

First, we need to ensure across the Atlantic that people's legal rights move with their data. This is a straightforward proposition that would require, for example, that the U.S. government agree that it will only demand access to personal information that is stored in the United States and belongs to an EU national in a manner that conforms with EU law, and vice versa.

Second, this requires a new trans-Atlantic agreement that creates not just a safe harbor, but a new type of connection between two ports. We need to create an expedited process for governmental entities in the U.S. and EU to access personal online information that is moved across the Atlantic and belongs to each other's citizens by serving lawful requests directly with the appropriate authority in an individual's home country. The requesting government would seek information only within the limits of its own laws, and its request then would be reviewed promptly by the appropriate government authority in the user's country of nationality. If the designated authority determines the request is consistent with the privacy protections and other requirements of the citizen's local law, it would validate and give it legal effect, authorizing disclosure.

[...]

Third, there should be an exception to this approach for citizens who move physically across the Atlantic. For example, the U.S. government should be permitted to turn solely to its own courts under U.S. law to obtain data about EU citizens that move to the United States, and the same is true for a European government when U.S. citizens reside there. This is consistent with longstanding legal principles, as well as the practical reality that public safety issues are most pronounced when an individual is physically present in a jurisdiction.

Finally, it makes sense, except in the most limited circumstances, for governments on both sides of the Atlantic to agree that they will seek to access the content of a legitimate business only by means of service on that business, even when it is stored in the cloud. This would address one of the principal areas of current legal concern for businesses that are relying on cloud services.

We can, and should, argue the details. But this seems like a good place to start for this set of issues.

Three news articles.

Posted on October 26, 2015 at 8:40 AM • 52 Comments

Comments

HmmmmOctober 26, 2015 9:00 AM

This from the company that won't let you keep Windows 10 from phoning home, nor tell you what it's sending or even what is in a patch.

Actions Microsoft, speak far louder than blog posts.

Bob S.October 26, 2015 9:04 AM

"First, we need to ensure across the Atlantic that people's legal rights move with their data...."

Who is we? That sounds like a coalition of corporations and governments, to me. Thus, setting up the people as "them" aka the enemy.

I notice the concept of trust was not addressed. Is that acknowledgement trust is impossible?

I strongly suspect Five Eyes and all other government entities could care less about Safe Harbor and will do whatever they please with or without a new agreement, and take the corporations along with them.

In my way of thinking, details would merely create smoke and mirrors disguising cyber reality.

AnonOctober 26, 2015 9:13 AM

The US Govt has long insisted that its laws apply globally. First it was Marc Emery of BC, never been to the US, as part of the War on Some Drugs. Now they are going after small financial fish like the daytrader in London who is fighting extradition. Getting the US Govt to change its view in the matter will be a long & losing struggle. Govt losing that struggle might impact the drone wars. MS has played "Beat the Reaper" with the US Govt before, and basically won, but don't look for a repeat.

jonesOctober 26, 2015 9:20 AM

Something stands out to me about the blog article quoted:

Legal rules that were written at the dawn of the personal computer are no longer adequate for an era with ubiquitous mobile devices connected to the cloud. In both the United States and Europe, we need new laws adapted to a new technological world.

Compare the sentiment to a policy article published last year in Science, where Herbert Lin writes:

"Evolution of technology may call into question legal concepts formulated in an earlier technological context."

If an individual wants to molest children or rape, the law doesn't change to permit this. Yet, when technology changes in ways that invade privacy, we talk about changing the laws for the corporations that make the technology as though it were some cosmic imperative.

Why is it always the laws that need to change? Maybe it's wrong to allow companies to sell these products. Maybe there are no technical solutions, but only cultural ones. Maybe technological growth isn't good for us, even though we like it.

I understand that Brad Smith's position is somewhat different than Herbert Lin's, but when Mr. Smith makes statements like "Microsoft CEO Satya Nadella said clearly over a year ago that we want technology to advance, but timeless values should endure. And privacy is a timeless value that deserves to endure" I have to be skeptical of how PR interests inform his views.

Microsoft makes software especially for law enforcement intercepts https://en.wikipedia.org/wiki/Computer_Online_Forensic_Evidence_Extractor and is a proponent of the very technologies -- like cloud computing and ubiquitous online devices -- responsible for undermining traditional notions of privacy.

I don't think there are technical solutions to these issues; I think the legislative solution involves forcing corporations to serve the public interest. The first step in this direction would involve legislatively capping revenues. Our private lives are their prime growth area. These corporations are legally chartered, and we don't have to allow their charters to do this.

Of course, some laws governing privacy in the US would be nice too... A good place to start with that would be to codify some of the FTC policy resulting from attempts to regulate "terms and conditions"

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312913

One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has barely been studied in a scholarly way. Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. Despite over fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices. Thus, in practice, FTC privacy jurisprudence has become the broadest and most influential regulating force on information privacy in the United States — more so than nearly any privacy statute or any common law tort.

