Forgot your password?
typodupeerror
Privacy United Kingdom United States

The Patriot Act and the EU Cloud 176

Posted by samzenpus
from the lets-see-what-you-got-there dept.
ISoldat53 writes "Gordon Frazer, managing director of Microsoft UK said that the Patriot Act allows government access to data in its cloud services even in Europe. Though he said that 'customers would be informed wherever possible,' he could not provide a guarantee that they would be informed if a gagging order, injunction or U.S. National Security Letter permits it."
This discussion has been archived. No new comments can be posted.

The Patriot Act and the EU Cloud

Comments Filter:
  • by Anonymous Coward

    So basically the U.S. Patriot Act is making "cloud" storage a useless technology.

    The Internet will hopefully route around the "cloud".

    • by Seumas (6865) on Wednesday June 29, 2011 @09:40PM (#36618534)

      No, the US Patriot Act is making political geographical borders a useless invention. That you are across the ocean, with your own history, culture, laws, government, and values is of no consequence to us anymore.

      • by vux984 (928602) on Wednesday June 29, 2011 @09:46PM (#36618562)

        To be fair... its only because they can address the letter to microsoft, which is in its own juridiction.

        All this means is that a multinational can't move part of its assets to europe and then have immunity to the us govt.

        If MS wants immunity, it has to leave America.

        • by AHuxley (892839) on Wednesday June 29, 2011 @10:04PM (#36618650) Homepage Journal
          If the US has a base, is friendly with a nation or your telco loops data via friend of the US or a country with a US base ....
          Your data is now US data and has been for many years. The problem with the Patriot Act is you not just been watched anymore.
          Think hard before you share too much data with anything US on a network.
        • by rtb61 (674572) on Wednesday June 29, 2011 @11:05PM (#36618976) Homepage

          Patriot Act has nothing to do with it. Long ago foriegners were denied all rights by the US government, in fact in US police agencies are entitled to break all other countries laws and US law, even when those actions would be illegal in the US.

          Making it public that M$ would have over private information from other countries once in it's cloud at any request of any US government agency, has pretty much crippled the M$ cloud and prevented from doing any work for any foreign government agency.

          In fact that kind of delcaration put's into doubt the trust of any M$ software, when updates and patches are delivered direct from the US and US government agencies can legally corrupt those patches in direct contravention to local foreign laws, leaving M$ under the gun for criminal conspiracy to corrupt computer networks and the executives would be subject to extradition or the whole extradition system when tied to the US would collapse.

          • Let's be fair here shall we... It is not just MSFT that is buggered, but Google, Apple, Amazon, etc, etc, etc...

        • To be fair... its only because they can address the letter to microsoft, which is in its own juridiction.

          All this means is that a multinational can't move part of its assets to europe and then have immunity to the us govt.

          If MS wants immunity, it has to leave America.

          And this is also the way it works in Europe, or Belgium at least: if police have a search warrant they can also search the local network and all connected servers that can be reached through normal operations even though they might be physically located outside of belgian police jurisdiction.

        • by mcvos (645701)

          But what would happen if the EU had a law that prohibits such access to cloud data? (This might already be the case, actually. The EU does have some privacy laws.) It sounds like no company with cloud services could have a base in both the EU and the US.

      • Re: (Score:2, Insightful)

        by unity (1740)
        Yet another reason to support Dr. Ron Paul for president.
        • by Wyatt Earp (1029) on Thursday June 30, 2011 @01:04AM (#36619614)

          Good luck with gay rights, gay marriage, Abortion rights at the national level with Ron Paul as President.

          • Also be sure to pick up your dystopian future gear beforehand. Hoodie trenchcoats, regular and fingerless gloves, a good set of goggles, some good bladed weapons and giant anime handguns (there's a .50cal enthusiast on here who could help, forgot his name), gas masks, some Mad Max/ZAV-style vehicles, plenty of computers, and some land in the country to build a bunker on (be sure to leave enough room for a moat or spike pit).

