New Privacy Laws Could Boost EU Cloud Industry 119
sweetpea86 writes "Cloud providers based in the European market could turn the fear, uncertainty and doubt around data protection and the U.S. Patriot Act to their advantage, according to Andy Burton, chairman of the Cloud Industry Forum. The only way that European companies can absolutely guarantee that their data doesn't end up in the hands of U.S. authorities is by choosing a provider that not only has a data centre within their jurisdiction, but is also owned by an organisation based in that jurisdiction."
But which places are... (Score:2)
China, Russia, Venezuela ... (Score:2)
Not all nations in this world kow tow to the mighty Uncle Sam, you know?
Re:China, Russia, Venezuela ... (Score:5, Insightful)
Not all nations in this world kow tow to the mighty Uncle Sam, you know?
True, but the notion there is anyplace that can fully guarantee data does not end up in the hands of the US (or any other country, for that manner) is naive. Each of these countries ha their own self interest at heart, and if the US (or some other country) wants their help doing something they just need to come up with a compelling reason for them to help. Governments also change, as do a nations goals and interests.
The bottom line is, once you cede control of your data to third party, you lose the ability to ensure it will never get passed on to someone's. Or,a s the saying goes, two people can keep a secret only if one of them is dead.
Re: (Score:2)
they just need to come up with a compelling reason for them to help.
Because blackmail is such an ugly word.
Re: (Score:2)
they just need to come up with a compelling reason for them to help.
Because blackmail is such an ugly word.
It doesn't have to be blackmail - in fact blackmail is probably less effective than other means. What you want to do is show them how doing what you want benefits them as well. No need to threaten anything. Make a deal - what kind of a deal? - a deal deal. For example, while the data in question may involve something that was done against country A and did not involve or threaten country B where the data resides - how doe sB know that the person will not do the same thing to them in the future? It may be in
Re:But which places are... (Score:4, Insightful)
Stay away from anywhere the UK/US has had bases "British Bases in Cyprus and Signals Intelligence" e.g. http://cryptome.org/2012/01/0060.pdf [cryptome.org]
Stay away from anywhere that has cheap telco peering loops to the USA thats going to save you lots
Your down to failed states, theocracies, Kingdoms, disputed zones with expensive telcos, changing local laws, taxes, gifts and investors fine print.
If you upset the USA, most of the EU has friends willing to help with some form of rendition.
Enjoy classified charges, no lawyer to evaluate or challenge the evidence.
Re: (Score:1)
Re: (Score:2)
Yeah, that would piss off the US government. They'd probably care about as much as the board of Microsoft whenever they saw "Micro$oft."
Re: (Score:2)
Germany is probably your best bet. They have fairly recent cultural memory of abuses of power in the context of privacy/spying and this strongly influences their laws and attitudes to data protection.
Remember how you laughed as they complained about google streetview? Those same attitudes give you a much safer home for _your_ data.
Re:But which places are... (Score:5, Insightful)
It must be a nice place in your brain, with little pony and the teletubbies. I mean, do you really believe that?
The Patriot Act has a beautiful record of being abused for all sorts of purposes.
My Little Pony (Score:2, Insightful)
My Little Pony is actually a near-future post apocalyptic work, where the ponies have built their civilization on the ash and bones of the extinct human race.
They may look cute, but they have mobile armour and howitzers. It's pretty hard-core stuff.
Re: (Score:3)
http://www.youtube.com/watch?v=2-34Iyz7EYk [youtube.com]
http://www.youtube.com/watch?v=ybyHW3PK0nQ [youtube.com]
More at http://www.markfiore.com/snuggly_0 [markfiore.com]
Re: (Score:2)
And lot of that FUD is true. There are many reports on the net, describing how the Patriot Act is misused even in cases that are not related to terorism. It's much easier that regular subpoenas etc. so they misuse it.
