Forgot your password?
typodupeerror
Cloud Businesses Censorship EU Privacy The Internet United States Your Rights Online

New Privacy Laws Could Boost EU Cloud Industry 119

Posted by timothy
from the markets-also-route-around-censorship dept.
sweetpea86 writes "Cloud providers based in the European market could turn the fear, uncertainty and doubt around data protection and the U.S. Patriot Act to their advantage, according to Andy Burton, chairman of the Cloud Industry Forum. The only way that European companies can absolutely guarantee that their data doesn't end up in the hands of U.S. authorities is by choosing a provider that not only has a data centre within their jurisdiction, but is also owned by an organisation based in that jurisdiction."
This discussion has been archived. No new comments can be posted.

New Privacy Laws Could Boost EU Cloud Industry

Comments Filter:
  • considered a safe harbour from the US Patriot Act?
    • Not all nations in this world kow tow to the mighty Uncle Sam, you know?

      • by Registered Coward v2 (447531) on Saturday January 28, 2012 @09:55AM (#38849507)

        Not all nations in this world kow tow to the mighty Uncle Sam, you know?

        True, but the notion there is anyplace that can fully guarantee data does not end up in the hands of the US (or any other country, for that manner) is naive. Each of these countries ha their own self interest at heart, and if the US (or some other country) wants their help doing something they just need to come up with a compelling reason for them to help. Governments also change, as do a nations goals and interests.

        The bottom line is, once you cede control of your data to third party, you lose the ability to ensure it will never get passed on to someone's. Or,a s the saying goes, two people can keep a secret only if one of them is dead.

        • by Fnord666 (889225)

          they just need to come up with a compelling reason for them to help.

          Because blackmail is such an ugly word.

          • they just need to come up with a compelling reason for them to help.

            Because blackmail is such an ugly word.

            It doesn't have to be blackmail - in fact blackmail is probably less effective than other means. What you want to do is show them how doing what you want benefits them as well. No need to threaten anything. Make a deal - what kind of a deal? - a deal deal. For example, while the data in question may involve something that was done against country A and did not involve or threaten country B where the data resides - how doe sB know that the person will not do the same thing to them in the future? It may be in

    • by AHuxley (892839) on Saturday January 28, 2012 @08:49AM (#38849305) Homepage Journal
      Stay away from the UK, Canada, Australia ect. via http://en.wikipedia.org/wiki/UK [wikipedia.org]–USA_Security_Agreement
      Stay away from anywhere the UK/US has had bases "British Bases in Cyprus and Signals Intelligence" e.g. http://cryptome.org/2012/01/0060.pdf [cryptome.org]
      Stay away from anywhere that has cheap telco peering loops to the USA thats going to save you lots .....
      Your down to failed states, theocracies, Kingdoms, disputed zones with expensive telcos, changing local laws, taxes, gifts and investors fine print.
      If you upset the USA, most of the EU has friends willing to help with some form of rendition.
      Enjoy classified charges, no lawyer to evaluate or challenge the evidence.
      • I think we should upset the u.s.a. If the whole world stopped using capital letters when referring to the u.s.a. - the u.s. - uncle sam etcetera, then the fools who are allowing the united states to bob and curtsy and pass legislation to the entertainment industry and other powerful lobbies may just get the idea that the rest of the world is kicking back.
        • Yeah, that would piss off the US government. They'd probably care about as much as the board of Microsoft whenever they saw "Micro$oft."

    • Germany is probably your best bet. They have fairly recent cultural memory of abuses of power in the context of privacy/spying and this strongly influences their laws and attitudes to data protection.

      Remember how you laughed as they complained about google streetview? Those same attitudes give you a much safer home for _your_ data.

  • ...not a lapdog, bosom buddy US ally or wannabe government.
  • Ha! (Score:5, Insightful)

    by guises (2423402) on Saturday January 28, 2012 @07:36AM (#38849121)
    See? See?!? Responsible, consumer-friendly legislation doesn't have to be anti-business.

