Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

// Home / Blogs

Posted on January 10th, 2011 by Jon Honeyball

Twitter data demand highlights cloud control problems

TwitterI see from the news that Twitter has been forced to bend over and succumb to a thorough Data Rogering by the US Government.
It appears that some foreign nationals are up in arms about this.
Can I say “I told you so”? For over two years, I have been raising the question of the territoriality and legal framework of data held by US companies, especially when the data is held on US territory
There are even considerations and worries about data held on EU-hosted servers owned by US corporations. As I reported a month or so ago,  at least Bob Muglia, President of servers and tools at Microsoft, was honest enough to admit that Microsoft would hand over data to the US authorities if so instructed, because they would have no choice but to comply.
Frankly, I feel a lot happier about Microsoft’s cloud solution now in the light of knowing what would happen. Confusion and obfuscation has no place in this matter
So you can imagine my reaction to another Very Well Known cloud vendor from America, with facilities in the UK, who, when asked by me to clarify their legal position on EU hosted data and attacks by US government said:
“At this time we’re not able to comment on this question”
When I followed up by asking “To be clear, <the CTO> has no comment on whether the data of his customers would or would not be taken out of the EU against the wishes of his customers?”, I received the reply “<we> cannot comment on this at this time”
Now please answer me this question: is this a company that you feel comfortable doing business with?

Twitter

I see from the news that Twitter has been forced to bend over and succumb to a thorough data rogering by the US Government.

It appears that some foreign nationals are up in arms about this.

Can I say “I told you so”? For over two years, I have been raising the question of the territoriality and legal framework of data held by US companies, especially when the data is held on US territory.

There are even considerations and worries about data held on EU-hosted servers owned by US corporations. As I reported a month or so ago, at least Bob Muglia, president of servers and tools at Microsoft, was honest enough to admit that Microsoft would hand over data to the US authorities if so instructed, because they would have no choice but to comply.

Frankly, I feel a lot happier about Microsoft’s cloud solution now in the light of knowing what would happen. Confusion and obfuscation has no place in this matter.

So you can imagine my reaction to another Very Well Known cloud vendor from America, with facilities in the UK, who, when asked by me to clarify their legal position on EU hosted data and attacks by US government, said: ”At this time we’re not able to comment on this question.”

When I followed up by asking: “To be clear, the CTO has no comment on whether the data of his customers would or would not be taken out of the EU against the wishes of his customers?”, I received the reply: “We cannot comment on this at this time.”

Now please answer me this question: is this a company that you feel comfortable doing business with?

Tags: ,

Posted in: cloud computing

Permalink

Follow any responses to this entry through the RSS 2.0 feed.

You can skip to the end and leave a response. Pinging is currently not allowed.

16 Responses to “ Twitter data demand highlights cloud control problems ”

  1. Richard Peaker Says:
    January 10th, 2011 at 10:56 am

    Good follow on from your back page in this months mag, but as you succinctly put, confusion and obfuscation has no place in this matter so who is the Very Well Known vendor to which you refer?!

     
  2. James Says:
    January 10th, 2011 at 12:00 pm

    Surely moving customers data outside of the EU to the US would violate data privacy laws? What happens when the law enforces of one counter order a company to break the law in another jurisdiction?

     
  3. Paul Spence Says:
    January 10th, 2011 at 12:06 pm

    #1 I’m thinking of a South American river and rainforest …

     
  4. lissnup Says:
    January 10th, 2011 at 12:12 pm

    Hi Richard Peaker, my bet is Rackspace. Their CTO is well rehearsed in offering no comment on tricky shit. To be fair, where does a cloud “reside”? Have to define that in order to set the jurisprudence.

     
  5. Peter Says:
    January 10th, 2011 at 12:51 pm

    @Jon I’m with you 100% from a moral perspective.
    Unfortuntely
    anyone who hasn’t figured-out that Amerika “owns” the internet is living in Cloud cukooland.

    Amerika is in the thrall of loonies, or of unscrupulous conspiritors with aims I’m not privvy to, but which aren’t likely to be good. Take your pick.

    Part of their paranoia is the belief that in order to protect “Liberty” (in USA, presumably) they have the right to behave unjustly and often llegally world wide. Simply being the USA means that the Lord is on their side. The paradox in that view either escapes them or they simply don’t want to see it.

