53 comments

[ 4.8 ms ] story [ 111 ms ] thread
This is great, but misses one important fact. Knowing the level of corruption in the Brazilian government, this assumes no one who works on the optics can be bribed by the NSA. I suspect that is improbable.

Short of doing like the DOD does for their classified dark fiber, where they put each strand in a metal pipe, which is pressurized with gas and monitor the pressure in the pipes. When the pressure changes (due to a break in the pipe or someone trying to tap into it), heavily armed security will be dispatched to said location with a quickness.

Not sure where you heard the pressurized metal pipe thing; pretty sure these inline encryption devices are the norm though...

http://www.gdc4s.com/products/secure-voice-and-data-products...

I've got a family friend who is a backhoe operator in Baltimore. He was unfortunate enough to accidentally breach one of those pipes containing sensitive fiber optics and was surrounded by DoD armed guards. Listening to him tell the story is pretty funny.

This type of thing, but that is just from a very quick google: http://www.google.com/patents/US5218197

>This is great, but misses one important fact. Knowing the level of corruption in the Brazilian government, this assumes no one who works on the optics can be bribed by the NSA. I suspect that is improbable.

It likely doesn't matter in any case. Read up on the USS Jimmy Carter. It's likely that this submarine has the ability to directly tap into undersea cables.

Can you not have end to end encryption of the frames that go over the wire? I guess it's immensely expensive when you're transmitting at 100Gb/s.
I'm sure you can, and cost isn't really an issue for the various three letter US agencies. They still treat tapping into said encrypted comms lines as a hostile act.
The practice of pressurizing conduit and insulation sheaths is meant to keep water out. I don't think pressure is likely to be the best way to localize a fault. There are other types of sensors that can locate a fault in a fiber optic line.
Indeed, but if only the outer pipework or the isolation has been damaged, then a pure fiber-optic measurement will not detect the compromise.
From Brazil’s rejection of American IT products alone, it is estimated that American firms will lose out on over $35 billion in revenue over the next two years. Yet, they still listen to Justin Beiber.
I fully support the creation of redundant fiber optic links for the purpose of routing around listening to Justin Bieber.
(comment deleted)
I think this is good news. Multiple paths to pass information is a good thing for the world, independent of the reasons behind it.

But I don't think the economic impact, with American firms losing revenue is nothing more than political PR blablabla. Market forces (price and quality) still drives a lot of traffic from Brazil to USA. For example, there is no hosting solution or email provider in Brazil that comes close to using dozens of american firms.

Of all the startups here in Brazil I would guess that 80% use servers from american firms (AWS, Microsoft Azure, Softlayer, Digital Ocean and many, many others). Our local host solutions are used mainly for amateursih website hosting (of local restaurants and small non-tech companies).

A possible law forbidding national companies to use data centers out of Brazil is being discussed around here. And the general reaction among national startups is "if this happens, we are all fu". There is simply no local solution in quality and price anywhere near those big american ones.

But, again, despite market forces still going to drive a lotof traffic to USA, I think it is a good idea to have alternatives. For sensitive government and academic data at first, but maybe creating the environment to better infrastrucuture companies rising in Brazil or Europe.

On the plus side building something like this establishes a capability and track record, and could be of future benefit for contracts abroad.

In a similar sense a push to getting more than 20% of your local startups on local hosting - which is already quite a good number - might attract foreign customers.

Long term the economic impact might be worth talking about but in the immediate term I agree that it is just noise.

Main problem with local hosting solutions is pricing, I think.

I can get a DO VPS machine with a reasonable performance for US$ 5/mo, while most known Brazilian providers would set me back about US$ 20/mo for a similar machine. If latency is not a big issue for you, it just doesn't make sense to host it here, unfortunately.

With AWS having brazillian hosting and established firms already there operating at a high price, it does seem like the skillset is in place for someone in brazil to do something entrepreneurial.
What exactly do you mean?

Are you talking about undercutting Amazon's price? The prices are that hight because of taxes, nobody can undercut them on Brazil.

No I am talking about undercutting the other local Brazillian businesses.
And DO is still more than 2 times as expensive as OVH is. Which is why I host in the EU, getting more security for less money.

TL;DR: OVH provides more “fuck murica”[1] on the euro than DO.

— [1]: This is not meant against the people of the US, but its government and secret agencies.

Announcements like this are a huge incentive for large Brazilian firms to get into the cloud hosting space, reminiscent of one large American e-commerce company (whose name happens to be a river of Brazil) entering the cloud hosting market. The prices offered by hosting services here are largely the result of a massive investment, so the first Brazilian firm that can make such an investment can offer competitive prices and learn from the mistakes that firms here made (e.g. AWS dashboard devolving into an enigma of overlapping tools).

In a country that has one of the fastest growing economies of the world, and where the government is publicly wary of American IT companies, affordable and local cloud hosting will certainly happen soon.

Do you know a Brazilian company that has the knowhow to face Amazon/Microsoft though? Any time "cloud computing" is mentioned is Brazil it's nothing more than traditional datacenters and virtual machines. Nothing close to the wide range of cloud services that AWS/Azure provides.

The Cisco InterCloud initiative might be an option for independent Brazilian datacenters to improve their service and offer something close to AWS/Azure (although much less flexible).

> Do you know a Brazilian company that has the knowhow to face Amazon/Microsoft though?

Doesn't matter if there are contracts or laws forbidding doing business with American entities.

Even if they can't compete at first, though, this gives them impetus to learn.

Digital Ocean is pretty encouraging proof that the giants can be beaten, they were only founded 3 years ago and haven't raised much investment.
Both AWS and Azure have local datacenters in Brazil. That would should be enough for the laws being discussed around keeping data geographically within the country.