    We've got this thing in my country with the one political party saying that they're pro-consumer and trying to push laws that limit corporate abuses, and the other party saying that they're pro-business and trying to squash anything that would reduce corporate size and influence with the claim that it's necessary for jobs, the economy, etc. Well bullshit. Some consumer-friendly legislation may be anti-established business, but that's not a negative, just thinning the herd. Get rid of the sick and bring on the new.
  • by CAPSLOCK2000 (27149) on Saturday January 28, 2012 @07:39AM (#38849131) Homepage

    My employer (a university) decided to outsource the e-mail-facilities for students. Microsoft and Google both made compelling offers, however Google could not promise that our data would never leave Europe. Microsoft did make that promise and was awarded the contract because of it.
    A few months later MS had to confess that they couldn't keep that promiss. As the migration was not going smooth at all we are now back talking with Google.

    • by Anonymous Coward on Saturday January 28, 2012 @08:13AM (#38849207)

      Your employer trusted Microsoft on this?
      Bruhaha!

      • by Taco Cowboy (5327)

        Your employer trusted Microsoft on this?
        Bruhaha!

        Unfortunately, stupidity is still the "2nd most abundant element in the Universe"

    • by UBfusion (1303959)

      If I were in your shoes, I'd recommend your uni legal department to advise explicitly all the teaching and research stuff to avoid sending mail containing sensitive materials unencrypted. Current industrial/research espionage is indistinguishable from magic.

    • by TheGratefulNet (143330) on Saturday January 28, 2012 @12:35PM (#38850221)

      let me get this straight: a university, a WEALTH of intelligent and skilled people (many with lots of time on their hands) outsources an extremely easy to manage service and also one that has high risk of being abused by the outsourced company?

      you value your data that little? you value privacy that little? you value your own people that little?

      what place is that? I'd like to know so I can tell people NOT TO GO THERE.

      lazy assholes. sheesh! pisses me off. wealth of brainpower but too fucking lazy to install and manage sendmail, qmail, or whatever.

      • They also have plenty of people who are capable of mowing the lawns, but they probably outsource that job, too. It makes perfect sense to me.

        What I don't get, though: why are MS and Google the only companies that they considered? Is there really nobody else who can provide email for a large organization?

        • No other company responded that could meet all our requirements.

          • No other company responded that could meet all our requirements.

            It sounds like those respondents did not meet your requirements either. As you said, Google could not "promise that our data would never leave Europe", and Microsoft first said they could, then recanted after they got the order.

      • by AmiMoJo (196126)

        Email isn't that simple for large organisations that need to manage thousands of users who need remote access. Bandwidth, server capacity and available mean it makes sense to locate the servers at a datacentre, and you will probably end up running a third party web app anyway so it isn't much of a stretch just to outsource the whole project.

        • sure it is.

          30 years ago it was hard.

          today its bog simple.

          web-based email is just a choice of what pkgs you run. its been rehashed so many times, you can pick and choose what pkg set you use. or customize your own.

          you really want me to believe that a think-organization (school of higher education!) HAS TO outsource computer system management?

          no, they are lazy fucks. there is no rational reason to outsource an intellectual pursuit AT A COLLEGE.

          the fact that its is an 'Im ok with that!' kind of thing for so

          • by AmiMoJo (196126)

            today its bog simple.

            web-based email is just a choice of what pkgs you run. its been rehashed so many times, you can pick and choose what pkg set you use. or customize your own.

            You have never used Gmail or Outlook/Exchange web mail in a large organisation, have you? They are a bit more complex than simple webmail.

      • It's not my preferred solution either, but it's not as bad as it sounds.
        Not everything will be out-sourced, we continue to manage most of the mail ourselves. We decide how the mail is routed and we manage authentication (google/microsoft never sees our passwords). Every employee has at least one local mailbox.

        The expensive part of running an e-mail service is not the backend, it's dealing with user-support. Why waste those intelligent and skilled people on something as simple as webmail? Each year we give o

        • I'm not blaming you, personally.

          but I would not go to a school that cannot even manage their own systems.

          I truly fear for american youth as they grow up and into the work force. they'll expect all their 'bs work' to be outsourced. its setting a trend and expectation. not at all good for our long term, though!