In this Article, we contend that the FTC’s privacy jurisprudence is functionally equivalent to a body of common law, and we examine it as such. We explore how and why the FTC, and not contract law, came to dominate the enforcement of privacy policies. A common view of the FTC’s privacy jurisprudence is that it is thin, merely focusing on enforcing privacy promises. In contrast, a deeper look at the principles that emerge from FTC privacy “common law” demonstrates that the FTC’s privacy jurisprudence is quite thick. The FTC has codified certain norms and best practices and has developed some baseline privacy protections. Standards have become so specific they resemble rules. We contend that the foundations exist to develop this “common law” into a robust privacy regulatory regime, one that focuses on consumer expectations of privacy, extends far beyond privacy policies, and involves a full suite of substantive rules that exist independently from a company’s privacy representations.

keinerOctober 26, 2015 9:23 AM

Good laugh!

Microshyte? Isn't that the company behind Windows? Did a fresh install of Win 7 yesterday, for about 20 hours now trying to retrieve the updates from Microshyte servers, without success.

After about 18 hours I knew that I have to download 133 updates, but since then 0% have been downloaded.

Hope this "company" is bankrupt within 5 years...

thsOctober 26, 2015 9:43 AM

@keiner: you can download the windows security updates with a helper tool, and then apply them to multiple installations from a local source.
http://download.wsusoffline.net/
German c't magazine has instructions on how to create a Windows install image with (nearly) all patches included in the current issue #23.

terry WallaceOctober 26, 2015 9:46 AM

@keiner - seek out middle-schoolers nearby. They can probably help you get through this.

Joe KOctober 26, 2015 10:43 AM

In the beginning, Mr and Mrs EU thought that Mr and Mrs America seemed
like nice people. They certainly seemed to be wealthy enough, and they
were relatively well-educated, after all.

And they had such a nice yard. So why not allow little European Eric
to go over to little American Joe's house to play?

Surely little Eric will be safe!

Why?

For the simple reason that, from all appearances, the American house
is a safe place.

But, as it happens, the US government's metastazising law
enforcement/intelligence agencies (pardon the momentary loss of
metaphor) were caught molesting children. Not just their own children,
but the children of the entire global neighborhood.

The US response, of course, is to throw into chains anyone they can
lay hands on that revealed this conduct.

The EU response is to say, "Sorry American Joe. Nothing personal, but
European Eric can't go over to your house to play anymore. Seeing as
your Daddy and Mommy are insatiable child rapers, your house
isn't a safe place."

Sensible enough.

But wait! It occurred to Brad Smith that perhaps something can be
worked out! He's a problem-solver and, as we can all see, there
clearly is a problem in this neighborhood!

So he took off his business coat, put on his problem-solving cardigan,
and got his solve on!

Here is what he came up with:

  1. Scouts honor, Mr and Mrs America will only rape their own children from now on.
  2. Supposing in future that European Eric pays a visit to the
    American house, and should Mr or Mrs America feel like touching Little
    Eric (strictly platonically, mind you) they will call the
    European house, ask to speak to a grown-up, explain how and where they
    intend to touch little Eric, and then abide by the European grown-up's
    decision. Naturally, Mr and Mrs Europe should feel free to do
    likewise, whenever American Joe is at their house.
  3. But, naturally, all bets are off on sleep-overs! I mean, what the
    hell is a sleep-over for anyway, amirite?

And thus he crooned, "Won't you be, won't you be, please won't you be
my neighbor!"

Deliberate ConfusionOctober 26, 2015 10:52 AM

Windows 10 is deceptively instrumented mass surveillance spyware. You have zero privacy.
As Snowden documented, MS was the very first partner to share personal data with the government.

Brian SOctober 26, 2015 11:20 AM

@Jones

I agree with your sentiment in some ways, but there is also the fact that many laws were written in ways that poorly reflect the realities of what Computers represent now.

Either they are structured in such a way that their inclusion of Computers and electronic data is dubious and/or not assured.

Or they were written in such a way that lacks the proper scope (narrow or wide).

Take privacy laws. Invasion of privacy used to be a matter of keeping a person off your property.

But these days people can invade your privacy without ever setting foot in your house. All of it enabled by the rise of Computers and the internet.

PJOctober 26, 2015 11:34 AM

I don't think Brad realizes how serious the problem is. European citizens fall into two camps:

those who are busy watching TV / earning a crust and who don't pay attention
those who pay attention and who no longer trust the US

"Charlemagne" in last week's Economist had a column on TTIP making the case for an alliance of democracies, one that is fatally undermined by the large and growing conviction among those paying attention that the US just can't be trusted.

