Slashdot Mirror

← Back to Stories (view on slashdot.org)

Patriot Act Dampening Cloud Computing?

Posted by kdawson on from the hey-you-get-offa-my-cloud dept.

Julie188 writes "Governments are turning the Internet into a cyberspace reflection of real-world geographic conflicts. One report says that the Canadian government is forbidding its IT organizations to use services that store or host the government's data outside their sovereign territory. They especially cannot use services where the data is stored in the United States because of fears over the Patriot Act. What kinds of jurisdiction issues might people face — think Google cooperating with the Chinese government — as cloud computing becomes the norm and your data is stored in 'offshore parts' of the cloud?"

24 of 148 comments (clear)

  1. I said it before, I say it again by Opportunist · · Score: 5, Interesting

    The Patriot Act hurts the US IT industry.

    Why should a foreign investor risk it to bring his IP to the US with the threat hanging over his head that suddenly it's declared illegal to export it, should he discover something the US deems "useful for terrorism" (read: something we'd rather have in the hands of US companies than others)?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:I said it before, I say it again by Opportunist · · Score: 4, Insightful

      It's not even about sensitivity. It's simply the uncertainty that the US government deems it their right to, at any time, for any harebrained reason, snoop into your data. No sane company or even governmental institution would accept that. It's like legalizing industrial (and other) espionage.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:I said it before, I say it again by iago-vL · · Score: 5, Informative

      That's exactly correct. I work for the security department of a Canadian government, and we've decreed that no data can be stored on American servers, sensitive or otherwise.

      --
      http://www.skullsecurity.org/blog/
    3. Re:I said it before, I say it again by mpe · · Score: 3, Insightful

      It's not even about sensitivity. It's simply the uncertainty that the US government deems it their right to, at any time, for any harebrained reason, snoop into your data. No sane company or even governmental institution would accept that. It's like legalizing industrial (and other) espionage.

      If you were from somewhere with data protection laws then it's most likely to be illegal to store certain kinds of data anywhere which dosn't have at least similar laws and/or the appropriate treaties in place.

  2. Comment removed by account_deleted · · Score: 3, Insightful

    Comment removed based on user account deletion

  3. Governments and outsourcing? by compumike · · Score: 3, Interesting

    Shouldn't governments be particularly sensitive about not having a role in picking economic winners and losers?

    Beyond that, their stance seems relatively well founded. Take a look at the new privacy policies for Google Health... saying that they might release your records in some situations when required to do so by law.

    But, I think the summary doesn't make it sufficiently clear that this is just government IT departments, not all information technology in Canada. Private citizens and businesses can still do as they wish.

    --
    Electronics kits for the digital generation.

    1. Re:Governments and outsourcing? by Opportunist · · Score: 4, Interesting

      Yes, a government should actually do quite the opposite of what's happening: Making sure that everyone has the same chance to succeed, offering a level play field for enterprises, make them compete with each other, let the best one win chosen by the customer who picks the supplyer making the best offer.

      IIRC from my economy courses, that's what free market is about.

      Instead we get more and more laws lobbied into existance by large companies to ensure those companies have an edge over anyone trying to muscle into the field. Worse yet, outdated and obsolete structures and business models are being propped up by laws that go directly against anything free market represents.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Governments and outsourcing? by jlarocco · · Score: 3, Insightful

      Beyond that, their stance seems relatively well founded. Take a look at the new privacy policies for Google Health... saying that they might release your records in some situations when required to do so by law.

      What the hell? Is that real? There are actually people stupid enough to upload their medical history to Google? Why?

      That's the scariest thing I've seen all week.

      --
      Maybe not
    3. Re:Governments and outsourcing? by Opportunist · · Score: 4, Insightful

      Hey, what gives? You got anything to hide or what?