            Common bad purchases to avoid:

            S&M gear (seriously, this won't help)
            Giant anime s

            • I think you are referring to the S&W 500 [wikipedia.org] which is a .50 hand cannon of a revolver. Also there is the draco pistol [google.com] which is a pistol form of the AK which still shoots the 7.62x39 rifle round or the AR-15 pistol [olyarms.com] which shoots the 5.56x45 (.223) rifle round.
          • by unity (1740)
            i actually prefer his solutions to those issues.
            There should be no "gay rights". You have individual rights, they should be the same for everybody.
            Get the government OUT of marriage. Marriage licensing by the government originated as a way to keep whites and blacks from marrying. Let's eliminate state-sanctioned marriage and return it back to where it came from, chuches or individual private ceremonies.
            Well I'm pro-life, but even then his solution is to return it back to the state level. Let those
      • by Osgeld (1900440)

        yes because political influence across boarders and geographical boundaries has never ever happened before microsoft, the cloud, and the patriot act, all in man's history

      • by Snaller (147050)

        "That you are across the ocean, with your own history, culture, laws, government, and values is of no consequence to us anymore."

        It was never of consequence to America - but you used to have to invade other countries before you forced your will on them.

    • by c0lo (1497653) on Wednesday June 29, 2011 @10:11PM (#36618692)
      This [despair.com]: "GOVERNMENT — If you think the problems we create are bad, just wait until you see our solutions."
    • by Osgeld (1900440)

      the cloud storage is making the cloud storage a useless technology

      not that 99% of the fuckwits on this planet even understand what cloud means, even ouside of a computer context

      • I'm pretty sure that no matter what, it means lots of moisture. That means you'd better hope they keep those servers under some sort of umbrella or something. You should water-proof your data too, just to be sure.

  • by Scareduck (177470) on Wednesday June 29, 2011 @09:19PM (#36618432) Homepage Journal

    Just plain stupid for customers. No control over your data.

    • Er, presumably if there were such a National Security Letter, housing it yourself wouldnt give you much choice in the matter either; you would be forced to turn over the data regardless.

      This article is basically an excuse to rail at the cloud and at the US government, but it really doesnt reveal any new information.

      • by Registered Coward v2 (447531) on Wednesday June 29, 2011 @09:34PM (#36618504)

        Er, presumably if there were such a National Security Letter, housing it yourself wouldnt give you much choice in the matter either; you would be forced to turn over the data regardless.

        This article is basically an excuse to rail at the cloud and at the US government, but it really doesnt reveal any new information.

        Actually, TFA has a snippet that is interesting:

        Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based).

        While the focus is on the US Patriot Act; that quote implies that cloud based data is essentially subject to any local law and that privacy laws don't protect someone if the law requires access outside of the jurisdiction covered by privacy laws. A local subsidiary would cough up the information, as required by law, not the one where the data may have originated and is covered by privacy laws.

        Carried to an extreme, MS is saying that loud based computing renders privacy laws moot. It also means that presumably protect information could be accessed by any state that wishes to pass laws granting itself access (if a company has a subsidiary in that state).

        While the US may be at the vanguard, the implications go far beyond there.

        • by zill (1690130)

          What if US-headquartered companies created local shell corporations that owned the actual cloud servers? Could that circumvent the USA PATRIOT Act?

        • by Intrepid imaginaut (1970940) on Wednesday June 29, 2011 @10:12PM (#36618698)

          Which is of course utter nonsense, if the information of European citizens is being demanded by US authorities, that violates the stringent privacy laws in the EU. It comes down to whether or not Microsoft wants to do business in the EU. Handwaving about the cloud means nothing.

          • In the real world if the CIA wants something they will invoke whatever secret agreements that are in place with their EU counter-terrorism buddies and it will be all hunky-dory.

