[olifante]

UKUSA capabilities ARE far in excess of others. They are the only global adversary that happens to control DNS and the whole certificate stuff. Furthermore, all popular consumer operating systems (Windows, Mac OS X, Android and iOS) are created by American companies who can receive secret orders with gag clauses at any time to introduce custom functionality or vulnerabilities which are only meant for UKUSA use. Additionally, apps are increasingly installed from app stores, which are once again subject to American law. This means that any undesirable app created outside the UKUSA jurisdiction (e.g. Telegram or Threema) could be tampered with at the source. No other nations have ANY of these capabilities.

[Amezarak]

They are not the only ones that can control certificates and DNS. I am not sure why you thought this was the case given it is widely documented (and occurs with some regularity) that we hear about some other country doing one or the other.

One might make the argument that most consumer hardware is not produced in the US. But it suffices to say that if Microsoft or Apple choose to obey a secret order rather than exiting a market of 300 million people, they will do so for other countries.

App Stores are subject to more than American law. For example, there isn't just a single Apple App Store. It's split up.

It is true that the NSA has uniquely easy access to say, Google and Facebook servers and so things are a little easier than just tapping all the fiber. That's precisely so many countries are gung-ho about creating their own, in-state services...so they're the ones with uniquely easy access.

But that's not "far in excess" of others, it just makes the job easier.

[olifante]

As for certificates, it is becoming increasingly obvious that the NSA controls several root certificates and can exert legal pressure if not outright control of many others. They can use this power to perform SSL Man-in-the-Middle attacks. See http://security.stackexchange.com/questions/37216/how-likely..., https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_... or https://digitalelf.net/2013/09/how-the-nsa-is-breaking-ssl/. I don't see how it can be remotely controversial that the US and its allies possess deeply asymmetric power. They have legal power over all popular desktop OSes, all popular mobile OSes, all major cloud providers (Amazon, Azure and Google) and most major social networks. To pretend that other countries have anything approaching this capability is patently ludicrous.

[Amezarak]

You don't need control over the DNS root zone to exert control over DNS. Other countries are well-known exert control over DNS.

The same goes for certificates.

There is no deep asymmetry, other countries already have the powers you are talking about and they are using them here, today, in the now.

You also did not address my point concerning their "legal power" over e.g. Microsoft/Windows and Apple/OS X.

As for cloud providers, they are located all over the globe, and countries they operate in have the same power you are counting the US as having.

[olifante]

Turns out the US has announced earlier this year that they intend to relinquish control of the DNS root zone file. However, this is a privilege that they used to steadfastly hold on to, so its hardly surprising that some people (including me) thought this was still the case.