Slashdot Mirror
Europe Frightened By US 'Cloud Act', Fearing National Security Risks (straitstimes.com)
"A foreign power with possible unbridled access to Europe's data is causing alarm in the region. No, it's not China. It's the U.S.," writes Bloomberg (in an article shared by hackingbear).
"As the U.S. pushes ahead with the 'Cloud Act' it enacted about a year ago, Europe is scrambling to curb its reach." Under the act, all U.S. cloud service providers, from Microsoft and IBM to Amazon -- when ordered -- have to provide American authorities with data stored on their servers, regardless of where it's housed. With those providers controlling much of the cloud market in Europe, the act could potentially give the US the right to access information on large swaths of the region's people and companies.
The U.S. says the act is aimed at aiding investigations. But some people are drawing parallels between the legislation and the National Intelligence Law that China put in place in 2017 requiring all its organisations and citizens to assist authorities with access to information. The Chinese law, which the US says is a tool for espionage, is cited by President Donald Trump's administration as a reason to avoid doing business with companies like Huawei Technologies. "I don't mean to compare US and Chinese laws, because obviously they aren't the same, but what we see is that on both sides, Chinese and American, there is clearly a push to have extraterritorial access to data," said Ms Laure de la Raudiere, a French lawmaker who co-heads a parliamentary cyber-security and sovereignty group. "This must be a wake up call for Europe to accelerate its own, sovereign offer in the data sector."
"As the U.S. pushes ahead with the 'Cloud Act' it enacted about a year ago, Europe is scrambling to curb its reach." Under the act, all U.S. cloud service providers, from Microsoft and IBM to Amazon -- when ordered -- have to provide American authorities with data stored on their servers, regardless of where it's housed. With those providers controlling much of the cloud market in Europe, the act could potentially give the US the right to access information on large swaths of the region's people and companies.
The U.S. says the act is aimed at aiding investigations. But some people are drawing parallels between the legislation and the National Intelligence Law that China put in place in 2017 requiring all its organisations and citizens to assist authorities with access to information. The Chinese law, which the US says is a tool for espionage, is cited by President Donald Trump's administration as a reason to avoid doing business with companies like Huawei Technologies. "I don't mean to compare US and Chinese laws, because obviously they aren't the same, but what we see is that on both sides, Chinese and American, there is clearly a push to have extraterritorial access to data," said Ms Laure de la Raudiere, a French lawmaker who co-heads a parliamentary cyber-security and sovereignty group. "This must be a wake up call for Europe to accelerate its own, sovereign offer in the data sector."
When you put your data elsewhere than on your own iron, expect it to be as good as public. Everybody has known this since the beginning of the internet. Security-conscious IT folks don't do cloud, even if it costs more.
In my opinion, the Cloud Act is just an official recognition of what's already going on.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
"Under the act, all U.S. cloud service providers, from Microsoft and IBM to Amazon -- when ordered"
;)
Guess if you have already move on board(to the cloud) you have some thinking to do. Your data is in someone elses hands.
Just my 2 cents
false. china's "drain the swamp" policy resulted in heads being rolled of both corrupt local politicians, high ranking party members and more than a few millionaires. they also have an affordable health care system and when they set out to oversee their industries, they nationalized whole companies and factories that dared to routinely violate regulations. additionally when some factory closes down they make damn sure people don't end up without jobs. even if they have to subsidize the whole sector (steel) they'll figure something out.
overall, both the us and china are corrupt and oppressive oligarchies run by the 1%. but china is still acting to improve the welfare and the overall quality of life of all its people. by comparison, the us has wasted all its capital on class warfare in the last 100 years.
In a word, no. There could be some concerns in some cases, but generally not an issue.
The Cloud Act relates to what a warrant or subpeona may reach, and doesn't change anything - it just affirms what existing law, stating explicitly what had been implicit.
It says that the pre-existing power of US courts to order US companies to turn over data material to a case cannot be thwarted by the US company stashing the bits on disks which are physically overseas. That was already a bit of a "duh, no shit" to anyone who has studied law, but Congress saw fit to state it explicitly.
GDPR doesn't say you can't comply with a subpoena or warrant. It explicitly says you can comply. So no problem, there, no conflict between Cloud Act and GDPR, generally.
The one wrinkle is that GDPR says when you send data to another country, one of two things needs to be in place
A mutual legal assistance agreement
Or
The other country has approved privacy law
The US has both. A new data privacy safe harbor agreement with the US was approved by the EU in 2016, after the previous one was found lacking. We also have a Mutual Legal Assistance Agreement (MLAA).
There could be cases, however, in which a subpoena is issued which doesn't comply with the MLAA. Then one could argue complying with that particular subpeona could violate GDPR. Except we ALSO have the 2016 safe harbor agreement, so the MLAA isn't actually necessary anyway.
So in rare cases you could argue that there might be a conflict, but you'd probably lose that argument.
But there is a huge difference between China and the USA govts.
In China, when you disagree with the govt, you and your family disappear, cannot travel, don't get a lawyer and often aren't seen for a yr. If you appeal, you get re-sentenced to death.
In the USA, you get a lawyer, can usually fight back, appeal any decision.
A few quick reminders:
Xi is
* a dictator for life
* sends millions of Chinese to "re-education camps"
* no freedom of speech
* no freedom of travel
* China uses tanks against their own people.
* Religious re-education cities with 1M+ people.
* smartphones **must** have govt tracking software
* Your social network posts are tracked by the govt and rated. A poor rating can block rights and travel.
* don't recognize international waters as ruled by world-wide govts
* Currency manipulation
* intellectual property stealer / Hacker of companies and govts world-wide
* Highly selective enforcement for any laws; usually against foreign companies and Chinese companies that cause large number of deaths
* Tibet takeover
* Tienanmen Square; they admit to killing over 1,022 civilians. Other estimates are over 10,000 deaths.
* Check your server logs, most attacks are probably from Chinese IP ranges.
* Their elections are fixed - only approved party members can be on the ballot. So, would you like Bernie or Clinton or Gore or Dukakis?
Like any of those are even a different choice from the others. Well, freakin' terrible vs really, really, bad is a choice, I suppose.
* Police in China behave like thugs. Ok, sometimes that happens in the USA too.
* Taiwan, cough.
Don't forget what China is and how they behave.
---
Cisco and Motorola caught Huawei stealing their intellectual property.
https://www.wsj.com/articles/S...
Huawei Admits Copying Code From Cisco in Router Software
https://www.reuters.com/articl...
---
Motorola sues Huawei for trade secret theft
Huawei physically stole parts in 2014 from a testing robot during a
visit to T-Mobile. The robot was used to ensure buttons on phones would last.
---
https://www.nytimes.com/2016/1...
China hacked more than 245 companies and agencies, including US Navy and NASA.
Ref: https://arstechnica.com/tech-p...
This happened while The US/China economic espionage pact was in-force beginning in 2016.
The USA isn't perfect, but it isn't China. Not by a long shot. If you refuse to decrypt data at the US border, they keep the data and you can sue to have it returned. Canada, UK, Australia, France, Thailand, and 50 other countries would demand you unlock it at the border without any reasonable cause. It is illegal to refuse, a crime.