          • by sumdumass (711423)

            If that information resides in a Chinese server, EU privacy laws wouldn't apply either. If you put your information outside the jurisdiction of your laws, why do you expect those laws to trump other laws. The cloud is global and if you put your information in a UK cloud, and part of it, including the command and control is in the US or any other country, you better expect those local laws to apply too.

          • Which is of course utter nonsense, if the information of European citizens is being demanded by US authorities, that violates the stringent privacy laws in the EU. It comes down to whether or not Microsoft wants to do business in the EU. Handwaving about the cloud means nothing.

            I believe there is a broader issue here - even though everyone seems to focus on the US - once information on EU citizens leaves the EU it will become fair game for the authorities in whatever state it comes to rest. A non-EU company has no obligation to follow EU rules; especially when faced with laws in their own country that run counter to EU law. EU citizens may think that the EU privacy laws provide them with strong protections against their information being shared with non-EU entities but I think, in

        • by PMuse (320639)

          Laws mostly control people. If you give a person (cloud provider) control over your data, you have just subjected your data to every set of laws that has a hold over that person. In today's example, MS has most of its assets in the U.S., so MS will do with your data what the U.S. says. Duh.

          Precious few service providers will undertake to protect you when it means losing their own assets, personal freedom, or even just right-to-do-business. Show of hands, now: who really thought they would?

        • by The Second Horseman (121958) on Wednesday June 29, 2011 @10:41PM (#36618846)

          Try getting a company like Google or Microsoft, when they're trying to sell you hosted services, to say anything other than "we comply with lawful requests for information from governments". Note that they don't just mean your government. They mean the government of any country, and if it's a country they do business in, they have to weigh your business against access to an entire market. Which do you think they'll choose? They may try to dodge by only hosting the information in some geographical locations, but that doesn't help much.

        • by gstoddart (321705)

          Actually, TFA has a snippet that is interesting:

          "Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based)."

          While the focus is on the US Patriot Act; that quote implies that cloud based data is essentially subject to any local law and that privacy laws don't protect someone if the law requires access outside of the jurisdiction covered by privacy laws. A local subsidi

        • privacy laws? what are those?

          seriously.

          as we pour water into the sieve, it leaks out....

      • Depends (Score:4, Interesting)

        by Roger W Moore (538166) on Wednesday June 29, 2011 @10:17PM (#36618724) Journal

        Er, presumably if there were such a National Security Letter, housing it yourself wouldnt give you much choice in the matter either

        Actually it would since my house is in Canada and I'd politely inform them that they'd need to talk to the Canadian government and, if they agree, have them make the request. Similarly in the EU US government demands are worthless. Canada and the EU (or at least the UK) have intelligence sharing treaties with the US so they can get access to the data but only if they ask and convince the local government first and it is in compliance with local law.

        This is exactly as it should be. MS could end up in real legal trouble if the US government forces them to disclose data on their EU servers in contravention of EU privacy laws.

        • by jimicus (737525)

          Canada and the EU (or at least the UK) have intelligence sharing treaties with the US so they can get access to the data but only if they ask and convince the local government first and it is in compliance with local law.

          I wonder - how long does it take such a request to be processed and how often on average do they fail to convince the local government?

          • I don't know but why is the actual number of times they are failed to be convinced useful information? It should depend on how much evidence the US government has when it asks so, without knowing this, how can you tell whether the correct decision has been made? Having a 90% reject rate where 10% are let through on flimsy evidence because it was felt that you could not deny all US requests would be far worse than having a 0% rejection rate because the US government presented strong evidence each time.
      • by shentino (1139071)

        Doe v. Ashcroft may have something to say about that.

    • You ALWAYS have the ability to encrypt anything you put in a cloud, or anywhere not on a system you physically control. It's just as stupid to put something crucial on a server that you own in a rack, than it is to put it on any "cloud"... you are just one FBI raid away from the child porn server in the rack above your your box being taken and given a total scan.

