Slashdot Mirror
The Patriot Act and the EU Cloud
ISoldat53 writes "Gordon Frazer, managing director of Microsoft UK said that the Patriot Act allows government access to data in its cloud services even in Europe. Though he said that 'customers would be informed wherever possible,' he could not provide a guarantee that they would be informed if a gagging order, injunction or U.S. National Security Letter permits it."
So basically the U.S. Patriot Act is making "cloud" storage a useless technology.
The Internet will hopefully route around the "cloud".
Go ahead US government, go ahead and mess with Europe's Internet. Do this and soon a new World Wide Web will be created and the USA won't be invited this time.
Just plain stupid for customers. No control over your data.
Dog is my co-pilot.
So who exactly would be dumb enough to store terror plots in the cloud? And which requests would be sans gag order? 0.
Grammar, who needs it!
If private US corporations can be used by the USA to extend its intelligence gathering reach like this, does that mean their employees can be treated as government agents by non-US law enforcement agencies? Could a privacy breach turn into an espionage case because of this? It'd certainly make me think twice about accepting a job for a US based company.
...so I won't be using your service then, Microsoft.
worldmobilenet.com -- World Prepaid Wireless Internet plans
There is only a small conflict of interest in Microsoft delaying the move towards the cloud where they have far less dominance.
Use a cloud company with no US operations whatsoever.
"Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities. "
What doesn't fall under that? To be free of any potential US influence, EU users and companies should make sure the places they do business with have no ties to American companies? Sounds like ISPs, CDNs, web hosts, etc can be asked or forced to comply with government demands. It won't surprise me if there's a chilling of overseas demand for US Internet and Internet-connected services.
Who in their right mind would store their sensitive data in the cloud and not encrypt it locally first? That seems crazy. Patriot act or no, it's nuts.
you leave my grammar out of this. she's a sweet old lady and never done nothing to you
To ensure perfect aim, shoot first and call whatever you hit the target
lets bail on this police state run by fascist idiots. leave before they won't let you. the businesses had the right idea going overseas. Microsoft should relocate to.
There are basically two meanings of "The Cloud":
1) "You don't need to know where your data is"
2) Rapid automatic server provisioning
The thing that's wrong about 1) above is that "The Cloud" is sold as "don't worry about the man behind the curtain." Being ignorant about where your data is actually stored doesn't mean that it's safe -- quite the opposite -- it means that there is elevated risks involved. Because laws change with location, not knowing where your data is means not knowing what laws are applicable.
What stupidity. If China passed a law that said that they had to be given access to all of the data in all of the computers in the United States, I doubt very much if people would be jumping through hoops to accommodate them. Similarly, the U.S. can claim that it has access to data stored in computers in Europe, but no one should take them seriously.
I'm an American. I love this country and the freedoms that we used to have.
If Uncle Sam wants that data, your local police force will be coerced into kicking down the doors to your datacenter and holding a gun to your head.
Fuck, we do it over fucking mp3s.
.. law regarding data protection, privacy and such when they comply with USA goverment demand?
Will these companies be income proprotionally fined by EU court? Their staff extraordinary renditied to European prisions?
They'll just claim the hard drive crashed... sorry it was unrecoverable, you're going to have to reinstall everything...
-Myke
Encrypt with GPG, and toss it into an Icelandic cloud.
Laws are like sausages. It's better not to see them being made. - Otto von Bismarck
Er, presumably if there were such a National Security Letter, housing it yourself wouldnt give you much choice in the matter either
Actually it would since my house is in Canada and I'd politely inform them that they'd need to talk to the Canadian government and, if they agree, have them make the request. Similarly in the EU US government demands are worthless. Canada and the EU (or at least the UK) have intelligence sharing treaties with the US so they can get access to the data but only if they ask and convince the local government first and it is in compliance with local law.
This is exactly as it should be. MS could end up in real legal trouble if the US government forces them to disclose data on their EU servers in contravention of EU privacy laws.
It's worse than that. Government agents have done industrial espionage on behalf of private enterprise at times as shown in the Boeing vs Airbus case. Hosting companies could be asked to hand over data just because it may be useful to a well connected competitor.
...
--
if a gagging order, injunction or U.S. National Security Letter permits it.
Basically, no one will ever be informed.
Quick grammar lesson:
"government access to data in it's cloud services even in Europe"
=
"government access to data in it is cloud services even in Europe"
The correct word is "its"
If the Patriot Act is perceived as a threat to 'cloud technology' (I hate the term) then perhaps these tech giants who have the power to ram their agendas down the throat of the government (Microsoft, Oracle, Apple, IBM, Google, ect.) will lobby against the Patriot Act. If the Patriot Act is bad for business then business may actually take the side of the people and try to use their money and influence to do away with it.
"From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."
You ALWAYS have the ability to encrypt anything you put in a cloud, or anywhere not on a system you physically control. It's just as stupid to put something crucial on a server that you own in a rack, than it is to put it on any "cloud"... you are just one FBI raid away from the child porn server in the rack above your your box being taken and given a total scan.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Hand over the responsibility of looking after your data to another party, you lose control of it.