          • Running an e-mail system is trivial compared to all the other software used by a modern university. In fact it is so easy that it can be outsourced.to the lowest bidder. That way we (the IT-departement) can focus our attention on the difficult systems.

            Would you go to a school that hires some other company to clean its toilets or to mow the lawn? Would eat at a university-restaurant that does not bake its own bread? Then why do you care who runs the e-mail front-end?

    • ...we are now back talking with Google.

      Wait.. what? This sounds like a presidential election. You get pissed off at the republicans, so you vote democrat. Turns out the democrats are the same thing, so you go back to the republicans?? That does not compute

      • Google was honest, Microsoft made a promise that it couldn't keep and were incompetent to boot (what a surprise). We reward honesty.

        • Google was honest...

          I have to admit the same goes for the republicans

          Microsoft made a promise that it couldn't* keep...

          *replace with 'wouldn't'

          Ditto for the democrats...

          I guess we're in real trouble if the only alternative is GoDaddy, Twitter, or Facebook

        • by cffrost (885375)

          Microsoft [...] were incompetent to boot (what a surprise).

          My Windows machines boot fine. Try checking SMART logs and verifying file system integrity.

  • So can anyone list a EU-based provider I can use?

    • Re:Names Please? (Score:4, Insightful)

      by Anonymous Coward on Saturday January 28, 2012 @08:41AM (#38849277)

      No Company in the EU is safe from the US Gov. End of.
      The US has laws that extend ALL US laws into every country in the world. They will use this to come after you if they even have the smallest suspicion that ther might just possibly mabe pehaps be something related to piracy, terrorism, child porn, anti US sentiments somewhere in your data.
      Then it will be up to your government to tell the US what they can do with their extradition request. Mostly, they will roll over and let them take you.
      The US also has laws where you can be held indefinitely without trial, charge or even access to a lawyer.

      If you choose to go with a company that just happens to be a local subsidiary of a US company OR have a US subsidiat itself, they can wealk in without a warrant and take your data.

      Where are you going for your hosting now?
       

    • by UBfusion (1303959)

      If you're really interested, I'd suggest to limit your search in non-EU and non-NATO European countries like e.g. Albania.

      For those small countries, the development of data centers/clouds right at this moment might be the opportunity of a lifetime.

  • by PSVMOrnot (885854) on Saturday January 28, 2012 @08:44AM (#38849289)

    The only truly private cloud is the one you own, manage and host yourself. For most users this is of course not feasible; they lack the knowledge, time and inclination to set one up. For us tech types however it's getting to the feasible stage.

    We have all seen the news about the Raspberry Pi [slashdot.org], a dirt cheap mini computer that can run on a handful of AA batterys. Take a linux distro of your choice which runs on the Raspberry Pi, add some lovely open source software like Zarafa [zarafa.com], sprinkle lightly with a dynamic DNS [wikipedia.org] and bake for however long you want in a cool Raspberry Pi. Serves an entire household (or more).

    For that extra security flavour you can garnish with an OpenVPN connection [openvpn.net], and deny all other incomming traffic.

    Et voila! Mobile, web accessable email, contacts and calendar (plus whatever else you want to set up on there) with the data being on your machine and in your control.

    • by UBfusion (1303959)

      It might be the "only truly private cloud" but still it's not safe (if installed within an EU country).

      • by PSVMOrnot (885854)

        It might be the "only truly private cloud" but still it's not safe (if installed within an EU country).

        Well, yes, there is always something; such as the risk of having your door broken down and said little box being carted off.

        Did you have some specific examples in mind?

    • by AmiMoJo (196126)

      You can buy devices like the PogoPlug which do that out of the box and are aimed squarely at consumers, but they have not really taken off.

  • by Anonymous Coward

    With Barosso in power in the EU Commission? No way will EU Cloud providers benefit! USA will simply ask Barosso for warrant/evidence free access to the data and he'll hand it over, just like he did with SWIFT banking data.

    Tell me I'm wrong here. He simply pretended he wanted a strong response, so he could get control of the issue, then he promptly signs over a one way transfer of banking data to the USA!