This is not now just a matter of keeping data secure, but whether the US as a country is ethical. For a long time it has been behaving as if above international law, and as if it lived on another planet, with its own climate.

As a European I have no interest in a workaround that provides reassurance that it's safe for me to continue to use Microsoft products. It's meaningless if the US doesn't abide by its own constitution. It hasn't, and currently I do not trust it to do so in future.

Alan KrugleOctober 26, 2015 11:49 AM

Brad Smith's central argument is based on a fatally flawed assumption: that the NSA abides by the rule of law. If the NSA cannot be trusted to respect constitutional law in its own nation, how can European citizens ever trust it to respect their own data abroad?

melted trumpetOctober 26, 2015 11:58 AM

Eccuse me, I'm not sure I'm getting this straight ... Is this the CEO of the company that's behind Windows 10 giving us a lesson on how the world needs to move forward with privacy laws and personal data? One might as well ask ISIL about the protection of archeological sites.

Cow GliderOctober 26, 2015 12:11 PM

Microsoft's proposal is pure genius: the perfect framework to ensure that enormous changes are seen to take place without really affecting the status quo.

Smith's solution in a nutshell:

-You continue to send us your data, we continue to store it
-We renew the promises that you know we haven't kept, wrapped in reworded worthless legalese
-You take our word for it
-We continue to spy on your data behind the scenes, just like before

zucOctober 26, 2015 12:18 PM

The USA agreeing to abide by the laws of another country in a situation where the other country provides weaker freedoms for business is, to my knowledge, unprecedented and has approximately zero chance of happening.

The European Parliament has enough corporate lobbyists infiltrated within it that I expect that they'll be able to resolve the problems in favour of freedom of information transfer without too much resistance.

Wilton VersluisOctober 26, 2015 12:34 PM

Here's an alternative proposal for the protection of non-US citizens' data:

1. Open source code for all operative systems, software packages and hardware firmware (I particularly look forward to MS investing significant R&D into verifiable compilations)

2. Strong client-side encryption enabled by default on all data that leaves the host computer

3. Decentralization of the internet backbone, so the USA will have physical control over only a small percentage of the world's traffic (I look forward to MS lobbying the Congress for this)

Elijah SentenoOctober 26, 2015 1:09 PM

@Relevant

The way I see it, protecting one's personal data is not living in the past. It is those who pretend that the Snowden revelations never happened and it's "business as usual" who are stuck in the past.

WinterOctober 26, 2015 1:16 PM

The Collapse of Safe Harbor is (sadly) less apocaliptic than generally portraited. It simply means that companies must now negotiate with all the individual countries separately.

However, Schrems has said he will also fight the individual agreements.

The collpse of trust in the USA is real, though.

name.withheld.for.obvious.reasonsOctober 26, 2015 1:26 PM

@ Winter

The collpse of trust in the USA is real, though.

Not just an understatement, the scope of that dis-trust is global!

albertOctober 26, 2015 1:31 PM

I think 'privacy' is a non-issue and a smoke screen. It's corporate theater. MS wants what it always wants: control. They want your data in their cloud; they want you to rent their software; they want you to use their 'services', etc. It's typical monopolistic thinking and it's been that way from the beginning.

Since 2000, Steve Ballmer oversaw a spectacular decline in MS business. If he had only stayed a little longer...

. .. . .. _ _ _

name.withheld.for.obvious.reasonsOctober 26, 2015 1:38 PM

@ Alan Krugle

Brad Smith's central argument is based on a fatally flawed assumption: that the NSA abides by the rule of law. If the NSA cannot be trusted to respect constitutional law in its own nation, how can European citizens ever trust it to respect their own data abroad?

The situation I believe is worse than one would expect.

The CIA has gone completely rogue under the auspices that in the new digital surveillance regime it is nearly impossible to maintain the covert identities of agents. As the NSA surveillance is pervasive, the CIA claims it cannot maintain its own operational integrity. Thus, the CIA has essentially disconnected from the nation state and has become an entity of its own making, control, and management. This is a very troubling development. Both the development of a surveillance state without boundaries and agencies acting completely outside of domestic U.S. and international law.

Clive RobinsonOctober 26, 2015 1:43 PM

Is it me or does the Brad Smith ideas sound like the babbling faux promises of a serial philandering husband caught in the act and hoping that his wife will once again not cut the crotch out of his trousers with pinking shears?..

Lets be clear neither the US Gov or US Corps have any respect what so ever for other countries laws or rights or freedoms. Likewise they have no respect for their own citizens either...

Perhaps it's time the rest of the world gave the US not just a divorce but a perpetual restraining order, such that they stay permanently inside their "three mile limit"...

Sadly that's not going to happen, so maybe 180 some of their policies, so they apply to the US.