      Some people do need to touch the hot stove. I stopped trying to keep them from doing it, people don't learn 'til they burn their hands.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Governments and outsourcing? by garett_spencley · · Score: 5, Interesting

      Not everyone agrees that a free market is what's best for society. There are always going to be political lobbyists, politicians and voting citizens who opt for more regulation. In fact, I'm personally surprised by how many of my peers seem to favour more communist-like systems.

      The other day a friend of mine was watching a Youtube video of a speech given by one of the founding members of the Canadian Action Party and he, not being canadian, asked me who this guy was. I explained to him what the CAP was all about. Said that while I agree with their Canadian Nationalist views they feel that globalization is a big conspiracy by the corporations in order to rule the world and make everyone their slaves. His response was "well isn't that already true ?"

      It seems that a large portion of the public feels that corporations have far too much power and that free market has failed. They want government to further regulate the markets because they would rather have the government control their lives than corporations (they refuse to see that the public gives the corporations their power just as we give the government it's power).

      Since I've failed to remain neutral I might as well just add that I am a pro-free-market libertarian and I think it will take a couple of wars before we can claim that the corporations enslave people. I do agree, however, that they get away with too much, but not because of a lack of regulation. It's because money buys justice and politicians. THAT is what that needs to be fixed. Yet many people don't look that deep into it. I can say with assertion that most people that I know in person certainly don't. They see that money = corporations = free market = evil and thus want more regulation.

      Oh and it doesn't help matters when every single case of deregulation has resulted in short term economic upheaval while things balance out. Forget about selling long term advantages if it's going to cost people jobs and higher prices in the short term.

    5. Re:Governments and outsourcing? by value_added · · Score: 3, Insightful

      Shouldn't governments be particularly sensitive about not having a role in picking economic winners and losers?

      I suppose, if one's outlook is a narrow view where the idealogy of capitalism overrules all other ideas. My own opinion is that one of the prime responsibilities of government is to set responsible policy. The citizenry or business interests are free to pursue things however they want in the context of the policy.

      When viewed in that light, the notion of "picking winners and losers" is a construct that's as absurd as it is political. If a government chooses to raise mileage standards or raise taxes to offset the costs of environmental degradation, for example, Ford is free to go broke trying to sell SUVs, just as Toyota is free to build another plant in Ohio to meet increased sales. If the government adopts an open document format policy, Microsoft is free to adapt or continue their current practices. If there's any picking involved, it's being done in the corporate boardroom.

      A sovereign government mandating local storage may indeed interfere with certain business models, but then again, so what? One door closes, another one opens. That's not to say the politics of the issue aren't interesting or worth discussing.

    6. Re:Governments and outsourcing? by Opportunist · · Score: 5, Insightful

      May I sum it up?

      The time of enlightenment brought us the separation of church and state. What we need is a second time of enlightenment, separating enterprises and state.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Good news for Canadians by Zalgon+26+McGee · · Score: 3, Interesting

    Imagine, a government actually concerned about rampant abuses by the American Executive branch, and attempting to protect its citizens.

    --

    ---

    Book(n): Utensil used to pass time while waiting for the TV repairman

  5. Patriot Act Aside ... by garett_spencley · · Score: 4, Interesting

    I'm not really sure how "news worthy" this is. As one example, the Ontario Education Act prohibits public schools in Ontario from using text books that are not written by Canadian authors.

    The Canadian government trying to keep things in Canada is very standard practice. I didn't RTFA and I'm sure it mentions the Patriot Act, but I really doubt the Patriot Act is the sole reason that they won't outsource hosting companies to the US. Their policy is most likely that they can not outsource anything to anywhere outside of Canada unless they have no choice.

    1. Re:Patriot Act Aside ... by Fox_1 · · Score: 4, Insightful

      Well the newsworthyness is lower for the Canadians who have been dealing with hyper-aggressive Americans since 2001. There were a number of obvious abuses of power that clued Canada in quick.
      http://www.aclu.org/safefree/general/26684res20060906.html
      and most of those were just against other Americans by their own government.
      If they treat their own citizens like that, why would we expect them to respect the rights of another nations citizens. Particularly over things like privacy which has been long protected to a higher standard in Canada than the US.