    And ACTA's the same story, it will be pushed through on a subcommittee of the EU Parliament, just like th

  • Not that I believe that servers and organizations based in the EU are 'safe' from our (US) recent tactics of policing the world, however, IF this were to be the case:

    There goes another (small?) portion of jobs, to the overseas, never to be hiring or promoting here again!

    Obviously, this is EXACTLY what we are looking for, so it makes perfect sense to keep pushing things this hard! *

    (*no)

  • I highly doubt the above statement, given this...

    http://www.prisonplanet.com/obama-signs-global-internet-treaty-worse-than-sopa.html [prisonplanet.com]

    It won't really matter where the servers are in a particular jurisdiction, if your country has signed the Anti-Counterfitting Trade Act, you're pretty much screwed. So much for turning fear and uncertainty into an economic boon.
  • by Anonymous Coward

    And it is called "Cloud".

    The Government of the United States of America should do everything in its power to eliminate this threat. It offends me to think that our laws can be sidestepped in such a blatant manner.

    I'll bet it will be merely a matter of hours before these clouds are used to host child pornography and recipes for bombs, deadly viruses, and poisons. There will probably also be a ton of propaganda stating things like "It's OK to have abortions! Your body belongs to you, NOT the Government!", or

  • by qbast (1265706) on Saturday January 28, 2012 @09:14AM (#38849381)
    I wonder how successful would be a company providing data storage service like Dropbox, but with guaranteed data security. I mean that all encryption would be done by client software (with source code provided so everyone can verify that) and no keys or unencrypted data would be ever transmitted to company's servers. In this case complying with warrants and subpoenas would be no problem - here is all we have, have fun decrypting.
    • by Riskable (19437)

      The point of encrypting your data is so that 3rd parties CAN'T access it. Encrypt it yourself and THEN put it in the cloud.

    • I wonder how successful would be a company providing data storage service like Dropbox, but with guaranteed data security. I mean that all encryption would be done by client software (with source code provided so everyone can verify that) and no keys or unencrypted data would be ever transmitted to company's servers. In this case complying with warrants and subpoenas would be no problem - here is all we have, have fun decrypting.

      All a court will do is compel the owner to provide the keys to allow decryption. There's a case right now where a judge has down just that; I hope it will go to SCOTUS who will squash it but that's not a sure bet. If you refuse, it's contempt of court and jail time until you comply.

      Personally, I think you should be able to plead the fifth and not be compelled to decrypt; but until SCOTUS decides the law is unclear in the US.

    • by fa2k (881632)

      I wonder how successful would be a company providing data storage service like Dropbox, but with guaranteed data security.

      There are several companies like that: http://www.wuala.com/ [wuala.com] , https://spideroak.com/ [spideroak.com] , http://www.swissdisk.com/ [swissdisk.com]. They are doing OK, I believe, but don't have the hype of Dropbox. They don't have to say they guarantee the security because only the user has the keys (which is the best guarantee possible).

    • by horza (87255)

      Isn't that what Spideroak [spideroak.com] does? Personally I use Dropbox for sharing photos I don't care about, and Spideroak for storing documents.

      Phillip.

  • by devent (1627873) on Saturday January 28, 2012 @10:50AM (#38849739) Homepage

    Except where a agreement exists in which the EU must give the USA authorities access to the data if it's about terrorism (or whatever), like with the bank transactions. Like the Swift agreement between the EU and the USA. It's an open secret that in order to spy on the citizens the USA and the EU have agreements of data sharing. Because of strict privacy laws in the EU they just agree to share the data with the USA, so the USA can see the data and tell the EU everything in order to fight terrorism (or whatever).

    Face the fact: if you put your data in the cloud, the goverment have it. There is no way around it.

  • not only has a data centre within their jurisdiction, but is also owned by an organisation based in that jurisdiction.

    That sentence is really silly. If you have a hosting service in EU, and want to sell in the EU, then you need to be in the VAT system, which means that having a company registered in EU is quite mandatory (I quite know because we had to form GPLHost UK in order to sell in EU...). So the sentence is redundant and stupid.

The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it. -- E. Hubbard

Working...