  • by Anonymous Coward

    So who exactly would be dumb enough to store terror plots in the cloud? And which requests would be sans gag order? 0.

    • it happens when things get cached in places you don't expect. When tools you think are safe are not. How are YOU to know where data is hosted, its just all out there, maaaan.. (keep your enemies close!)
    • by wdef (1050680)
      What makes you think the Patriot Act is about foiling terror plots? Just because they say it is?
  • Government Agents (Score:5, Interesting)

    by jrumney (197329) on Wednesday June 29, 2011 @09:26PM (#36618468) Homepage
    If private US corporations can be used by the USA to extend its intelligence gathering reach like this, does that mean their employees can be treated as government agents by non-US law enforcement agencies? Could a privacy breach turn into an espionage case because of this? It'd certainly make me think twice about accepting a job for a US based company.
    • It's worse than that. Government agents have done industrial espionage on behalf of private enterprise at times as shown in the Boeing vs Airbus case. Hosting companies could be asked to hand over data just because it may be useful to a well connected competitor.
    • Every country on the planet performs some form of intelligence gathering. It is not a US only issue although a disturbing amount of people think nobody does it besides the US. Even countries friendly with one another spy on each other. It is SOP in international relations. When someone gets caught they usually just swap compromised spies and go on their merry way. Cloud or no cloud the NSA has the means to capture, filter, and process almost all of the Internet traffic. The architect of the system balked w
      • by jrumney (197329)

        Every country on the planet performs some form of intelligence gathering.

        Of course they do. The difference here is that the US seems to be compelling private US companies to do it on their behalf.

        • I am not condoning it but the government is just taking advantage of the resources available to improve their intelligence gathering. Why bother infiltrating a company to tap their com lines when you can just ask the company up front for access. Of course if the company happens to be the target of the investigation I imagine some sort of covert infiltration and tapping would come into play. Plus the companies are not supplying data streams to the government they are agreeing to provide access to the govern
  • There is only a small conflict of interest in Microsoft delaying the move towards the cloud where they have far less dominance.

  • Use a cloud company with no US operations whatsoever.

    • by gstoddart (321705)

      Use a cloud company with no US operations whatsoever.

      No, the obvious solution is to store your own data on your own servers, and make damned sure there is no US company that has access to it which will be covered by this law.

      Governments putting their information into the cloud are being stupid if they don't realize they've given up the sovereignty of their own data. It's fairly obvious that if you're not controlling physical access to it, you don't know who is.

      With the Patriot Act, the US has more or less

  • "Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities. "

    What doesn't fall under that? To be free of any potential US influence, EU users and companies should make sure the places they do business with have no ties to American companies? Sounds like ISPs, CDNs, web hosts, etc can be asked or forced to comply with government demands. It won't surprise me if there's

  • by Anonymous Coward on Wednesday June 29, 2011 @09:36PM (#36618520)

    Who in their right mind would store their sensitive data in the cloud and not encrypt it locally first? That seems crazy. Patriot act or no, it's nuts.

  • leave the USA (Score:3, Insightful)

    by Anonymous Coward on Wednesday June 29, 2011 @09:41PM (#36618542)

    lets bail on this police state run by fascist idiots. leave before they won't let you. the businesses had the right idea going overseas. Microsoft should relocate to.

    • by c0lo (1497653)

      the businesses had the right idea going overseas

      Right for who?