The first step, ditch the US dollar as the world trading currency, and force the Fed to return all reserves held "on behalf" of other nations, which the Fed has effectively misappropriated. The second take the US out of the centre of all telecommunications. Thirdly invalidate all US patents which are not for physical methods, or pre-disclosed before filing, or filed without full methods (ie scupper the submarines). And as the US is fond of forcing it's corporate views on the world, return the favour strike out all IP derived from others works, and prevent IP being established on collecting personal or copyrighted information. Oh and chuck in serious liability for breach of personal privacy, where class action is settled in international courts and any fines guaranteed by the US Government.

If people think this a bit tough go check out the trade treaty imbalances the US is trying to force on others... OH I forgot, you can not the US insist they must be kept secret from the elected representatives of all nations involved, but... US Corps have not just a ring side seat on the negotiations, they actually get to make proposals and vetoes, but.. Shh you are not supposed to know, the secrecy here is rated more highly than just about any other aspect of Obama policy...

name.withheld.for.obvious.reasonsOctober 26, 2015 2:11 PM

@ Clive Robinson
What you suggest is something I'd argued a few years ago, the rest of the world has to give up on us (U.S.) as there is not the will to draw the misuse of power back from the brink/abyss.

It is interesting that the framers of the U.S. Constitution (Franklin, Jefferson, and Madison in particular) felt that "Enlightened Self Interest" as opposed to the current political theory "Purely Self Interest" would allow our better angles to prevail. The Ayn Rand virus that has infected the political class is a form of Libertarianism in which an individual sacrifice is a sin. It's as if any personal sin is valid in that it supports the state--how delusional is this kind of thinking?

Shooting all my neighbors so I may enrich myself is not an act of sacrifice (unless you believe that the blatant use of power in killing others is some sort of religious ceremony held on top a stone pyramid).

This goes to the very issue that confronts us, let me summarize:

1.) We bomb various countries to enforce our sense of moral behavior
2.) We then wonder why they haven't yet "Liked U.S." on Facebook
3.) Since they haven't "Liked U.S." on Facebook, we send in more bombs
4.) Again, we wonder why they are still not posting likes about the U.S. on Facebook
5.) Facebook adds a "Dislike U.S." button to appease the heathen masses
6.) The political class rewards itself for re-thinking the Middle Eastern strategy, thanks Facebook!

WinterOctober 26, 2015 2:47 PM

@Clive
Although following your suggestions would be satisfying, that is largely impossible.

Firstly, the global position of the US are more or less like that of the Roman empire just before Ceasar won the civil war. The rest of the world simple is militarily not strong enough to take on the US in a game of bluff.

Second, due to very perverse situation where most of the world are net savers, the global economy depends on the US to be net spenders. The whole interconnected mutual debts make that a US that starts saving money a disaster for the rest. At least initially.

Gerard van VoorenOctober 26, 2015 2:50 PM

Lots of skepticism, and correct IMO.

Lots of good ideas as well. The problem here is that it's the politicians who have the power. These politicians are out numbered with lobbyists (the so called experts, with clear motives) especially in Bruxelles. Here is the issue. Are the politicians looking at this blog? If they do, we are "safe", because, let's face it, it's all being said.

Ervin ZehmOctober 26, 2015 4:16 PM

@Winter
"The collpse of trust in the USA is real, though."

It certainly is, and I'd imagine the relevant companies are feeling the squeeze back in the US of A, because for the first time ever here in the UK Facebook has plastered most of London underground (and most bus stops in the city centre) with huge advertisement posters. Google has been running full-page ads in national newspapers too. It all has a waft of sudden desperation. (Pure speculation here, but I wouldn't be surprised if the campaigns were actually funded by Uncle Sam on the quiet, in exchange for ruining their clients' trust by coercing them into warrantless dragnet surveillance programmes.)

rgaffOctober 26, 2015 6:32 PM

@name withheld

"some sort of religious ceremony held on top a stone pyramid"

funny you should mention that since there's an all-seeing eye on top of the pyramid on the one dollar bill...

Miguel SanchezOctober 26, 2015 7:23 PM

@Relevant?

Here's an interesting opinion from Kaspersky saying that the Safe Harbor decision is pointless now that data is accessible at the touch of a button.
"So, the bad news is, that people from the past are trying to handle information in an old-fashioned way like they’re handling some stuff from physical world."
https://blog.kaspersky.co.uk/amazing-adventures-of-personal-data-in-europe/

I am not sure how that is stating it is pointless. The article actually points out that the Safe Harbor act is not able to be appealed. This means even if the US were to change their approach to 'other people's data', I would think, that the decision would not be over turned.

Technically, if the database is in Germany and the primary software is run in the US, it does matter. While the primary software could still access that data and even duplicate it - at this juncture - that the database is in Germany would mean that Germany authorities could better access it their own selves.

