Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Cloud Privacy

Alliance Including Amazon, Google, Microsoft, and IBM Vows to Protect Rights and Privacy With 'Trusted Cloud Principles' (zdnet.com) 33

ZDNet reports: Some of the world's largest tech giants — Amazon, Google, Microsoft, IBM, Salesforce/Slack, Atlassian, SAP, and Cisco — have joined forces to establish the Trusted Cloud Principles in what they are claiming is their commitment to protecting the rights of their customers... Some of the specific principles that have been founded by the signatories include governments should seek data directly from enterprise customers first, rather than cloud providers, other than in "exceptional circumstances"; customers should have a right to notice when governments seek to access customer data directly from cloud service providers; and there should be a clear process for cloud providers to challenge government access requests for customers' data, including notifying relevant data protection authorities, to protect customers' interests.

Also outlined in the principles is the point that governments should create mechanisms to raise and resolve conflicts with each other such that cloud service providers' legal compliance in one country does not amount to a violation of law in another; and governments should support cross-border data flows. At the same time, the cloud service providers acknowledge that under the principles they recognise international human rights law enshrines a right to privacy, and the importance of customer trust and customers' control and security of their data. The signatories also said they commit to supporting laws that allow governments to request data through a transparent process that abides by human right standards; international legal frameworks to resolve conflicting laws related to data access, privacy, and sovereignty; and improved rules and regulations at the national and international levels that protect the safety, privacy, and security of cloud customers and their ownership of data...

The Trusted Cloud Principles come days after a separate data cloud framework was stood up between Amazon Web Services, Google, IBM, Microsoft and other major tech giants, plus the EDM Council, a cross-industry trade association for data management and analytics. Under the Cloud Data Management Capabilities (CDMC) framework there are six components, 14 capabilities, and 37 sub-capabilities that sets out cloud data management capabilities, standards, and best practices for cloud, multi-cloud, and hybrid-cloud implementations while also incorporating automated key controls for protecting sensitive data.

This discussion has been archived. No new comments can be posted.

Alliance Including Amazon, Google, Microsoft, and IBM Vows to Protect Rights and Privacy With 'Trusted Cloud Principles'

Comments Filter:
  • by Anonymous Coward

    Where is Zuck?

    • [What was the point of that AC brain fart?]

      Actually, I sort of trust one of them, but I can tell you what they would have to do to earn my trust. Then I'll tell you why they would NEVER do that.

      (1) Earn my trust by letting me access my data. And I insist that it is MY data no matter how they got it. It's about me and it's MINE.

      (2) But it's valuable data, so they will NEVER share it.

      Point of clarification: Not enough to let me see the data, or even to give me a copy of it. I can't figure it out. Meaningful a

  • Yeah right! (Score:4, Insightful)

    by EagleRider70 ( 3847037 ) on Saturday October 02, 2021 @11:45AM (#61853807)
    Umm, Google, Amazon, Microsoft have zero to do with privacy. They are some of the most invasive companies. If they were serious about privacy, they would implement zero knowledge storage. None of them have done that, so anything they say about privacy is a joke!
    • by NFN_NLN ( 633283 )

      You could store off-site encrypted data in the cloud.
      But you can't decrypt it in the cloud without them getting access. They control the hardware and hypervisors so if they wanted the keys they could get them.

    • Umm, Google, Amazon, Microsoft have zero to do with privacy. They are some of the most invasive companies. If they were serious about privacy, they would implement zero knowledge storage. None of them have done that, so anything they say about privacy is a joke!

      Hmmm.

      I notice that no one directly thought of as a major Linux player (yes I know, IBM and Microsoft are tangentelly Linux purveyors, and also Android doesn't count) and also Apple, were either not invited, or weren't interested, in what this Den of Data-Thieves are cooking-up.

      Now I'm sure this is just more of their Engulf+Devour global Great Data Suck.

  • If they wanted to convince anybody that this was good, they shouldn't have used the word "trusted". Coming out of the mouths of these actors, that word is always bad news. Not that it would make any difference. They could re-brand it any way they like, but when these guys get together in a room and start talking about privacy or security, I can't expect anything good to happen.

    So I guess it's actually good that they used "trusted". It lets us know that this whole affair needs to be eyed with suspicion.

    • "Trusted" is definitely not the optimal word for these guys. Broadly speaking, the only thing I trust about them or any other large corporation is that they'll do what's in their own self-interest.

      This is why I don't buy into the conspiracy theories that Microsoft is spying on users with it's telemetry in Windows 10, or that they still secretly want to kill Linux or open source in general. Why not? Because it's not in their self-interest to do so.. Spying on user data is a low-return and absurdly high r

      • by Blymie ( 231220 )

        There is a problem with this though process though. It applies to a small corp, but not a large.

        A large corporation has a CEO, and that CEO is in touch with virtually all employees. Certainly, with even the lowest level manager. That CEO's vision, is the corporate vision, hands down. Even though elements may enact change, that change often goes through the office of, or is overseen by, the CEO.

        Think of a local garage with 15 employees, or a locally owned grocery store with 40.

        Meanwhile, in a large corp,

    • If they wanted to convince anybody that this was good, they shouldn't have used the word "trusted".

      These companies generally use "trust" to mean trusted *by* them to maintain the control *they* want (such as with the "Trusted Platform Module"). But a big reason they keep using the word is because, with some obfuscation, they can make it sound (without technically lying) as if they're saying it can be trusted by the end user - it's effective marketing.

