Slashdot Mirror
Microsoft Putting Servers In Germany To Keep User Data Away From US Intelligence (techcrunch.com)
An anonymous reader writes: Ever since the Snowden leaks, people and businesses in foreign countries have been wary about hosting sensitive data on U.S. soil for fear intelligence agencies would be able to comb through it at their leisure. Microsoft has announced a plan to combat those worries, saying they will host infrastructure for Azure, Office 365, and Dynamics CRM at data centers in Germany. In addition, the data centers themselves will not be run by Microsoft, but by a subsidiary of Deutsche Telekom, which eliminates more legal avenues for U.S. agencies to access the data stored there. "The two data centers will be based in Magdeburg and Frankfurt am Main, with Microsoft stressing this 'data trustee' model means it will not have any access to customer data without the consent of the trustee, and that it cannot therefore be compelled — 'even by a third party' — to hand over customer data."
This just in... German authorities access data on behalf of USA in accordance with intel sharing agreements.
The US are already spying on Germany.
http://edition.cnn.com/2015/07...
Summation 2
From Wikipedia: "The Dagger Complex is a US military base in Darmstadt (Germany), close to Griesheim [about 20km south of Frankfurt am Main]. [...] The complex is operated by the United States Army Intelligence and Security Command (INSCOM) on behalf of the U.S. National Security Agency (NSA). Building 4373 within the complex houses the NSA's European Cryptologic Center (ECC), the agency's principal SIGINT processing, analysis and reporting center in Germany."
----------------------------------- My Other Sig Is Hilarious -----------------------------------
it cannot therefore be compelled — 'even by a third party' — to hand over customer data.
They might not be able to hand over the data, but I imagine they could still be found in contempt for not doing so.
Judge: "Hand over the data."
Microsoft: "We are physically incapable of doing so."
Judge: "Not my problem."
So, every communication and bit of data is stored on a German server by a German company?
This is a great win for the National Security Agenty in the United States.
The NSA is not "legally" allowed to spy on USA Citizens. Great Briton and other countries have similar laws about their own citizens (for now.)
But a German company and its servers are German not American. So the NSA is perfectly in the right to hack, intercept or interrupt those severs in the interest of national security.
Sure, the current USA government can't publicly compel the release of USA citizens, but everything else is now on the table once your data is communicated to or kept by a non-citizen.
The only question now is: is Microsoft Word the format of choice for foreign terrorists? It's currently the standard for corporate ones.
Spying on your own diplomats could be a good idea. They've got the most opportunity to betray your country to its enemies.
Snowden's documents revealed that there's often close cooperation between the german intelligence and the NSA. So this legal arrangement might protect your data from a US court order, but not from the NSA. In general, the only jurisdictions that are unlikely to cooperate with the US intelligence are those of US adversaries, like Russia or China.
The only western country that has refused to cooperate with american intelligence and LEAs multiple times is... Vatican City. However, it's too artistically wonderful and too tiny to host ugly, massive data centers. You don't want to see fiber optics and heat sinks in front of a Michelangelo's, do you?
I have a hard time accepting that Microsoft is actually trying to keep data from any government. Putting a database in Germany that will be managed by German a communications company may make data collection easier for both governments while providing Microsoft the opportunity to claim security.
The country most aggressively spying on the USA is not China, not Russia, not the USA itself, it is France.
Allies don't blindly trust each other, especially not anyone who claims to be a diplomat. Subverted or replaced diplomats can lead to serious international incidents, so each host nation is very concerned about who visiting diplomats are communicating with.
The part that most civilians don't understand is that spies are generally not hostile to each other in real life. This isn't a Bond movie where two spies meeting results in either death of one, wild sex, or both. In real life, most espionage and defensive counterspying is fairly civil and more like a game of Stratego (each player trying to manipulate what the other perceives of the situation while trying to maximize their own understanding of what is real).
When spying agencies forget that their purpose is to protect the citizenry from foreign attacks and think that their job is to protect their government from the citizenry, things go very wrong.
This is not really a surprise. One of the ways you get around domestic anti-surveillance laws is to ask some friendly allies to do it for you. Basically you spy on their citizens and they spy on yours. Each government can then say it is not infringing its own citizen's rights.
I believe the USA - UK - Canada - Australia - New Zealand have a reasonably formal agreement to this effect.
The irony is that over the last few years it has become apparent that most westerners really don't give a stuff about whether their government is spying on them or not, so all that effort was largely a waste of time.
It is no more effective than security theatre at the airport...just makes you feel warm and fuzzy
Erm... which part of the TSA make you feel all warm and fuzzy?
Put the datacenters in Hollywood.
The NSA is allowed to spy on foreign entities. That is their mission.
Soon, they will be barred from spying on US assets.
However in reality - they will continue to spy on everyone and everything.
I am very small, utmostly microscopic.