If the US was hoping to access data by physical location of the databases, that would put a nut in their plans. It might be noted that physical access to databases can help surmounting security controls even in this digital age. Domestic control is important. Companies which store data do require extensive physical security -- "Mr Robot" show displayed a good example of "why".

It is certainly a meaningless distinction in this way:

With the passage of CISA every company will have it in their vested interest to surveil and keep all user data for the auspices of handing to the US Government for "cyber security purposes"; the dual meaning of this functionality, of course, is that the US Government can use that data for other intelligence and law enforcement purposes as well. And so can the corporations storing and surveiling the data.

PCI-DSS? European Privacy regulations? Specific governmental regulations? Industry and customer specific regulations? All out the window with CISA. One handling of the data can be up to snuff with regulations -- the other handling of data can decidedly not be up to snuff. Literally. According to CISA. "Because" it is data used for "cyber security" purposes.

For Lenin, his justification was against "enemies of the revolution". For Hoover, it was against Communists and "anti-Americans". For Hitler, it was against Jews. Today, and in the old graphic novel "V is for Vendetta", it is against "terrorists".

Companies will be free to use that data for their own purposes, including marketing and consumer analysis, and possibly creating and expanding user detail markets; the US will be able to use the data for every manner of desire they wish from corporate espionage for their favorite defense contractors to political profiling of target lists for drone strikes.

Kind of joking on that last line, but making a point.

name.withheld.for.obvious.reasonsOctober 26, 2015 7:56 PM

@ Miguel Sanchez

Kind of joking on that last line, but making a point.

Quick, put up a pro-Jihadist web site and see what kind of hits you get...I bet one of them is from a hellfire missile. If you haven't already heard, hackers have been declared enemy combatants by the U.S. Army--OFFICIALLY.

At first my thoughts ran to "it is some sort of FBI hacker crackdown conspiracy" (most FBI seem to be prone to crack), then I found the text that formed the basis for the use of drone strikes on foreign or domestic "hackers" (now the same as terrorists, evidently). No distinction is made between "Cracker" or "Hacker", that leaves MANY vulnerable to the misinterpretations of the federal government. The U.S. Army's definition of hacker is so broad as to include many scientists, engineers, and even lay people with more than a modicum of curiosity.

Goodnight, and good luck!

Miguel SanchezOctober 26, 2015 10:19 PM

@name.withheld.for.obvious.reasons

If you haven't already heard, hackers have been declared enemy combatants by the U.S. Army--OFFICIALLY.
. No distinction is made between "Cracker" or "Hacker", that leaves MANY vulnerable to the misinterpretations of the federal government. The U.S. Army's definition of hacker is so broad as to include many scientists, engineers, and even lay people with more than a modicum of curiosity.

I think they would want to know what the heck I was doing all that time at those places I worked first.

I am at the level that I get kept off lists.

But, yeah, that is news to me, but not in general. Multiple agencies and the White House have made broad statements indicating very vague terms as threats nearly up there with terrorists in regards to "hackers". Sometimes they are bit more "specific" with terms like "hacktivists".

Considering that the very worst "hacktivism" done in the past ten years was by a group under the control of the FBI, I am not too worried about it.

Never mind that your list there is far more large then just a few. A huge portion of people with top secret and lower clearance work in IT security.

Most of the headliners at the top security conferences either have worked for the government or do, the US ones, anyway. And those conferences are huge. Packed with corporate IT security staff who protect both government and corporate infrastructure. Practically all of them could very well be called "hackers" in the sense of the word that includes "security".

While not many literal job titles say "hacker", it is basically how IT Security staff call themselves to explain to anyone outside of the field what they do. Everyone understands "hacker". Except the US Government lawyers who come up with these broad brush definitions, it seems.

tyrOctober 26, 2015 10:26 PM


Last time I looked internet.org was Brewster Kahle
home of the wayback machine. The thoughts of the
unspeakable obscenity Zuckerberg using that Net
address is hard to fathom.

I think Brazil is a lot better metaphor movie than
V, for its realistic portrayal of the war on terror.

It strikes me that far too many fools think that
once a comp is involved the physical world fades
into obscurity via some magical process. Just the
fact that a world circling communications system
exists doesn't make the world disappear. That is
the kind of thinking used in politics with a lot
of disastrous results ( the refugees pouring into
the borderless EU are a lovely example ).
*example.)

65535October 27, 2015 1:03 AM

I agree with: Hmmmm, jones, keener, Joe K, Deliberate Confusion, PJ, Alan Krugle, melted trumpet, Cow Glider, Winter, name.withheld.for.obvious.reasons, Clive Robinson, Miguel Sanchez, Facebook’s Shameful Doublespeak, and other,

That M$ is talking out of both sides of it mouth as they are neck high in Data Mining via Win 10 and collusion with Government.