Re: (Score:2)
Re: (Score:1)
I generally do agree that the internet is full of blogs and sites that just claim whatever they want to be true, without reliable proofs. The best source I've found so far are the reports presented by the "Director of the Administrative Office of the United States Courts" on "Applications for Delayed-Notice Search Warrants and Extensions". You can find that on ACLU site and on many other sites. For example by comparing the stats for 2008 and 2009, it's quite clear that most of the cases has nothing to do wi
Re:But which places are... (Score:4, Insightful)
Unless they are old and sick, sheep shouldn't worry about getting eaten by wolves.
Unfortunately the definition of 'terrorism' has been stretched in recent years. Once you are accused it's nearly impossible to clear your name.
Re: (Score:1)
If your company's not a front for terrorism, the Patriot Act shouldn't matter to it.
Well, it shouldn't matter, but it does.
Certain US three letter organisations have a history of meddling. If you work at a company in the EU and have a competitor in the US then it pretty much means that you shouldn't provide any usable information to any US company. (Same goes for China btw.)
Re:But which places are... (Score:4, Insightful)
And if you're not a crook, why would you wanna hide anything?
Face it, the terrorists won. What did they hate us for? Our liberty and freedom? Ok, we caved in and eliminated both.
Re:But which places are... (Score:5, Insightful)
> What did they hate us for? Our liberty and freedom?
I suspect they hate you for messing with their countries over and over again. They probably don't give a fuck about your 'liberty and freedom'.
Re: (Score:2, Insightful)
Sure, the Islamists are perfectly happy to let us enjoy our lives, so long as we leave them alone. You're somewhat underestimating the Muslim capacity for butthurt and completely unjustified notions of superiority. The only way that Islamists will be content is when we either adopt Islam or agree to live under its rule. Even then, which version of Islam? Muslims have a rich tradition of killing Muslims who belong to different sects.
The Danes have a long history of charity and are hardly known for militarily
Re: (Score:2, Insightful)
I suggest you try replacing "Muslims" with "Christians" in your first paragraph.
Works perfectly, doesn't it?
You are confusing the extremist, fundamentalist mulsim with the mulsim-in-the-street.
Some of my best friends are Christians; but then they are not Pat Robertson, or Jimmy Swaggart, or Michelle Bachman.
And remind me once again what Ann Coulter said after 9/11...
Re: (Score:2)
You don't seem to understand that "Islamist" and "Muslim" mean two different things. All Islamists are Muslims, but not all Muslims are Islamists. Not even close. Labelling all Muslims as Islamists, and all as troublemakers hell-bent on a caliphate with a disdain for human rights and sexual equality shows how ignorant you are on this subject.
But please, continue to vomit hate-filled nonsense on your keyboard. It's entertaining to people who can see your ignorance a mile off.
Re: (Score:1)
You don't seem to understand that I'm not using Islamist as a synonym for Muslim - read the fucking post. Knowing this, it should come as no surprise that I don't think that all Muslims are pining for a caliphate, but then that's only going to obvious to people who aren't dumb as a sack of hammers; find one and ask them to read my post to you.
Would you describe as "Islamist" all Muslims who took to the streets over the Danish cartoons? How about the ambassadors from countries with predominantly Muslim popul
Re:But which places are... (Score:5, Insightful)
You misspelled "Jesus" and "Christians." Oh, you weren't talking about the last thousand years of Christianity (up until maybe 150 years ago). My mistake.
Re: (Score:1)
50 odd years ago the French state was still executing people by decapitation. Would that invalidate modern day French criticism of states partial to height reduction among criminals? Obviously not, yet that seems to be your argument.
Re: (Score:2)
Re: (Score:2)
Freedom is about ability, Liberty is about permission. Their use together is not redundant. Through the natural drift and smearing of meaning in language, those distinctions are not hard and fast.
Re: (Score:3)
> And if you're not a crook, why would you wanna hide anything?
- because you have business secrets
- because you want to stay ahead of US competition
- because you work with confidential data
- because you do something that is perfectly legal, but maybe not appreciated by the US government
- because you not everybody respects the law
I guess your house has no doors, you never wear cloth, and your walls are made from glass? And you tell everybody your password?
Re: (Score:2)
rhetoric [ret-er-ik]
noun
1. (in writing or speech) the undue use of exaggeration or display; bombast.