Everyone should take them seriously. Has it not been demonstrated pretty well that the US can extradite anyone and anything they want in most places in the world? Has it not been demonstrated that they can lie to do this with impunity? There are colossal imbalances in power and the US seems to have no problem whatsoever with exploiting that. There is so much that the US does that is apparently illegal by local, international, and even US law and yet the US is apparently never, ever brought to account over it.
So they can make these companies give up personal information from people in other countries but they can't make the companies pay taxes?
Gee, you would think that Microsoft UK when doing business in the UK would be required to follow UK law.
Just makes sense really doesn't it.
But then again I once saw an American in Australia absolutely stunned when he was being charged for a crime, he was adamant that Australian police had no jurisdiction over him because he was an "American Citizen".
In A.D. 2011
War was Beginning.
UK: What happen?
Gordon Frazer: Somebody set up us the Patriot Act.
Operator: We get signal.
UK: What !
Operator: Main screen turn on.
UK: It's you !!
US: How are you gentlemen !!
US: All your data are belong to US.
US: You are on the way to observation.
UK: What you say !!
US: You have no chance to privacy make your time.
US: Ha ha ha ha...
Operator: UK !!
UK: Take off every 'MS'!!
UK: You know what you doing.
UK: Remove 'MS'.
UK: For great justice.
I don't think so. If I was the head of, say Google Korea, and I got a request from Google USA to disclose some data to US authorities, which would be illegal to do under Korean law, I would say "no.", and be quite justified in doing so, since Google Korea is obliged to follow local under all circumstances.
... for any of the other big cloud storage networks. e.g. Drop Box, iDisk. Both of those would be susceptible to the Patriot Act too as would many others.
A company only gets things done because its employees do things on behalf of that company. An employee should perform his duties to his employer as detailed in his contract of employment.
It would be really interesting to see such a contract for an EU based Microsoft employee (Wikileaks anyone ?) — if it says that he must obey USA law then he has a personal problem if such USA law conflicts with laws in his EU country.
Just being employed by a USA based company does not give an EU based citizen immunity from EU laws.
If data is held in Europe on machines properly firewalled to only be accessed in Europe then some person inside the EU has to break EU law by copying data to the USA. If the person (in the EU) who configured access controls makes the data somehow reachable from the USA then he may be breaking EU data protection law.
Both of them are fascist shit
The free market should regulate that.
If America continues to play this way and paying consumers don't like putting up with their bullshit they'll turn to corps operating their cloud in less fascist, more secure countries like china or Greece.
American corporations probably would benefit from storing their data in free havens abroad, escaping their imprudent gov.
Clearly one should just say no to data in the cloud.
Can you give an example of where this has ever happened?
What you are missing is the vast piles of your taxpayer cash these companies can and do make to support the Patriot (LOL!) Act and similar legislation. Who do you think sells the TSA the body scanners and HLS their email snooping software or systems to otherwise dig through your personal data?
Anyone who uses Gmail.
This could put it managers and directors In jail for breach of Eu data protection Law
"Prevent the export of personal information to any non-EU country"
http://ec.europa.eu/justice/policies/privacy/index_en.htm
for our 'freedom'.
The simplest observation to make is that clouds have fuzzy edges. If your company has any data that is subject to legal consequences when disclosed (and that tends to be the case in about 95% of the information I seem to come across) than the use of cloud services with its lack of definition where information logically and legally resides is absolutely out of the question - it's simply too risky.
Not only do not have control over the vendor, you also have no control over what legislative environment you deal with (and on top of that, which games are played with that environment, the Patriot Act is but one example).
Oh, and Safe Harbor isn't...
I saw this train wreck coming the moment "cloud services" became the latest management buzzword. The funniest (or most tragic) thing I saw in this context was a company peddling the argument that cloud services were the best way to handle corporate email.
I still cannot understand how it is possible that people go completely *stupid* when a new corporate buzzword appears. Is the level of executive skills really getting that low?
Insert
Terrorism and Patriot Act are good excuses to lawfully enter the Orwellian Big Brother era; "Cloud" and social networks are indeed ideally suited for this.
I was thinking something along the same line. We can't seem to get rid of the overreaching of the Patriot Act in the name of civil liberties, but there's a good chance that well-connected businesses like Microsoft and Google will be able to tame it. I may be a little cynical, but I believe that most successful political change in the U.S. can be linked to money. If Microsoft is able to tame the Patriot Act, the reason it will succeed is because the act is dyspeptic for business. If our civil liberties are enhanced as a result, it will be a fringe benefit.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
Number 1 is never a good thing. Number 2 is fantastic so long as number 1 does not apply
Apparently MS didn't have enough with the $700 millions fine.
When they get their ass sued at the european court we'll see what the "patriotic act" is worth but I'm pretty sure it will be close to that of toilet paper, which we come in handy to wipe the shit storm MS is gonna get in PR with this.
It doesn't matter if you encrypt the data if the government comes asking for it. You'd only be legally forced to provide the encryption keys.
From the article: "Microsoft is a U.S.-headquartered company, it has to comply with local laws" and thus under the Patriot Act, Microsoft has to serve any requests for data even if its "held in EU based datacenters".
Lockheed Martin -- another company with U.S.A headquarters -- were contracted to store and process the census data for the UK 2011 Census. We, the UK public have been ensured that our personal census data will not be accessible to the USA government using the Patriot Act.
Clearly these statements are mutually exclusive; both Microsoft and the UK Government can't both be right.