M$ Chief Lawyer and CEO has just realized his investment in pervasive Data Mining is going to be severely damaged by the US-EU safe-harbor collapse. In fact, barrister Brad Smith is starting to sweat over the consequence of losing money on his huge investment in trafficking of personal data [Windows 10].

Further, M$ statements about “Privacy is a fundamental human right” rings hollow considering M$’s close relationship with various Spy Agencies, Win 10 and CISA. M$ is a principal provider on personal information to these Spy Agencies.

M$ should get back to its core business of actually making “Personal Computers” without back-doors. M$ should stop trying to emulate Facebook and Google with Data Mining as their core business strategy.

In short, M$ should clean up its own act and put the “Personal” back into Personal Computers – without providing the Government with back-doors [and stop talking out of both sides of its mouth] before complaining of EU laws.

By the way, Clive R. has a blistering post on the whole situation. It's better than I could.

UnknownOctober 27, 2015 1:35 AM

Related: https://www.privateinternetaccess.com/blog/2015/10/european-supreme-court-because-nsa-u-s-corporations-have-no-agency-to-guarantee-privacy/

I read this news several weeks ago. A little bit late to discuss I think.

To make people throw Windows PC out of their window and make them
use Debian, I think Debian devs need to create more "friendly" OS.

Sure, I can use black screen to do something, but to be honest Linux is still
not user-friendly.

For example (half-true story):
"Why I can't play XXX on Linux? Why I can't execute ~~~.'exe' file?"
"Why the layout is different than Microsoft Office? Whaaa I'll lose my job!!!"
"When I run (some harmful command) from this forum, I lose all my files WTF"
"No Antivirus software? Linux security is worse than Windows!"

......Several years ago, I've convinced employer to use Linux, and today everyone use Linux in my company.

Micky Mc$haftOctober 27, 2015 1:44 AM

Let me get this straight.

Micro$haft - the infamous authors of NSA_KEY, back-doored BitLocker, Win10 Spyware Pro, Creepy SWF Cortana, infiltrated cloud networking and the #1 MIC lap-dog bitch - suddenly cares about *cough revenue *cough future earnings growth *cough I mean, privacy?

Bwa ha ha ha ha ha ha ha..... I like this speech better:

Micro$haft CEO [approaches the podium grimly]:

"Thank you for coming today. I will keep my speech brief and to the point.

There are four steps we need to address the convergence of corporates and the nation state - a classic feature of fascism.

1. We need to fully open our Windoze software repositories - all of it - and re-classify it as a FOSS.

We need to restore trust lost by the globe as our role as Stasi sympathizers. We need Windoze to be forked a million different ways, and allow the code to be peered over and improved by computer experts the world over.

2. By breaking down our monopoly, we believe our 'American exceptionalism' in providing a superior O/S and code will enable us to thrive and prosper in the new century. Further, this will contribute greatly to transparency, security and privacy.

Indeed, we will adopt the successful business model used by Red Hat Linux and others - providing a paid service for users of large corporate, government and other networks where it is required.

3. Micro$haft will use its billions in cash, the smartest graduates we can find, and the expertise present in the cryptographic community to develop the strongest end-to-end encryption protocols possible.

We will develop a specialist research division dedicated to the development of encryption ciphers, and assisting in new NIST branch forks at a rapid pace.

4. Micro$haft recognizes that trust can only be restored - and the damage undone to our reputation - by admitting we were complicit. Thus, going forward, we humbly seek to rebuild our tarnished image with the global community via this new paradigm.

Ultimately, Micro$haft recognizes zero trust can be placed in authorities, third parties or other entities. They have shat on the constitution and jerked off on the Bill of Rights; they don't respect life, liberty, the pursuit of happiness or justice.

We recognize that many technological solutions are required to empower the individual.

Never again should data be placed wholesale in the hands of the State.

Individuals need to retain their utmost privacy rights, which should mean any and all data belongs to THEM in the first instance. Thus, all data should be encrypted at the highest possible levels, with the strongest protocols and algorithms, and only decrypted with the consent of the individual - for discrete and lawful purposes.

No longer will we tolerate the State abusing its powers, nor will we continue to aid and abet them in debasing both democratic values and the rights of billions of global citizens.

Mea Culpa, Mea Culpa, Mea Culpa....."

Gerard van VoorenOctober 27, 2015 2:28 AM

@ Unknown,

> Sure, I can use black screen to do something, but to be honest Linux is still
> not user-friendly.

> For example (half-true story):
> "Why I can't play XXX on Linux? Why I can't execute ~~~.'exe' file?"
> "Why the layout is different than Microsoft Office? Whaaa I'll lose my job!!!"
> "When I run (some harmful command) from this forum, I lose all my files WTF"
> "No Antivirus software? Linux security is worse than Windows!"