      --
      The rock, the vulture, and the chain
  6. Re:it happens all the time by Anonymous Coward · · Score: 3, Insightful

    You could always move all your servers to Canada and not have those unnecessary insecure servers in the US. Seems like someone made a bad decision setting up your infrastructure having them in the US to begin with seeing as you have global clients.

  7. "Cloud computing" has other problems by Animats · · Score: 4, Interesting

    From capacity to "service level agreements" that guarantee little, cloud computing has business problems.

    I went to this talk at Stanford by the head of "cloud computing" at Amazon. Technically, Amazon's approach to "cloud computing" is quite impressive. As a business, it works for a special reason - Amazon's load is 4X greater than normal during the buying season before Xmas. Amazon has to size their data centers for the Xmas buying season. For the rest of the year they have vast excess capacity. That's why Amazon's "cloud" is so cheap to use.

    So Amazon's "cloud" is a great service, unless you need it during November and December.

  8. Re:encryption by Anonymous Coward · · Score: 4, Insightful

    The keys would be kept in Canada.

  9. Not just governments by Roger+W+Moore · · Score: 4, Interesting

    But, I think the summary doesn't make it sufficiently clear that this is just government IT departments, not all information technology in Canada. Private citizens and businesses can still do as they wish.
    It is not just governments. Universities and other institutions have obligations under Canadian privacy laws. If they store data in the US, for example by using GMail accounts or online question services from text book companies, the US government can gain access to private data on Canadian students and the University will then be liable for a breach of privacy under Canadian law.

    This has meant that at least some Canadian Universities are looking at implementing policies which forbid the storing of data in the US. The result undoubtedly will have some economic impact on the US since now either US companies will have to invest in Canadian based servers or be automatically disqualified from bidding on IT contracts (although I also understand that the US government can force US companies to reveal data even if it is not stored in the US so it may rule out any US company). This is not just hypothetical either - to my knowledge it has already affected contract decisions.
  10. Re: Good Government by mhollis · · Score: 5, Insightful

    Actually, it's supposed to work that way under the US Constitution.

    The Legislative branch makes the law. Second, the Executive branch executes the law. Last, the Judicial branch interprets the law. Each branch has an effect on the other.

    Legislative Branch

    • Checks on the Executive
      • Impeachment power (House)
      • Trial of impeachments (Senate)
      • Selection of the President (House) and Vice President (Senate) in the case of no majority of electoral votes
      • May override Presidential vetoes
      • Senate approves departmental appointments
      • Senate approves treaties and ambassadors
      • Approval of replacement Vice President
      • Power to declare war
      • Power to enact taxes and allocate funds
      • President must, from time-to-time, deliver a State of the Union address
    • Checks on the Judiciary
      • Senate approves federal judges
      • Impeachment power (House)
      • Trial of impeachments (Senate)
      • Power to initiate constitutional amendments
      • Power to set courts inferior to the Supreme Court
      • Power to set jurisdiction of courts
      • Power to alter the size of the Supreme Court
    • Checks on the Legislature - because it is bicameral, the Legislative branch has a degree of self-checking.
      • Bills must be passed by both houses of Congress
      • House must originate revenue bills
      • Neither house may adjourn for more than three days without the consent of the other house
      • All journals are to be published

    Executive Branch

    • Checks on the Legislature
      • Veto power
      • Vice President is President of the Senate
      • Commander in chief of the military
      • Recess appointments
      • Emergency calling into session of one or both houses of Congress
      • May force adjournment when both houses cannot agree on adjournment
      • Compensation cannot be diminished
    • Checks on the Judiciary
      • Power to appoint judges
      • Pardon power
    • Checks on the Executive
      • Vice President and Cabinet can vote that the President is unable to discharge his duties

    Judicial Branch

    • Checks on the Legislature
      • Judicial review
      • Seats are held on good behavior
      • Compensation cannot be diminished
    • Checks on the Executive
      • Judicial review
      • Chief Justice sits as President of the Senate during presidential impeachment

    These checks are inefficient. And this inefficiency is borne out when one political party in the US system captures all three of the branches (as it has) and then, for the purpose of extending the power of that party, fails to exercise restraint and to provide a check on the other branches.