I think the idea here isn't to protect US data, but primarily German data. A German company that stores its data in German isn't subject to underseas cables and satellite links being heavily monitored. Having to send data to US cloud services is a big concern many places, for good reason.
Other European countries might benefit too, if they think that the German government is less likely to engage in illegal information gathering than the US government is.
To me, it just seems like Microsoft wants to look like they're trying to protect data from the US government's snooping, rather than actually working to protect data from US government snooping.
Germany is one of the last places I'd go to escape US intelligence agencies. Microsoft would've been more believable if they'd partnered up with relatively neutral parties like Iceland or Switzerland.
The idea that they're trying is using technical measures to keep the CIA and friends out, and the legal protection to stave off warrents. It's a decent idea when you think about it - it's not bulletproof, but a step up from existing measures. Furthermore, it makes it more illegal - going after an American on foreign land isn't domestic surveillance and it's not foreign surveillance either, making it harder to justify, and as such hopefully making whoever approves this crap more worried about the potential reprecussions. And that I think is the real purpose of this: not to make users immune to the intrusion, but simply to make it more difficult. I don't mind a fight being up, even if it is yet to be determined how effective it is.
Who thought we'd ever see a big corporation use a loophole for the benefit of its customers? I almost want to say that's what really scares me, if bribery didn't work.
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
But just today all news sites over Germany reported that the German BND (the direct successor of the Nazi "Organization Gehlen") has been spying on allies, too, including France and German(!) diplomats.
I can't see the point of your Nazi reference. The Federal Republic of Germany can also be considered the direct successor of Nazi Germany. It's probably more accurate to describe the Gehlen as a CIA program that recruited former members of the Nazi military in much the same way that the US military and later the space program used scientists who were active in the German war effort.
This is to allow MS to continue to collect data on European customers without running afoul of the recent EU slam of 'Safe Harbor'.
Marketing spin turns this into "We are protecting you from spies" bullshit.
blindly antisocialist = antisocial
It is no more effective than security theatre at the airport...just makes you feel warm and fuzzy
Erm... which part of the TSA make you feel all warm and fuzzy?
Sometimes the guy doing the pat downs is bearded and sweaty
"goodbye and hello, as always" ~Prince Corwin, from Zelazny's Amber series
It had a lot to do with the Nazis, and this is well-known. Gehlen himself was from the Wehrmacht, but he managed, with the help of the US, to recruit many former members SS, SD, Abwehr, and Gestapo, in addition to many officers from the Wehrmacht. They got new names and identities, and yes, some of them were wanted for possible involvement in war crimes. Reference: The German wikipedia entry ("Nähe zum Nationalsozialismus") and any history book on the BND.
To be fair, most officers recruited by Gehlen were from the Wehrmacht and thus not necessarily ardent Nazis.
But just today all news sites over Germany reported that the German BND (the direct successor of the Nazi "Organization Gehlen") has been spying on allies, too, including France and German(!) diplomats.
I can't see the point of your Nazi reference. The Federal Republic of Germany can also be considered the direct successor of Nazi Germany. It's probably more accurate to describe the Gehlen as a CIA program that recruited former members of the Nazi military in much the same way that the US military and later the space program used scientists who were active in the German war effort.
Yes, though we used (and sheltered) many more Nazis than is generally known, even to those familiar with Project Paperclip.
It is no more effective than security theatre at the airport...just makes you feel warm and fuzzy
Erm... which part of the TSA make you feel all warm and fuzzy?
Sometimes the guy doing the pat downs is bearded and sweaty
Hey man, whatever floats your boat. I'm not here to judge. :-)
Yes, your description is fairly accurate and it seems I should have expressed myself more clearly to avoid this misunderstanding. Organization Gehlen was not an organization funded by Nazis, it was funded under US supervision and only had a certain percentage of (former) Nazis such as SS and Gestapo officers. I just tend to include that little tid-bit whenever I talk about the BND, because it constitutes some often "lost knowledge" that seems generally worth knowing.
As government expands the economy and jobs disappear.
...
Just one more data point
Translation: German intelligence is miffed that it is hard to spy on Germany citizens when their data sits on a US server; therefore, the German government pressures companies like Microsoft to move their servers to Germany, where the German government can spy on them much more easily. Having the servers in Germany not only makes it technically much easier to spy on users, it also allows the German police and spy agencies to demand data and issue gag orders, or even seize physical hardware if need be.
Will this reduce NSA spying on German citizens? Possibly, it's hard to say. But NSA spying has always been of little consequence to Germans. What Germans have to worry about is German agencies (e.g., BKA, BND) going on fishing expeditions through their E-mail and documents, looking for signs of illegal (under German law) political views and speech, and behaviors that allow blackmail of criminal suspects, public figures, and politicians.
Should Microsoft have done this? Of course: if that's what Germans want, they should get it; after all, US businesses make arrangements with much worse governments than the German government. Let's just not kid ourselves that this is for the benefit of Germans or their privacy.