That reminds me of Manuel in Fawlty Towers. The guy who was not trained well and because of that he made lots of stupid errors. The answer here is training. Start with the basics and then advance. It will take time but it is also a learning experience.

> ......Several years ago, I've convinced employer to use Linux, and today everyone use Linux
> in my company.

Good, and if you really want to make it work, take the next steps.

keinerOctober 27, 2015 3:16 AM

Problem with linux is sometimes that you need some more-than-basic knowledge to make it run from the start or to get it running again.

And then some forums to make to wait some days for an unfriendly reply ("read man page" [just some hundred pages of options and cryptic explanations], "open console and execute some hands full of commands, eeeh btw as root...") is really frustrating for starters.

A more helpful attitude and more service-oriented programmers attitude would help a lot. I tried to switch to opensuse in 2005 and gave up due to limitations in time. Tried it again 2 years ago and it worked! Next thing is PC-BSD, but that's hard piece of work, got it up and running, but would like to get Truecrypt installed, that's not straight forward...

As long as in the professional sector Windows is the standard (for submission to customers/regulatory agencies) there is no way to really get rid of it, but one can at least kick out all Windows in the private sector (I'm not a gamer...).

ianfOctober 27, 2015 4:11 AM


Are you for real, Gerard van Vooren?

[Linux problemology] reminds me of Manuel in Fawlty Towers. The guy who was not trained well and because of that he made lots of stupid errors.

Manuel, the middle-aged Portuguese janitor/ waiter character in “The Fawlty Towers” was written explicitly as a foil (“a person or thing that contrasts with and so emphasizes and enhances the qualities of another”) for hotel proprietor Basil Fawlty's OCD-stricken/ mano-depressive hyperbolic theatrical persona. As such, Manuel's figure was a caricature (and satire) of the typical English preconceptions of lesser, non-British, folks, just recipients of delusions of British grandeur. What that had to do with your "lack of training" as an explanation for low Linux adoption rate, I wouldn't know. Please pick more appropriate metaphors and similes for your line of thought in the future.

    (BTW. this is not so little reminiscent of one-term-wonder VPOTUS Dan Quayle's complaining of a Murphy Brown's loose morals on account of her deciding to bring up a kid on her own. A character in a TV soap of all places! Perhaps DQ should have sponsored a bill to train prospective fictional characters better!)

blakeOctober 27, 2015 6:22 AM

> First, we need to ensure across the Atlantic that people's legal rights move with their data.

Um, no. *First* you stop sharing data illegally. Second, figure out if - and then how - personal rights move with private data. *Only then*, once the protections are in place, is it actually legal to move that data.

If you're currently doing something you find out is illegal, that doesn't mean you get to keep doing that illegal thing while you figure out how to make it legal again.

Gerard van VoorenOctober 27, 2015 11:54 AM

@ ianf,

> Are you for real, Gerard van Vooren?

Take it the way you want it. John Cleese mentioned it explicitly in an "after talk" about Fawlty Towers. The Manuel character represents a guy who is "cheap" because he lacked skills and there was no way that he would be trained, he was only nagged.

The thing here is that people want to use Linux, expect that others have knowledge about it, which they don't have of course, and then blame Linux.

I mentioned the Manuel character as a funny reminder that you need skills and when you lack these you need to be trained or else it's just waiting for the train wreck.

Very much off topic btw.

C is for CuriousOctober 28, 2015 8:54 AM

@ Miguel Sanchez
"Considering that the very worst "hacktivism" done in the past ten years was by a group under the control of the FBI, I am not too worried about it."

Activism often takes on a sustained persistent path but in present days doing illegal computer activities under broad daylight lands one in jail in a very short period of time.

@ Clive Robinson
"The first step, ditch the US dollar as the world trading currency, and force the Fed to return all reserves held "on behalf" of other nations, which the Fed has effectively misappropriated."

I doubt it's that simple. The US dollar came to be a trading currency not by choice (and definitely not by force) but thru clever foreign policy shaping of complex socio-economic interests not just of the host but also of foreign nations.

Clive RobinsonOctober 28, 2015 10:47 AM

@ C is for Curious,

Whilst the US dollar might not have become the world trading currabcy by force (though WWII did it great favours), the USG and Fed Reserve have done what ever they can to keep it the world trading currency. Some sincerely belive thr war on terror and the invasion of Iraq whilst being partly about oil, were in fact to keep the US Dollar as the trading currency. The layest round of US Trade Treaties can be quite easily be shown to be "more of the same".

What the USG is most frightened about is where the tipping or snap over point is likewise the Fed Reserve. Which can be seen as why the FR is hanging onto other countries gold etc with a tenacity that would otherwise suggest significant fraud on their behalf.