    What I have noted is that the only branch that has actually decided to act in a manner consistent with Constitutional checks and balances is the Supreme Court. To the extent the Legislative Branch (or branches of the various States) have worked to mandate sentencing or require judges to act without their power to interpret, the Supreme Court has ruled these requirements as nothing more than guidelines. And this has gone on despite a rather radical shift in the Supreme Court to the political right. And I would agree with them, even though my own political direction differs strongly from many of their recent decisions and statements.

    The Orwellian-named "USA Patriot Act" was a bill that was utterly altered -- in its entirety -- in the middle of the night by Bush's Attorney General, John Ashcroft within a committee that was also completely asleep at the switch. This is part of the rules of Congress, where a committee will take in a b

    --
    Gods don't kill people, people with gods kill people.
  11. Lets get real... by 3seas · · Score: 4, Insightful

    ...you want your data to be secure?

    Disconnect it from the net.

    given the vast amount of digital leakage and other human errors, who are you really putting trust in?

  12. Re: Good Government by Opportunist · · Score: 3, Informative

    There are two extremes. One is "winner takes all", which invariably leads to a (mostly) two party system, with little hope for a third party to rise to importance. The other one is "let everyone in who gets a vote", a system Italy had for a long time, leading to dozens of minuscle parties holding a seat or two, with coalitions between so many parties that governments fall apart, on average, after a year (that's pretty much Italy's average).

    Either system is, in my opinion, doomed to be dissatisfying for the voter. The former because if the parties are too similar (as they are now, to an outsider's view), there is no real choice. The latter because you just know it doesn't matter how you vote, they won't get anything done anyway because no idea gets a majority.

    Most European countries today have a minimum limit to get a seat in the parlament. You need at least 4-7% (varying between countries) to have a seat. Usually, gaining that much support already gives you a few seats right away. And while 4% doesn't sound like a lot, it pretty much means that the average European parlament contains about 4-6 parties.

    This usually (if not almost always) leads to coalition governments. Which has its advantages (radical changes in policies are nearly unheard of) and of course disadvantages. Today, the disadvantages start to show a lot more than they did in the past, it seems our parties are too concerned to show "weakness" to cooperate anymore. More than one country has a coalition today that can't get anything sensibly done because the coalition partners are unwilling or unable to agree on compromises, because they fear their voters will feel they "lost their line" and "gave in".

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  13. Very true by Mr_Icon · · Score: 3, Informative

    I work at a large Canadian university and we're expressly forbidden from storing *any* student-related information, no matter how insignificant, on non-Canadian servers. This doesn't just include things like gmail, but also various payment processing services, online storage providers (think Amazon's S3), and even things like Google Analytics. The latter is so ubiquitous, I'm not sure we're succeeding in extricating it from university-owned websites, and each time we have to explain to people why sending sensitive information about our users' browsing habits to the US is not a good idea.

    I don't think this policy has much to do with the Patriot Act, though I'm sure it acted as a catalyst. We'd probably not store any data in Netherlands either. If you're an institution that has to worry about compliance with various national privacy laws, it makes sense to store all information either within the organization, or at least within the same country.

    --
    If you open yourself to the foo, You and foo become one.
  14. Re:encryption by PPH · · Score: 3, Insightful


    Doing daily business would require bringing the keys and the data together. Whoever is empowered to do so for normal operations will simply be waterboarded until the keys appear.


    Better to move the keys, data, servers and administrative staff to a friendlier jurisdiction.

    --
    Have gnu, will travel.