... jobs to move offshore.
It little behooves the best of us to comment on the rest of us.
Hosting with Deutsche Telekom is really safe.
As soon as somebody accesses the data, they'll have their high-speed quota maxed out in an instant and their bandwidth reduced to a agonising 200 baud trickle.
I expect most people to give up accessing your data before they can get anything meaningful.
We suffer more in our imagination than in reality. - Seneca
Yesterday M$ announced major data centre expansions in those countries, for Azure, DynamicCRM and other cloud offerings (link. I imagine the lower corporate tax rates had something to do with it!
(this is not a
The country most aggressively spying on the USA is not China, not Russia, not the USA itself, it is France.
And how do you know that? A moment's thought will show that, to make that assertion, you must know (1) how aggressively France is spying on the USA; and (2) how aggressively all other countries are spying on the USA.
Moreover, it's by no means simple even in the case of France. Which agencies do you take into consideration? The obvious organs of state intelligence might have delegated the task to better hidden, or entirely private teams.
And, of course, if you know how aggressively France is spying on the USA, don't you think it possible that the FBI and the many other federal agencies whose remit includes counter-espionage might share that knowledge? And if they do, isn't it likely that they would have done something to make France spy less aggressively?
I am sure that there are many other solipsists out there.
Erm... which part of the TSA make you feel all warm and fuzzy?
And which part of *you* does it make feel all warm and fuzzy?
I am sure that there are many other solipsists out there.
Yes, though we used (and sheltered) many more Nazis than is generally known, even to those familiar with Project Paperclip.
Wait... Clippy is a Nazi spy?
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
if data cannot be legally obtained.
Of course it won't do anything about ELINT.
I thought it was comical to see this headline, as if data stored in Germany would be safe from US intelligence.
I thought Germany was NSA central in Europe.
If you're worried about the NSA, this won't do a bit of good. If, however, you're worried about the DOJ, this may be an adequate defense. Which means that it's likely to be a safe place to hide corporate shenanigans, but not something the intelligence agencies are interested in.
So who benefits?
I think we've pushed this "anyone can grow up to be president" thing too far.
They saw the breakup between Germany and the CIA
It seems more like they're building data centres in Germany because it makes it much easier to serve Europe from inside Europe.
I doubt they'll be storing any USA customer data there.
Maybe also because Europe frowns upon American companies shipping European customer data off to the USA.
Encrypt, then stripe the data across countries so you need cooperation from everyone to get anything (;-))
davecb@spamcop.net
This is for optics. The Snowden revelations have cost US companies a lot of contracts. Americans might be OK with the NSA spying on them but Europeans are much less happy about it.
Yes, though we used (and sheltered) many more Nazis than is generally known, even to those familiar with Project Paperclip.
Wait... Clippy is a Nazi spy?
Yes, apparently his Diabolical Evil Plan was to systematically destroy the reading comprehension of people like you. Or to cause you to make lame jokes.
... I was referring to Project Paperclip. You decide.
Or
AC the "Gehlen Org" was packed with Nazis who the US and UK thought has skills in the East. No questions asked about the war history of staff.
Gehlen_Organization https://en.m.wikipedia.org/wik...
".. for all the moral compromises involved [in hiring former Nazis], it was a complete failure in intelligence terms. The Nazis were terrible spies"."
Domestic spying is now "Benign Information Gathering"
Re "A German company that stores its data in German isn't subject to underseas cables and satellite links being heavily monitored."
Cheap telco peering deals could send bulk German data on long trips past US sites in many other NATO nations.
Within Germany efforts like Operation “Glotaic“ show what can be done by splitting links and "collecting all"
The link is in German but the German video has a nice animation at 2:55 showing split options.
"http://www.zdf.de/frontal-21/wie-bnd-cia-und-nsa-gemeinsam-in-deutschland-spionieren-37718666.html
Domestic spying is now "Benign Information Gathering"
A German company will be operating the data center, but Microsoft will still be writing and presumably operating the software.
Or are they making an Office 365 install like running Apache and any ol' ISP can run a copy?
In a world where any computer can talk to any other computer, the physical location of the small bits of wire and magnets holding your data isn't the most important thing to worry about.
Ceci n'est pas une signature.
My last comment was wrongly formatted. This is how it should read.
There was never any doubt about who shot down that aircraft. The US never admitted responsibility, but formally regretted the loss of life and handed over tens of millions of dollars. The crew received combat zone medals for operating in a combat zone, which they had. There were no decorations for shooting down a civilian airliner.
And what about the criminal prosecution, which is being so enthusiastically pursued in the case of MH17? Where was the world-wide condemnation? Why did the prime minister of Australia never declare that he would confront the president of the USA and demand an explanation?
I am sure that there are many other solipsists out there.
OPEC Oil is exclusively sold in US$
https://en.wikipedia.org/wiki/...
Casteism