If the USG&FR alowed another currency to get even close to a trading currency, then a tipping point would be reached, where the choice would quickly mean the dollar would lose status and thus value. The fact other countries have the misfortune to have significant US Bonds helps the US. But in the not to distant future the value of the USD is going to take a significant hit and it's value drop significantly. The fact that the US is more importer than exporter in many significant areas means that this little game of Security Theater will along with defence spending cause a faster escalation and a spiral in a downwards direction...

The Euro had a chance to be the world trading currency prior to the Iraq invasion but chose not to make the push, and has thus missed the train on it. However even though the Chinese economy has slowed they can still due to being a major exporter push for trading currency status. However many in China appear to be hedging their bets and getting their money out of China, who in turn are starting to make illegal certain financial behaviours.

Time will tell but more than a few business analysts know that the Dollar is now a "Camembert Currancy" and thus are treating it as a "hot potato".

LomoOctober 28, 2015 6:52 PM

@ Clive Robinson,
"Time will tell but more than a few business analysts know that the Dollar is now a "Camembert Currancy" and thus are treating it as a "hot potato"."

The question remains how is value measured. Some would say weigh in gold, as you did, some may say crude, now saturated by not only alternative energy but alternative repositories. Gold on the other hand a market rigged to the core and rightfully so. Thereby we can establish the value of a dollar is either seriously rigged or immeasurable. Any claims of such is counter intuitive to core issues. On the grand global scale, money itself does not matter. However, luckily most of us still live by it because it's essential to our daily lives. Without FR or a system in place, there would be no peace.

Bill the CatOctober 30, 2015 5:48 AM

Brad Smith is a Bad Guy. Brad Smith almost singlehandedly introduced the *idea* of widespread (ab)use of software patent lawsuits to Microsoft. He virtually invented the mass patenting of intellectual property as a means of retarding innovation, er, I mean excluding competitors, in the software marketplace.


Before Brad Smith had Microsoft's ear, there was not the widespread abuse of the patent system. Gate's has a famous quote from 1991 in which he says :


"If people had understood how patents would be granted when most of today’s ideas were invented, and had taken out patents, the industry would be at a complete standstill today.” Mr. Gates worried that “some large company will patent some obvious thing” and use the patent to “take as much of our profits as they want.”"


At his urging, circa 2002, Microsoft began patenting everything it could and enforcing those patents through lawsuits. The software industry followed suit and the rest is history.


It's not often that something as intellectually bankrupt and morally degenerate as the practice of "software patents" - patents on acheiving an ends in software *no matter how that ends is achieved* - can be traced to the actions of one person, but with Brad Smith, it's not too much to say that the software patent landscape we have today we owe directly to him.


Here's the larger lesson. We need to rethink the role of the university in society. We're still being guided by the notion that an education "broadens" a person, makes them more thoughtful, more sensitive to injustices, somehow a better citizen. This is almost certainly wrong. The net effect of university education is to differentially empower some citizens and give them the means to achieve their selfish, amoral ends, ends which are promoted and lauded at every stage within the university itself. The research university I attended was explicit in its cutthroat philosophy and the students and professors alike fell in line and embraced what they were told. It's this way pretty much everywhere outside a few, very expensive, liberal arts colleges.


For people living in a certain historical time, it's hard to see the broad, enclosing facts which will uniquely distinguish them in the eyes of future generations. One of those facts is that university promotes and graduates a kind of ammoral technocrat; someone who is comfortable and even feels justified in his or herself disadvantaging and disabling the lives of great masses of people merely to enrich themselves, no matter the consequences.


Regarding software patents themselves, no one has ever made more than a glib and abstract case that software patetns promote innovation. Neither do software patents result in a more equitable distribution of income. On the other hand we do have the strongest kind of proof possible- a proof by existence ("before you stands the very thing to be proven") that software innovation, and economic opportunity, flourishes in a patent free environment. That proof would be the Cambrian explosion of software which took place betwen 1980 and 2002.

I mention this only to make it obvious that no one- at all- believes that software patents are anything but an attempt by the .01% to roll up from others the opportunities they themselves benefitted from and by which they made their fortunes. Software patents are nothing but a means through which the fortunate increase their fortunes at the expense of other people's economic opportunities.


Brad Smith parades himself around The Hague and elsewhere as a serious intellectual and thinker. What he really is is an amoral opportunist operating on sociopathic prnciples which all his life have gone unchallenged and uncontradicted and rewarded. Simply put, Brad Smith is a very bad man who does very bad things to people less powerful than himself. He has of course mastered the ability to present himself and his actions as otherwise, but that's all it is, a presentation. He is a man who has made his fortune and his career on what he must know is a massive intellectual falsehood and the systematic undermining of one of the major engines of potential economic justice in the 21st century. There is no reason to take anything he says on any topic at face value.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.