The Patriot Act and the EU Cloud 176
ISoldat53 writes "Gordon Frazer, managing director of Microsoft UK said that the Patriot Act allows government access to data in its cloud services even in Europe. Though he said that 'customers would be informed wherever possible,' he could not provide a guarantee that they would be informed if a gagging order, injunction or U.S. National Security Letter permits it."
Politics making technology useless (Score:2, Interesting)
So basically the U.S. Patriot Act is making "cloud" storage a useless technology.
The Internet will hopefully route around the "cloud".
Re:Politics making technology useless (Score:4, Insightful)
No, the US Patriot Act is making political geographical borders a useless invention. That you are across the ocean, with your own history, culture, laws, government, and values is of no consequence to us anymore.
Re:Politics making technology useless (Score:5, Insightful)
To be fair... its only because they can address the letter to microsoft, which is in its own juridiction.
All this means is that a multinational can't move part of its assets to europe and then have immunity to the us govt.
If MS wants immunity, it has to leave America.
Re:Politics making technology useless (Score:5, Insightful)
Your data is now US data and has been for many years. The problem with the Patriot Act is you not just been watched anymore.
Think hard before you share too much data with anything US on a network.
Re:Politics making technology useless (Score:5, Insightful)
Patriot Act has nothing to do with it. Long ago foriegners were denied all rights by the US government, in fact in US police agencies are entitled to break all other countries laws and US law, even when those actions would be illegal in the US.
Making it public that M$ would have over private information from other countries once in it's cloud at any request of any US government agency, has pretty much crippled the M$ cloud and prevented from doing any work for any foreign government agency.
In fact that kind of delcaration put's into doubt the trust of any M$ software, when updates and patches are delivered direct from the US and US government agencies can legally corrupt those patches in direct contravention to local foreign laws, leaving M$ under the gun for criminal conspiracy to corrupt computer networks and the executives would be subject to extradition or the whole extradition system when tied to the US would collapse.
Re: (Score:2)
Let's be fair here shall we... It is not just MSFT that is buggered, but Google, Apple, Amazon, etc, etc, etc...
Re: (Score:2)
To be fair... its only because they can address the letter to microsoft, which is in its own juridiction.
All this means is that a multinational can't move part of its assets to europe and then have immunity to the us govt.
If MS wants immunity, it has to leave America.
And this is also the way it works in Europe, or Belgium at least: if police have a search warrant they can also search the local network and all connected servers that can be reached through normal operations even though they might be physically located outside of belgian police jurisdiction.
Re: (Score:2)
But what would happen if the EU had a law that prohibits such access to cloud data? (This might already be the case, actually. The EU does have some privacy laws.) It sounds like no company with cloud services could have a base in both the EU and the US.
Re: (Score:2)
waging a campaign to end a human right in order to stop something is a bit ridiculous isn't it.
It sounds like standard TSA policy to me.
Re: (Score:2)
Who said anything about the US wanting to end all terrorism. We are just happy with fighting a campaign to defeat privacy.
There fixed it for you.
Re: (Score:2)
Let's not ignore some things in order to insert what we want to believe.
http://www.theage.com.au/world/bin-laden-says-us-support-for-israel-prompted-911-monitors-20090914-fnht.html [theage.com.au]
http://www.youtube.com/watch?v=glHHWCyZ9zc [youtube.com]
http://www.google.com/hostednews/afp/article/ALeqM5inV15sHG8BPu-lEEM2m3PtNI9QPA [google.com]
While 9/11 might have been in line with what you posted, Bin Laden himself stated that there were reasons for 9/11 and what those reasons were.
Re: (Score:2, Insightful)
Re:Politics making technology useless (Score:4, Informative)
Good luck with gay rights, gay marriage, Abortion rights at the national level with Ron Paul as President.
Re: (Score:2)
Also be sure to pick up your dystopian future gear beforehand. Hoodie trenchcoats, regular and fingerless gloves, a good set of goggles, some good bladed weapons and giant anime handguns (there's a .50cal enthusiast on here who could help, forgot his name), gas masks, some Mad Max/ZAV-style vehicles, plenty of computers, and some land in the country to build a bunker on (be sure to leave enough room for a moat or spike pit).
Common bad purchases to avoid:
S&M gear (seriously, this won't help)
Giant anime s
Re: (Score:2)
Re: (Score:2)
There should be no "gay rights". You have individual rights, they should be the same for everybody.
Get the government OUT of marriage. Marriage licensing by the government originated as a way to keep whites and blacks from marrying. Let's eliminate state-sanctioned marriage and return it back to where it came from, chuches or individual private ceremonies.
Well I'm pro-life, but even then his solution is to return it back to the state level. Let those
Re: (Score:3)
yes because political influence across boarders and geographical boundaries has never ever happened before microsoft, the cloud, and the patriot act, all in man's history
Re: (Score:2)
"That you are across the ocean, with your own history, culture, laws, government, and values is of no consequence to us anymore."