One important point though is that they have been traditionally charging in USD, so the financial processes might not be aligned yet.

The NSA can tap communication cables in the deep sea. Tapping cables in Brazil on land shouldn't be much of an issue. Also the alternative to US telecom equipment is Chinese, and well, I wouldn't trust that either.
I appreciate the effort but 1) If the NSA really wants the data they will pull the cable up and put a tap on it like they are doing now. 2) Even if not "buying American" on the hardware, they will at some point end up on an American network[0] and the NSA will get the data anyways.

What we really need is another Snowden to grab recorded private phone calls of Congress. I'd imagine we would see their funding dry up rather quickly (then again they didn't seem to mind the CIA's adventures).

[0] - http://en.wikipedia.org/wiki/Tier_1_network

The more powerful politicians that run Congress cut off limbs to maintain the system, when necessary. That's exactly what they did to Frank Church.
I'm confused by this. Frank Church was a pretty powerful politician, chair of the Senate Foreign Relations Committee, I believe. Who did what to Frank Church?
From what I understand, there were political consequences to challenging the espionage state, in which Church was marginalized his last term and pushed out. Most of Church's outspoken efforts against the espionage system took place after his 1974 re-election. It's not quite as bad as Otis Pike, but then Church was more powerful -

http://pando.com/2014/02/04/the-first-congressman-to-battle-...

As an undergrad I had a job working as a ecologist for the Highways Agency in the UK. My job was to perform endangered species surveys and supervise roadworks sites to make sure they didn't cause (too much) ecological damage.

One job I worked on was resurfacing 12 miles of road in Somerset. At one stage I was supervising a crew as they dug out a trench beside the road overnight. After a couple of hours, a blacked-out 4x4 rolled up to the site and out get three guys in suits demanding to see the site manager.

It turned out the JCB bucket had damaged the tunnel housing a major national fibre-optic link and they had detected the damage. We uncovered the damaged concrete housing and they had a crew come out to repair it.

Moral of the story: at least in the UK, the integrity of cable networks is remotely monitored. I wouldn't assume the NSA can easily tap into a major fibre-optic cable without being detected.

Interesting story. Maybe those guys in the dark glasses and suits weren't the cable provider, but the NSA! The fibre provider hadn't noticed.
Hah, I didn't consider that! I expect that GCHQ happily share the data with the NSA so they don't need to get it from direct taps. So I think it's more likely they were who they claimed to be.
Surely its cheaper to drop a stack of servers at the start point and end point, treat everything in between as hostile and encrypt the hell out of it for transit over the open internet?
In an ideal world, any traffic entering and leaving a private network would be encrypted, but the issue is with near-realtime services like VoIP and remote presence where latency isn't acceptable. When you add the large number of users that use these networks, the amount of hardware for both redundancy and performance load balancing becomes a problem.
I don't see how this is a problem? You just saved a ton of money by not building a cable.

The WACS cable (a fairly minor project) cost well over half a billion USD. I'm pretty sure that with half a billion I can do quite a bit of realtime encryption....

Brazilian government probably has its own NSA, as it is a perfectly socialist government.
NSA is part of military, not a part of police force. Socialism or capitalism - this is irrelevant. As long as country has aggressive foreign "interests", organization such as NSA is a nice tool to have.
It's relevant because a Capitalist nation properly has a very small, very limited government. Under Capitalism, taxes - to the extent they exist at all - are supposed to be extremely limited. See: US in 1910.

You can't fund the military industrial complex with anything other than a modern welfare state, backed by something like the Fed. It would be impossible under Capitalism. That switch-over happened with WW2 in the US, with the massive enlargement under FDR of the federal government.

So the US is what? Communist? Capitalism, socialism, communist... none of that matters when national interests (of the elite) are at play.
The US is a very large, highly regulated, highly taxed welfare state, in which the total government system spends roughly 40% of the economy (that's about as far from the structure of spending that a Capitalist government would have as you can get). It hasn't been a Capitalist nation in a very long time. 30 or 40 years ago, it might have been a mixed economy. Regulations and the breadth of taxes have grown substantially since the early 1970s.
“That's libertarians for you — anarchists who want police protection from their slaves.” :)
I hope that is irony because I can't believe someone is so ignorant of Brazil to be able to say such things and believe they are true.

This country went from a colony, to an empire, to a monarchy, to a republic, to military dictatorship, rinse, repeat and is now currently a democratic republic. We just had presidential elections last month.

If you're going to talk about some country please do your research.

Yes, it has. No it does not do the same kind of population monitoring.

Brazilian budget is much more transparent than the US, and the Brazilian ABIN does not have enough physical space, energy, and staffing to pull out a NSA-like "let's gather dirty about everybody" initiative.

And this is the reason why Google is that worried about 'european privacy'. Being less reliant on american companies is not that bad for the rest of the world.
(comment deleted)
Article says they're not using any American firms for the infrastructure. This just makes me wonder what companies are they using (Chinese maybe???), and why/how do they trust those people not to spy on them.
They can't seriously trust them (or anyone, for that matter). It's just PR, as usual. Some friends of the government are likely expanding their wallets.
They don't have to trust them entirely. They just have to trust them more than they trust us.

Honestly, I'm not sure I blame them. At this point, I'm not even sure I trust us to do the right thing and I live here.

(comment deleted)
This is a political editorial, and those are off-topic for HN. If anyone can suggest a more substantive article on the same topic, we can change the url.

Edit: I originally wrote "masquerading as news", but someone emailed to complain that such language suggested deception where there wasn't any. I didn't mean it that way, and have tried to make the point more clearly.

So essentially the Brazilian Intelligence Agency is creating their own network so they can spy on their citizens and foreigners using their internet. I wonder if they'll be selling and trading data from it to other countries.