2. the art or science of all specialized literary uses of language in prose or verse, including the figures of speech.
3. the study of the effective use of language.
4. the ability to use language effectively.
5. the art of prose in general as opposed to verse.
Pick the one that you think fits best...
Re: (Score:2)
“This is unlikely to be an issue in reality unless you’re involved in anything dodgy.
If your company's not a front for terrorism, the Patriot Act shouldn't matter to it.
That's fine for today, but what about tomorrow when FOSS is considered terrorism??
Re: (Score:2)
I'm not involved in terrorism. I do have a common name that I apparently share with someone who's a spectacular international badass. US customs officers swear when they scan my passport. So tell me again how the PATRIOT act and the other stuff that's going on in the US shouldn't matter to anyone not involved with terrorism?
and... (Score:2)
Ha! (Score:5, Insightful)
We've got this thing in my country with the one political party saying that they're pro-consumer and trying to push laws that limit corporate abuses, and the other party saying that they're pro-business and trying to squash anything that would reduce corporate size and influence with the claim that it's necessary for jobs, the economy, etc. Well bullshit. Some consumer-friendly legislation may be anti-established business, but that's not a negative, just thinning the herd. Get rid of the sick and bring on the new.
Our MS vs Google fight (Score:5, Interesting)
My employer (a university) decided to outsource the e-mail-facilities for students. Microsoft and Google both made compelling offers, however Google could not promise that our data would never leave Europe. Microsoft did make that promise and was awarded the contract because of it.
A few months later MS had to confess that they couldn't keep that promiss. As the migration was not going smooth at all we are now back talking with Google.
Re:Our MS vs Google fight (Score:5, Funny)
Your employer trusted Microsoft on this?
Bruhaha!
Re: (Score:2)
Your employer trusted Microsoft on this?
Bruhaha!
Unfortunately, stupidity is still the "2nd most abundant element in the Universe"
Re: (Score:2)
If I were in your shoes, I'd recommend your uni legal department to advise explicitly all the teaching and research stuff to avoid sending mail containing sensitive materials unencrypted. Current industrial/research espionage is indistinguishable from magic.
Re:Our MS vs Google fight (Score:5, Insightful)
let me get this straight: a university, a WEALTH of intelligent and skilled people (many with lots of time on their hands) outsources an extremely easy to manage service and also one that has high risk of being abused by the outsourced company?
you value your data that little? you value privacy that little? you value your own people that little?
what place is that? I'd like to know so I can tell people NOT TO GO THERE.
lazy assholes. sheesh! pisses me off. wealth of brainpower but too fucking lazy to install and manage sendmail, qmail, or whatever.
Re: (Score:2)
They also have plenty of people who are capable of mowing the lawns, but they probably outsource that job, too. It makes perfect sense to me.
What I don't get, though: why are MS and Google the only companies that they considered? Is there really nobody else who can provide email for a large organization?
Re: (Score:2)
No other company responded that could meet all our requirements.
Re: (Score:2)
No other company responded that could meet all our requirements.
It sounds like those respondents did not meet your requirements either. As you said, Google could not "promise that our data would never leave Europe", and Microsoft first said they could, then recanted after they got the order.
Re: (Score:2)
Email isn't that simple for large organisations that need to manage thousands of users who need remote access. Bandwidth, server capacity and available mean it makes sense to locate the servers at a datacentre, and you will probably end up running a third party web app anyway so it isn't much of a stretch just to outsource the whole project.
Re: (Score:2)
sure it is.
30 years ago it was hard.
today its bog simple.
web-based email is just a choice of what pkgs you run. its been rehashed so many times, you can pick and choose what pkg set you use. or customize your own.
you really want me to believe that a think-organization (school of higher education!) HAS TO outsource computer system management?
no, they are lazy fucks. there is no rational reason to outsource an intellectual pursuit AT A COLLEGE.
the fact that its is an 'Im ok with that!' kind of thing for so
Re: (Score:2)
today its bog simple.
web-based email is just a choice of what pkgs you run. its been rehashed so many times, you can pick and choose what pkg set you use. or customize your own.