It was never of consequence to America - but you used to have to invade other countries before you forced your will on them.
Re:Politics making technology useless (Score:5, Funny)
Re:Politics making technology useless (Score:5, Insightful)
Re: (Score:2)
the cloud storage is making the cloud storage a useless technology
not that 99% of the fuckwits on this planet even understand what cloud means, even ouside of a computer context
Re: (Score:2)
I'm pretty sure that no matter what, it means lots of moisture. That means you'd better hope they keep those servers under some sort of umbrella or something. You should water-proof your data too, just to be sure.
More reasons why the Cloud is a disaster (Score:5, Insightful)
Just plain stupid for customers. No control over your data.
Re: (Score:3)
Er, presumably if there were such a National Security Letter, housing it yourself wouldnt give you much choice in the matter either; you would be forced to turn over the data regardless.
This article is basically an excuse to rail at the cloud and at the US government, but it really doesnt reveal any new information.
Re:More reasons why the Cloud is a disaster (Score:5, Insightful)
Er, presumably if there were such a National Security Letter, housing it yourself wouldnt give you much choice in the matter either; you would be forced to turn over the data regardless.
This article is basically an excuse to rail at the cloud and at the US government, but it really doesnt reveal any new information.
Actually, TFA has a snippet that is interesting:
Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based).
While the focus is on the US Patriot Act; that quote implies that cloud based data is essentially subject to any local law and that privacy laws don't protect someone if the law requires access outside of the jurisdiction covered by privacy laws. A local subsidiary would cough up the information, as required by law, not the one where the data may have originated and is covered by privacy laws.
Carried to an extreme, MS is saying that loud based computing renders privacy laws moot. It also means that presumably protect information could be accessed by any state that wishes to pass laws granting itself access (if a company has a subsidiary in that state).
While the US may be at the vanguard, the implications go far beyond there.
Re: (Score:2)
What if US-headquartered companies created local shell corporations that owned the actual cloud servers? Could that circumvent the USA PATRIOT Act?
Re: (Score:2)
If you are a US company you have to cough up the data.
Re: (Score:2)
Re: (Score:2)
The CIA will not fall for that sort of baloney.
Re:More reasons why the Cloud is a disaster (Score:5, Insightful)
Which is of course utter nonsense, if the information of European citizens is being demanded by US authorities, that violates the stringent privacy laws in the EU. It comes down to whether or not Microsoft wants to do business in the EU. Handwaving about the cloud means nothing.
Re: (Score:3)
In the real world if the CIA wants something they will invoke whatever secret agreements that are in place with their EU counter-terrorism buddies and it will be all hunky-dory.
Re: (Score:2)
If that information resides in a Chinese server, EU privacy laws wouldn't apply either. If you put your information outside the jurisdiction of your laws, why do you expect those laws to trump other laws. The cloud is global and if you put your information in a UK cloud, and part of it, including the command and control is in the US or any other country, you better expect those local laws to apply too.
Re: (Score:2)
I don't know if it says what you think it says. The part that strikes me is where it's an opt in program.
In other words, it's not the intent of the law, it's the intent of following the laws. It's an opt in program and is not required to do business in the EU, but rather to say it follows the EU privacy guidelines.
What you linked to is little more then a stamp or credential much like the energy star green logo
Re: (Score:2)
Which is of course utter nonsense, if the information of European citizens is being demanded by US authorities, that violates the stringent privacy laws in the EU. It comes down to whether or not Microsoft wants to do business in the EU. Handwaving about the cloud means nothing.
I believe there is a broader issue here - even though everyone seems to focus on the US - once information on EU citizens leaves the EU it will become fair game for the authorities in whatever state it comes to rest. A non-EU company has no obligation to follow EU rules; especially when faced with laws in their own country that run counter to EU law. EU citizens may think that the EU privacy laws provide them with strong protections against their information being shared with non-EU entities but I think, in
Re: (Score:2)
Laws mostly control people. If you give a person (cloud provider) control over your data, you have just subjected your data to every set of laws that has a hold over that person. In today's example, MS has most of its assets in the U.S., so MS will do with your data what the U.S. says. Duh.
Precious few service providers will undertake to protect you when it means losing their own assets, personal freedom, or even just right-to-do-business. Show of hands, now: who really thought they would?
Re:More reasons why the Cloud is a disaster (Score:4, Interesting)
Try getting a company like Google or Microsoft, when they're trying to sell you hosted services, to say anything other than "we comply with lawful requests for information from governments". Note that they don't just mean your government. They mean the government of any country, and if it's a country they do business in, they have to weigh your business against access to an entire market. Which do you think they'll choose? They may try to dodge by only hosting the information in some geographical locations, but that doesn't help much.