  • They give lip service to protecting the people's privacy but still stomp on other rights like free speech.
    • I'm old enough to remember when signatory Amazon nuked the entire business of the #1 app in both the Apple and Google stores, because they didn't like their speech.

      Decentralization is the only rational option.

      • by shanen ( 462549 )

        I might be older, notwithstanding your UID, but I don't know what app you're referring to. Please jog my memory.

        I concur with you about decentralization, though I think there need to be centralized standards for communication.

        I'll use Amazon as an pie-in-the-castle-in-the-sky example, since you mentioned them. With my imaginary tax code revisions, Amazon would suffer from high taxes for eliminating other shopping choices. The path to higher retained earning would be through dividing itself into smaller mark

      • Decentralize? The cloud? and maybe break up cloud providers like they broke up at&t? And take 30 years or so to realize that competition does not mean forcing someone buy you a dog to race? I would go another way, like net neutrality was going to do. I know the initial rules did not cover any of this but, I'm convinced it would have encouraged plenty of rules to govern this exact environment and created a quality of service between providers. Right now providers rely on technology standards to regulate

      • I believe you're referring to Parler. If not, they would make a good example also. Host any part of your business in "the cloud" and you make yourself beholden to your provider. You, therefore, don't control your business, your provider does. Parler made this mistake and is still paying for it. Other companies, Gab for one, went their own way and are thriving.

        “Ownership does not always mean absolute dominion. The more an owner, for his advantage, opens up his property for use by the public in gener
  • These jokers don't give on iota about your privacy - duh.
  • Most of Congress doesn't even understand how the Internet works.

    Unfortunately having the gang of 4 or 5 making up their own privacy protections is just a mistake.

    What we need is a 1 page definition of privacy, and penalties for any violations of those definitions.

    Short of that, copyright all your personal information, and file appropriate DCMA takedown notices for any use of your information.

  • by sarren1901 ( 5415506 ) on Saturday October 02, 2021 @12:29PM (#61853923)

    That read the title and just laughed out loud. What an absurd thing for them to claim.

  • To want to know everything they can about me but also not want to share any of that information unless someone else pays them big money for it. You would be shocked at how much information you can buy about people. You can get what apps a person has on their phone, where their phone has been and a large amount of what their browsing habits are. That free weather app, you know the one that you granted your location data too so it could tell you the weather outside - it is probably the single biggest leake
  • Amazon, Google, IBM and Microsoft are joined at the hip with the state security apparatus. That's why Microsoft's cloud is next door to the NSA.
  • by Opportunist ( 166417 ) on Saturday October 02, 2021 @01:31PM (#61854073)

    Yeah. Next think you want me to do is employ some vulpine guards for the chicken coop, right?

  • .... claiming is their commitment to protecting the rights of their customers

    That's what they're publicly saying, but how do we know they're not doing something else [slashdot.org].

  • Their idea of privacy is allowing them to keep tabs on your private data and use it however they want, but maybe not allowing others to make money off of it, too.

  • by RitchCraft ( 6454710 ) on Saturday October 02, 2021 @03:20PM (#61854419)
    Until it is made illegal to store anyone's information without express permission from the individual. Companies want to share that information. Again, consent from the individual and a majority cut of the profit made from it goes to the individual. Some people may actually like to have residual monthly checks coming in from sharing their information. Not me, but others may not mind.
    • by shanen ( 462549 )

      Mod parent up. Or is it too obvious.

    • "Express permission" is meaningless if there are no real choices to say no. Take the ProtonMail story earlier this year. Police in France requested IP traces through Swiss court to catch criminals in secret that used ProtonMail. Turns out those "criminals" are environment activists that may have hurt somebody's money pocket but nobody have lost their life nor virginity due to them. Whether the law of France is doing justice in that case is highly debatable.

      The current public discussion in the internet on

  • wherein, cloud providers say "don't ask us first"

    i mean, if it were not so self-serving for the gigantic cloud providers to say they're not the first port of call when governments want something, this might be taken more seriously.

    right now, it seems more like something Bruce Schneier could call "Privacy Theatre."

  • Don't use any of the companies that are on that list of claim to use these principles.
  • You can't declare yourself "trusted". We're the only judges of your trustworthiness to us.
    And as long as your main goal is still *profit*... aka the amount of money you can take from us compared to the amount you don't give back to us in exchange... you won't ever be trustworthy, period.

    You're not our friend. You're that sleazy pickpocket that's peddling $10 "Rolex" watches to us.
    And you claiming "I'm your friend now!" doesn't change that. It only highlights even more that you are a lying piece of shit.

  • Talk is cheap. You never see any automatic fines per offense for any privacy breach at any level or situation. Nor do you get an 'option' to buy that. Plus Governments cant help sticking their fingers in, including the USA and their CLOUD act. Never mind the original cloud concept said clouds were portable - is Azure is a few cents more - you seamlessly move storage to another cloud, which in practice is never done. The best protection is have some of your data in several very small cloud players over seve
  • "Trusted Cloud Principles" is a very nice title to fool everyone into what they really want:

    - uniform legal compliance.
    This means, bring a legal framework that works in every country, in other words, a legal framework that to work in every country it needs to be so weak that will have so many holes in it that these cloud providers would get away with anything they want.

    - governments should support cross-border data flows.
    And of course, the previous is conditioned by this other requirement. This cros

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...