You have never used Gmail or Outlook/Exchange web mail in a large organisation, have you? They are a bit more complex than simple webmail.
Re: (Score:2)
It's not my preferred solution either, but it's not as bad as it sounds.
Not everything will be out-sourced, we continue to manage most of the mail ourselves. We decide how the mail is routed and we manage authentication (google/microsoft never sees our passwords). Every employee has at least one local mailbox.
The expensive part of running an e-mail service is not the backend, it's dealing with user-support. Why waste those intelligent and skilled people on something as simple as webmail? Each year we give o
Re: (Score:2)
I'm not blaming you, personally.
but I would not go to a school that cannot even manage their own systems.
I truly fear for american youth as they grow up and into the work force. they'll expect all their 'bs work' to be outsourced. its setting a trend and expectation. not at all good for our long term, though!
Re: (Score:2)
Running an e-mail system is trivial compared to all the other software used by a modern university. In fact it is so easy that it can be outsourced.to the lowest bidder. That way we (the IT-departement) can focus our attention on the difficult systems.
Would you go to a school that hires some other company to clean its toilets or to mow the lawn? Would eat at a university-restaurant that does not bake its own bread? Then why do you care who runs the e-mail front-end?
Re: (Score:2)
that is not a large number.
and size (of that scale) does not matter on modern mail systems. out of the box, qmail and most of the others can handle that.
the transport is not the issue; the user interface is (was). and now, even that is handled by web front-ends.
its mostly an issue of how much you want to spend on your hardware. the software is not trivial but it not very hard, either.
are we, collectively, just afraid of doing a little work on our own?
I think, sadly, its the case.
Re: (Score:2)
You got it wrong, it's not a matter of hardware. Our three year old mailservers handle the load without every blinking. They could probably handle ten times more without any noticable load.
No matter what user-interface you use, people still need support. Both software and users are getting better but we are still far away from an email-system that does not need support.The university is full of young and bright people but even that group needs a lot of support. The older part of our population would be lost
Re: (Score:1)
...we are now back talking with Google.
Wait.. what? This sounds like a presidential election. You get pissed off at the republicans, so you vote democrat. Turns out the democrats are the same thing, so you go back to the republicans?? That does not compute
Re: (Score:2)
Google was honest, Microsoft made a promise that it couldn't keep and were incompetent to boot (what a surprise). We reward honesty.
Re: (Score:1)
Google was honest...
I have to admit the same goes for the republicans
Microsoft made a promise that it couldn't* keep...
*replace with 'wouldn't'
Ditto for the democrats...
I guess we're in real trouble if the only alternative is GoDaddy, Twitter, or Facebook
Re: (Score:2)
Microsoft [...] were incompetent to boot (what a surprise).
My Windows machines boot fine. Try checking SMART logs and verifying file system integrity.
Whajamacallit ? (Score:2)
Sweet lord .. i been tellin geveryone for the past 4 years that we need european versions of facebook
America has Facebook
Europe has? Buttbook ??
Re: (Score:2)
Re:Names Please? (Score:4, Insightful)
No Company in the EU is safe from the US Gov. End of.
The US has laws that extend ALL US laws into every country in the world. They will use this to come after you if they even have the smallest suspicion that ther might just possibly mabe pehaps be something related to piracy, terrorism, child porn, anti US sentiments somewhere in your data.
Then it will be up to your government to tell the US what they can do with their extradition request. Mostly, they will roll over and let them take you.
The US also has laws where you can be held indefinitely without trial, charge or even access to a lawyer.
If you choose to go with a company that just happens to be a local subsidiary of a US company OR have a US subsidiat itself, they can wealk in without a warrant and take your data.
Where are you going for your hosting now?
Re: (Score:3)
Enough with this anti-"US law" crap... It's not a matter of the US laws but of the international treaties signed between US and its allies. No country dares to deny signing such treaties, because US has its ways.
Re: (Score:1)
May I humbly suggest you go and look at the laws signed by Obama extending US jurisdiction to the whole planet.