Re: (Score:2)
Re: (Score:2)
privacy laws? what are those?
seriously.
as we pour water into the sieve, it leaks out....
Depends (Score:4, Interesting)
Er, presumably if there were such a National Security Letter, housing it yourself wouldnt give you much choice in the matter either
Actually it would since my house is in Canada and I'd politely inform them that they'd need to talk to the Canadian government and, if they agree, have them make the request. Similarly in the EU US government demands are worthless. Canada and the EU (or at least the UK) have intelligence sharing treaties with the US so they can get access to the data but only if they ask and convince the local government first and it is in compliance with local law.
This is exactly as it should be. MS could end up in real legal trouble if the US government forces them to disclose data on their EU servers in contravention of EU privacy laws.
Re: (Score:3)
Canada and the EU (or at least the UK) have intelligence sharing treaties with the US so they can get access to the data but only if they ask and convince the local government first and it is in compliance with local law.
I wonder - how long does it take such a request to be processed and how often on average do they fail to convince the local government?
Re: (Score:2)
Re: (Score:2)
Doe v. Ashcroft may have something to say about that.
Re: (Score:2)
Re: (Score:2)
*Actually, I think both legal interpretations are egregious. IMHO, and I'm not a lawyer and certainly not a lawyer specializing in legal jurisdictions involving multiple countries, but if the data center isn't in the U.S., then Microsoft E.U. shouldn't be bound by U.S. laws. Likewise, Yahoo should not have been held liable for the Nazi merchandise viewed
Re: (Score:2)
The EU doesn't particularly like giving all data to the US. Look at the whole SWIFT debacle a few years back.
Re: (Score:2)
Then they just charge you with destruction of evidence.
Re: (Score:2)
Of course, if they're willing to resort to torture to get the password, something tells me you've prolly got far more sinister things to worry about than a mere "destruction of evidence" charge.
Wrong, you ALWAYS have control (Score:2)
You ALWAYS have the ability to encrypt anything you put in a cloud, or anywhere not on a system you physically control. It's just as stupid to put something crucial on a server that you own in a rack, than it is to put it on any "cloud"... you are just one FBI raid away from the child porn server in the rack above your your box being taken and given a total scan.
Re: (Score:2)
Well, the difference would be, if you self-host in the UK, and an FBI agent knocks on your door and hands you an NSL, you can give him the finger and slam the door in his face.
You give 'im a finger and he'll grab your whole arm. (hint: immigrate outside US)
Re: (Score:2)
Hint: UK is not in the US....
Re: (Score:2)
Hint: UK is not in the US....
(Somehow I doubt it).
But assuming you are right, what happens when an FBI agent knock at your door in UK and you give him the finger?
Re: (Score:2)
Presumably he goes on his way. Or does something stupid and gets arrested by UK police....
Re: (Score:2)
Presumably he goes on his way. Or does something stupid and gets arrested by UK police....
And what happens is you host files in UK (cloud or not), the FBI agent shows on your US door, you open it and you give him the finger?
Re: (Score:3)
You don't give him the finger. The correct equivalent English gesture requires 2 fingers.
Re: (Score:2)
You don't give him the finger. The correct equivalent English gesture requires 2 fingers.
To be politically-correct when you live in US (even if not an American), you don't make obscene gestures with two fingers... when one is just enough.
Re: (Score:2)
The fed only shows up if they find something incriminating. I don't really care what you do if you're an actual criminal and you're just trying to get away with stuff. Quick-draw a finger-gun at them if you want.
If they don't find anything incriminating, then your rights are violated without you ever knowing. How will you give them the finger *then*...
Re: (Score:2)
You call the police and report a suspicious fellow pretending to be law enforcement.
Re: (Score:2)
You call the police and report a suspicious fellow pretending to be law enforcement.
For this to happen, you have to self-host (your files) and host yourself outside US. This is why my hint of "immigrate outside US".
Patridiots Act.... (Score:1)
So who exactly would be dumb enough to store terror plots in the cloud? And which requests would be sans gag order? 0.
Re: (Score:2)
Re: (Score:2)
Government Agents (Score:5, Interesting)
Government agents are for hire (Score:3)
Re: (Score:3)
Re: (Score:3)
Of course they do. The difference here is that the US seems to be compelling private US companies to do it on their behalf.
Re: (Score:2)
Guess you should stick to a local MS server then (Score:2)
There is only a small conflict of interest in Microsoft delaying the move towards the cloud where they have far less dominance.
Obvious solution... (Score:2)
Use a cloud company with no US operations whatsoever.
Re: (Score:2)
No, the obvious solution is to store your own data on your own servers, and make damned sure there is no US company that has access to it which will be covered by this law.
Governments putting their information into the cloud are being stupid if they don't realize they've given up the sovereignty of their own data. It's fairly obvious that if you're not controlling physical access to it, you don't know who is.