      • by Osgeld (1900440)

        anyone that wants a future

        • by c0lo (1497653)

          anyone that wants a future

          I want a future therefore I can only wish the USoA have kept their corporation in their yard! (good for the US businesses doesn't necessarily mean good for everybody)

    • There were a lot of Germans that did that back in the late 1930's. That didn't stop Germany from trying to expand its police state anyways. It is easy to run, to be sure, but that won't actually solve the problem. If you don't want the U.S. to morph into some seven-headed monster of authoritarian imperialism, you have to dig in and make a stand somewhere.
  • by Sipper (462582) on Wednesday June 29, 2011 @09:42PM (#36618546)

    There are basically two meanings of "The Cloud":
          1) "You don't need to know where your data is"
          2) Rapid automatic server provisioning

    The thing that's wrong about 1) above is that "The Cloud" is sold as "don't worry about the man behind the curtain." Being ignorant about where your data is actually stored doesn't mean that it's safe -- quite the opposite -- it means that there is elevated risks involved. Because laws change with location, not knowing where your data is means not knowing what laws are applicable.

  • by frovingslosh (582462) on Wednesday June 29, 2011 @09:42PM (#36618550)
    What stupidity. If China passed a law that said that they had to be given access to all of the data in all of the computers in the United States, I doubt very much if people would be jumping through hoops to accommodate them. Similarly, the U.S. can claim that it has access to data stored in computers in Europe, but no one should take them seriously.
    • You're missing the point. If Red China passed such a law, Mainland Chinese companies would have to accommodate it. Similarly, US companies have to comply with US law, even for their operations overseas.
    • Everyone should take them seriously. Has it not been demonstrated pretty well that the US can extradite anyone and anything they want in most places in the world? Has it not been demonstrated that they can lie to do this with impunity? There are colossal imbalances in power and the US seems to have no problem whatsoever with exploiting that. There is so much that the US does that is apparently illegal by local, international, and even US law and yet the US is apparently never, ever brought to account ov
    • by gbjbaanb (229885)

      except Microsoft does take them seriously.. So if the US government asked for data from your Azure cloud server, and that server happened to be located in a EU datacentre, then Microsoft would hand it over.

      So regardless of what you think should happen, some homeland-patriot-nutcase-of-america will end up reading your stuff. Get used to it, or don't store your stuff with Microsoft (or any other US based company).

  • They'll just claim the hard drive crashed... sorry it was unrecoverable, you're going to have to reinstall everything...
  • by superdave80 (1226592) on Wednesday June 29, 2011 @10:59PM (#36618932)

    if a gagging order, injunction or U.S. National Security Letter permits it.

    Basically, no one will ever be informed.

  • it's = it is (Score:2, Informative)

    by Anonymous Coward

    Quick grammar lesson:
    "government access to data in it's cloud services even in Europe"
    =
    "government access to data in it is cloud services even in Europe"

    The correct word is "its"

  • by RazorSharp (1418697) on Wednesday June 29, 2011 @11:27PM (#36619106)

    If the Patriot Act is perceived as a threat to 'cloud technology' (I hate the term) then perhaps these tech giants who have the power to ram their agendas down the throat of the government (Microsoft, Oracle, Apple, IBM, Google, ect.) will lobby against the Patriot Act. If the Patriot Act is bad for business then business may actually take the side of the people and try to use their money and influence to do away with it.

    • by Osgeld (1900440)

      business is lazy and greedy, make the right deal for the right price, and make everyone that really matter happy!

  • So they can make these companies give up personal information from people in other countries but they can't make the companies pay taxes?
  • A company only gets things done because its employees do things on behalf of that company. An employee should perform his duties to his employer as detailed in his contract of employment.

    It would be really interesting to see such a contract for an EU based Microsoft employee (Wikileaks anyone ?) — if it says that he must obey USA law then he has a personal problem if such USA law conflicts with laws in his EU country.

    Just being employed by a USA based company does not give an EU based citizen immunity

  • for our 'freedom'.
  • The simplest observation to make is that clouds have fuzzy edges. If your company has any data that is subject to legal consequences when disclosed (and that tends to be the case in about 95% of the information I seem to come across) than the use of cloud services with its lack of definition where information logically and legally resides is absolutely out of the question - it's simply too risky.

    Not only do not have control over the vendor, you also have no control over what legislative environment you dea

The difficult we do today; the impossible takes a little longer.

Working...