Europe Frightened By US 'Cloud Act', Fearing National Security Risks

"A foreign power with possible unbridled access to Europe's data is causing alarm in the region. No, it's not China. It's the U.S.," writes Bloomberg (in an article shared by hackingbear).

"As the U.S. pushes ahead with the 'Cloud Act' it enacted about a year ago, Europe is scrambling to curb its reach." Under the act, all U.S. cloud service providers, from Microsoft and IBM to Amazon -- when ordered -- have to provide American authorities with data stored on their servers, regardless of where it's housed. With those providers controlling much of the cloud market in Europe, the act could potentially give the US the right to access information on large swaths of the region's people and companies.

The U.S. says the act is aimed at aiding investigations. But some people are drawing parallels between the legislation and the National Intelligence Law that China put in place in 2017 requiring all its organisations and citizens to assist authorities with access to information. The Chinese law, which the US says is a tool for espionage, is cited by President Donald Trump's administration as a reason to avoid doing business with companies like Huawei Technologies. "I don't mean to compare US and Chinese laws, because obviously they aren't the same, but what we see is that on both sides, Chinese and American, there is clearly a push to have extraterritorial access to data," said Ms Laure de la Raudiere, a French lawmaker who co-heads a parliamentary cyber-security and sovereignty group. "This must be a wake up call for Europe to accelerate its own, sovereign offer in the data sector."

Yes, if you don't own it, someone else does.

[Frobnicator]

Hardly news, and this has been "news" in the computer world since the beginning.

This is not a new concern. People have been renting out hardware long before Amazon was invented, computer time has been rented out . Back in the 1960s and 1970s many mid-sized banks were hesitant to avoid computers not because they didn't trust or couldn't afford the machines, but because they didn't trust the companies who owned the machines or the governments where the computers were located. IBM with locations around the globe was the biggest and generally considered most trustworthy, but (looking up history online) you could rent computer access from Honeywell, Sperry Rand, Siemens, EMI, Olivetti, and others. Noting their location, that could mean you were subject to US laws, or UK laws, or Germany or France or Italy or wherever the computing center was located.

I recall discussions a decade ago asking how much we valued hosting our own data, if we were willing to sacrifice the security of controlling it versus the convenience of letting Google Docs control access to all our documents. There are companies who trust every bit of their digital data to Amazon or Google or other companies. They figure that the cost savings is a benefit, and they don't care about (or don't realize) the security implications.

There are companies that decide that maintaining control is important. For them, even if it would be cheaper or easier to lease out hardware remotely the value of maintaining control is greater than any cost savings.