With the Patriot Act, the US has more or less
Implications outside cloud services (Score:2)
"Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities. "
What doesn't fall under that? To be free of any potential US influence, EU users and companies should make sure the places they do business with have no ties to American companies? Sounds like ISPs, CDNs, web hosts, etc can be asked or forced to comply with government demands. It won't surprise me if there's
encryption. it's the only way "the cloud" is safe (Score:5, Insightful)
Who in their right mind would store their sensitive data in the cloud and not encrypt it locally first? That seems crazy. Patriot act or no, it's nuts.
leave the USA (Score:3, Insightful)
lets bail on this police state run by fascist idiots. leave before they won't let you. the businesses had the right idea going overseas. Microsoft should relocate to.
Re: (Score:2)
the businesses had the right idea going overseas
Right for who?
Re: (Score:2)
anyone that wants a future
Re: (Score:2)
anyone that wants a future
I want a future therefore I can only wish the USoA have kept their corporation in their yard! (good for the US businesses doesn't necessarily mean good for everybody)
Re: (Score:2)
"The Cloud" = "Don't know where your data is" (Score:4, Insightful)
There are basically two meanings of "The Cloud":
1) "You don't need to know where your data is"
2) Rapid automatic server provisioning
The thing that's wrong about 1) above is that "The Cloud" is sold as "don't worry about the man behind the curtain." Being ignorant about where your data is actually stored doesn't mean that it's safe -- quite the opposite -- it means that there is elevated risks involved. Because laws change with location, not knowing where your data is means not knowing what laws are applicable.
That doesn't make it so (Score:4, Insightful)
Re: (Score:3)
On the contrary... (Score:3)
Re: (Score:2)
Re: (Score:2)
It's not that. Nobody thinks any other government is pure or righteous either. The US government just seems to have this perception of itself that it's "the good guys" and is surprised that the rest of the world doesn't share this opinion.
Re: (Score:2)
except Microsoft does take them seriously.. So if the US government asked for data from your Azure cloud server, and that server happened to be located in a EU datacentre, then Microsoft would hand it over.
So regardless of what you think should happen, some homeland-patriot-nutcase-of-america will end up reading your stuff. Get used to it, or don't store your stuff with Microsoft (or any other US based company).
Re: (Score:2)
And MS gets sued in teh EU for breach of EU Data privacy laws....?
Re: (Score:2)
well, lets hope so :)
They'll claim the hard drive crashed.. (Score:2)
customers would be informed wherever possible (Score:4, Informative)
if a gagging order, injunction or U.S. National Security Letter permits it.
Basically, no one will ever be informed.
it's = it is (Score:2, Informative)
Quick grammar lesson:
"government access to data in it's cloud services even in Europe"
=
"government access to data in it is cloud services even in Europe"
The correct word is "its"
Good (Score:3)
If the Patriot Act is perceived as a threat to 'cloud technology' (I hate the term) then perhaps these tech giants who have the power to ram their agendas down the throat of the government (Microsoft, Oracle, Apple, IBM, Google, ect.) will lobby against the Patriot Act. If the Patriot Act is bad for business then business may actually take the side of the people and try to use their money and influence to do away with it.
Re: (Score:2)
business is lazy and greedy, make the right deal for the right price, and make everyone that really matter happy!
Re: (Score:2)
They don't. But they do care about losing customers. With all the major investments these companies have made with trying to migrate their users to the cloud, the last thing they could afford is for the public to distrust cloud technologies and revert back to the old ways of storing everything locally.
Pathetic (Score:2)
Companies don't do things, individuals do (Score:2)
A company only gets things done because its employees do things on behalf of that company. An employee should perform his duties to his employer as detailed in his contract of employment.
It would be really interesting to see such a contract for an EU based Microsoft employee (Wikileaks anyone ?) — if it says that he must obey USA law then he has a personal problem if such USA law conflicts with laws in his EU country.
Just being employed by a USA based company does not give an EU based citizen immunity
They hate us (Score:2)
Well, duh.. (Score:2)
The simplest observation to make is that clouds have fuzzy edges. If your company has any data that is subject to legal consequences when disclosed (and that tends to be the case in about 95% of the information I seem to come across) than the use of cloud services with its lack of definition where information logically and legally resides is absolutely out of the question - it's simply too risky.
Not only do not have control over the vendor, you also have no control over what legislative environment you dea
Re:USA-free Internet? (Score:5, Funny)
Re: (Score:2)
Sorry, only Al Gore can create a new Internet and he's ours.
Re: (Score:2)
If you're going to play that game then may I suggest you stop using the web? Y'know, seeing as how it was created by godless commie yurpans...
Go back to Gopher and usenet, please.
Re: (Score:2)
Actually, it was created by the Swiss, who make us Americans look like a bunch of communists.
Re: (Score:2)