Then look at the law that allows thwe US to hold people without charge, trial or legal representation. This is Gitmo++. You are gone, lost. It is as if you never existed.
Try this one for starters...
http://www.theglobeandmail.com/news/world/worldview/even-us-citizens-face-indefinite-detention-in-new-anti-terror-law/article2297240/ [theglobeandmail.com]
If you are a well connected US Citizen you might be able to challenge
Re: (Score:1)
U.S.A. demands back doors in Cisco and other routers for law enforcement.
http://www.zdnet.com/blog/security/router-backdoors-hacked-by-chinese-part-2/926 [zdnet.com]
Re: (Score:2)
According to the Constitution, it's just ink on paper until the Senate ratifies it.
The president can (but shouldn't) treat it as binding if he wishes, but he (or the next president) can choose to ignore it as well. It isn't actually binding.
Re: (Score:2)
Where are you going for your hosting now?
China?
Re: (Score:2)
If you're really interested, I'd suggest to limit your search in non-EU and non-NATO European countries like e.g. Albania.
For those small countries, the development of data centers/clouds right at this moment might be the opportunity of a lifetime.
Re: (Score:2)
More at http://www.spiegel.de/international/germany/0,1518,490514,00.html [spiegel.de]
The NSA may be at Shkoder http://cryptome.org/jya/nsa-scs.htm [cryptome.org]
The only private cloud... (Score:4, Interesting)
The only truly private cloud is the one you own, manage and host yourself. For most users this is of course not feasible; they lack the knowledge, time and inclination to set one up. For us tech types however it's getting to the feasible stage.
We have all seen the news about the Raspberry Pi [slashdot.org], a dirt cheap mini computer that can run on a handful of AA batterys. Take a linux distro of your choice which runs on the Raspberry Pi, add some lovely open source software like Zarafa [zarafa.com], sprinkle lightly with a dynamic DNS [wikipedia.org] and bake for however long you want in a cool Raspberry Pi. Serves an entire household (or more).
For that extra security flavour you can garnish with an OpenVPN connection [openvpn.net], and deny all other incomming traffic.
Et voila! Mobile, web accessable email, contacts and calendar (plus whatever else you want to set up on there) with the data being on your machine and in your control.
Re: (Score:2)
It might be the "only truly private cloud" but still it's not safe (if installed within an EU country).
Re: (Score:2)
It might be the "only truly private cloud" but still it's not safe (if installed within an EU country).
Well, yes, there is always something; such as the risk of having your door broken down and said little box being carted off.
Did you have some specific examples in mind?
Re: (Score:2)
You can buy devices like the PogoPlug which do that out of the box and are aimed squarely at consumers, but they have not really taken off.
No they won't with Barosso (Score:1)
With Barosso in power in the EU Commission? No way will EU Cloud providers benefit! USA will simply ask Barosso for warrant/evidence free access to the data and he'll hand it over, just like he did with SWIFT banking data.
Tell me I'm wrong here. He simply pretended he wanted a strong response, so he could get control of the issue, then he promptly signs over a one way transfer of banking data to the USA!
And ACTA's the same story, it will be pushed through on a subcommittee of the EU Parliament, just like th
More jobs.... overseas (Score:1)
Not that I believe that servers and organizations based in the EU are 'safe' from our (US) recent tactics of policing the world, however, IF this were to be the case:
There goes another (small?) portion of jobs, to the overseas, never to be hiring or promoting here again!
Obviously, this is EXACTLY what we are looking for, so it makes perfect sense to keep pushing things this hard! *
(*no)
ACTA anyone? (Score:2)
http://www.prisonplanet.com/obama-signs-global-internet-treaty-worse-than-sopa.html [prisonplanet.com]
It won't really matter where the servers are in a particular jurisdiction, if your country has signed the Anti-Counterfitting Trade Act, you're pretty much screwed. So much for turning fear and uncertainty into an economic boon.
Re: (Score:1)
Go ahead and call wikipedia a conspiracy loon site as well. Your misguided opinion doesn't change the fact that ACTA does indeed exist *AND* makes SOPA/PIPA look like a game of candyland. This information is freely available through any major search engine; You just have to know what to look for, when, and where to look for it.