    So coming back to the Interweb simply work on the premise that there is NO privacy of anything stored anywhere. Put simply if you don’t want CIA, Homeland Security NSA, and all the other “Agencies” snooping then quite simply:
    Hey, you, get offa that cloud (apologies to Jagger \ Richards)

     
  6. AnonnyMuss Says:
    January 10th, 2011 at 1:00 pm

    I think he’s talking about Google.

    Thing is, a well known UK university recently decided to move it’s student email service to Microsoft’s Live@Edu service for reasons of data protection and that the data would be stored within EU jurisdiction (Ireland I think) and Google would hold the data under US jurisdiction. It seems like that reasoning is now baseless based on what you have said in your article.

     
  7. Manuel Says:
    January 10th, 2011 at 2:51 pm

    I’ve often commented that the US behaves no differently than China. The only difference is China is clear and open on what it does.

    The Cloud just means your data belongs to U.S.

     
  8. Steve Cassidy Says:
    January 11th, 2011 at 4:13 pm

    @AnonyMuss: from what both JH and I have heard on a variety of fronts, you are correct – US corporations who make promises about data domiciles may simply not be able to keep those promises, no matter how much they might wish to.

     
  9. jon honeyball Says:
    January 11th, 2011 at 5:36 pm

    Steve is right

    And what are you going to do? Sue them for breach of contract? Its in the contract that they can do this, cos its covered by that “this contract is under the jurisdiction of Texas/Washington State/insert hometown of choice”

     
  10. jon honeyball Says:
    January 11th, 2011 at 5:37 pm

    @anonyMuss: Its not Google.

     
  11. stokegabriel Says:
    January 11th, 2011 at 5:39 pm

    Some organisations have a legal requirement to retain their data within the EU, Councils for instance. I dare say there are issues here also for medical data, data from Solicitors, Barristers, Insurance and Government depts etc. That’s going to rule out use of the cloud for all these groups then?, or that data is going to be available to the American Government?
    Whatever happened to our right to privacy then? I have little sympathy for people who splash all their data and identity all over social networking sites, that’s a choice they made, however some of us aren’t that foolish and just want to retain our privacy.

     
  12. mhussa Says:
    January 12th, 2011 at 1:38 am

    What if the US company has registered offices in the UK, doesn’t that mean they have to comply with UK data protection law first?

    Does the ICO have a view on this?

     
  13. mhussa Says:
    January 12th, 2011 at 1:47 am

    ok found it.

    http://www.ico.gov.uk/news/enewsletter/previous_enewsletters/English/201006.aspx#story9

    Chapter 5 of the personal information code of practice is about operating internationally.

     
  14. TV John Says:
    January 12th, 2011 at 9:14 am

    Hmmm. Could it be Amazon?

     
  15. jon honeyball Says:
    January 12th, 2011 at 5:51 pm

    @mhussa I asked the ICO about what would happen if data belonging to my company got moved out of the EU. They said I would be legally liable, even if I hadnt authorised the move.

     
  16. mhussa Says:
    January 13th, 2011 at 1:07 am

    The European commission has a list of countries outside the EEA(European Economic Area) that are allowed to transfer personal data. The US is *not* on the list but as quoted at the following link:

    http://www.ico.gov.uk/for_organisations/data_protection/the_guide/principle_8.aspx

    “Although the United States of America (US) is not included in the European Commission list, the Commission considers that personal data sent to the US under the “Safe Harbor” scheme is adequately protected.”

    The safe harbor list can be searched here:

    https://safeharbor.export.gov/list.aspx

    As of 13/01/2011 I checked the answer to the following question:

    “Do you agree to cooperate and comply with the European Data Protection Authorities?”

    Google, Microsoft and facebook answer, “YES”. So I guess that means they won’t fall foul of the ICO and EU directives, but the US government can still demand your data from the US company.

    The Amazon answer to this question is “No”.

     

Leave a Reply

Spam Protection by WP-SpamFree

* required fields

* Will not be published

Authors

Categories

Archives

advertisement

SEARCH
SIGN UP

Your email:

Your password:

remember me

Create an account

advertisement


Hitwise Top 10 Website 2010