Re: (Score:2)
Re: (Score:1)
http://politics.slashdot.org/story/12/01/29/1925202/thousands-take-to-the-streets-to-protest-acta [slashdot.org]
I vow only to post REAL news stories from now on *eyeroll*
Terrorism has a new face... (Score:1)
And it is called "Cloud".
The Government of the United States of America should do everything in its power to eliminate this threat. It offends me to think that our laws can be sidestepped in such a blatant manner.
I'll bet it will be merely a matter of hours before these clouds are used to host child pornography and recipes for bombs, deadly viruses, and poisons. There will probably also be a ton of propaganda stating things like "It's OK to have abortions! Your body belongs to you, NOT the Government!", or
Re: (Score:2)
img src="old_man_simpson_yells_at_cloud.jpg"
(sorry, but it seemed to apply, here).
New service? (Score:3)
Re: (Score:2)
The point of encrypting your data is so that 3rd parties CAN'T access it. Encrypt it yourself and THEN put it in the cloud.
Re: (Score:3)
I wonder how successful would be a company providing data storage service like Dropbox, but with guaranteed data security. I mean that all encryption would be done by client software (with source code provided so everyone can verify that) and no keys or unencrypted data would be ever transmitted to company's servers. In this case complying with warrants and subpoenas would be no problem - here is all we have, have fun decrypting.
All a court will do is compel the owner to provide the keys to allow decryption. There's a case right now where a judge has down just that; I hope it will go to SCOTUS who will squash it but that's not a sure bet. If you refuse, it's contempt of court and jail time until you comply.
Personally, I think you should be able to plead the fifth and not be compelled to decrypt; but until SCOTUS decides the law is unclear in the US.
Re: (Score:3)
My interpretation, as a non-lawyer:
If the key (password) is only in your head, then supplying it is an admission of ownership or knowledge of the contents of a private "digital safe" - ie. self-incrimination.
Handing over the key to a physical safe is an admission only that you had the key.
Re: (Score:2)
If the police can't prove that the data is yours you can safely claim that you don't have the password. If they can prove it is yours then it is considered the same as a locked safe or locked room. The police could in theory break in with some amount of effort, but the law requires you to grant them access. That means handing over any keys or safe combinations.
Proving you have access to the data is tricky. For example there is no difference between random data and an encrypted Truecrypt volume header, so yo
Re: (Score:2)
I wonder how successful would be a company providing data storage service like Dropbox, but with guaranteed data security.
There are several companies like that: http://www.wuala.com/ [wuala.com] , https://spideroak.com/ [spideroak.com] , http://www.swissdisk.com/ [swissdisk.com]. They are doing OK, I believe, but don't have the hype of Dropbox. They don't have to say they guarantee the security because only the user has the keys (which is the best guarantee possible).
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Isn't that what Spideroak [spideroak.com] does? Personally I use Dropbox for sharing photos I don't care about, and Spideroak for storing documents.
Phillip.
Face the fact (Score:3)
Except where a agreement exists in which the EU must give the USA authorities access to the data if it's about terrorism (or whatever), like with the bank transactions. Like the Swift agreement between the EU and the USA. It's an open secret that in order to spy on the citizens the USA and the EU have agreements of data sharing. Because of strict privacy laws in the EU they just agree to share the data with the USA, so the USA can see the data and tell the EU everything in order to fight terrorism (or whatever).
Face the fact: if you put your data in the cloud, the goverment have it. There is no way around it.
A company in EU is mandatory (Score:2)
not only has a data centre within their jurisdiction, but is also owned by an organisation based in that jurisdiction.
That sentence is really silly. If you have a hosting service in EU, and want to sell in the EU, then you need to be in the VAT system, which means that having a company registered in EU is quite mandatory (I quite know because we had to form GPLHost UK in order to sell in EU...). So the sentence is redundant and stupid.
The only truly safe place for your data (Score:1)
/dev/null
Re: (Score:2, Informative)