When are people going to realise clouds are dangerous? You lose control of your data regardless of smart programmers or civil rights. You can never ever be sure it wont be taken, spied on or just lose it.
Yes, there is a huge convenience to clouds, no doubt what so ever, but I will never ever trust them.
Use? Yes.
Rely on?
Assume to be secure?
Assume to be private?
Assume to be always available?
No, never, ever.
Trust in a US justice system where my data might be? Well, we've seen that plays out. The US justice system scares the hell out of me. So much so that I personally avoid everything I can that might bring me with in the orbit of the US justice system.
And I really don't like the way our data is being herded in to one place, or several holding camps. It really feels like the data equivalent of an internment camp. Put it all in one place so the authorities can control it and us, or just open fire.
You know, if government interference was really just for stuff like anti-terror, then I could accept all this. But its not. They seem more concerned with the profits of media companies and copyright than anything that really effects us plebs.
Oh, got to go, I think I just saw a black helicopter... I'll have rant at that.
Well, with the way it's been going, you'll soon have no choice but to rely on cloud services.
Everything is a goddamn service now - even my fingerprint reader wants an Internet connection - yeah, screw you Authentec!
Even managing multiple WP sites now has to be done via a third party service: https://managewp.com/ (I've got nothing against them, they're very good - in fact, there is no better local alternative, which is what makes me sad/angry).
>Trust in a US justice system where my data might be? Well, we've seen that plays out. The US justice system scares the hell out of me. So much so that I personally avoid everything I can that might bring me with in the orbit of the US justice system.
And you think this kind of polical anti-US-justice-system rants help you in this? You are already on the top list of potential targets, if not for anything else, just for the above comment.
Kidding aside, it's not about the cloud. The cloud is a detail in this discourse. If you cannot trust the justice system or the government you fight, vote, motivate people, organize etc to change them and how they work.
Just avoiding this or that (in this case, the cloud) means nothing in the grand scheme of things. They'll get you in another way.
This just exposes 'safe harbour' for the mockery it is.
I've been attempting to have a dispute with the uk government over this and failed. In a nutshell - revamped uk government website gov.uk launched recently, using google analytics. When I questioned why as US company was being informed about my interactions with my government a ticket was opened at a helpdesk service and I was told that it was ok because google were not allowed to use the data. The helpdesk service are based in San Francisco.
I think at present that citizens interacting with government services online is still relatively new, and they obviously havn't fully thought through the potential national security implications of using things such as Google Analytics and outsourced helpdesks.
And they wonder why the anti-American sentiment is growing. I don't like these trends of US dictating EU policy one bit. Sure, US has always had "great relationships" with some European countries after WW2, and many European countries liked US for its culture etc, and have been friendly towards them. But this is getting pretty absurd, with US getting access to EU citizens data and having them dictate the whole EU's privacy policies, too.
This is why we need to move towards having everything encrypted locally, before sent to the cloud, and make it brain-dead easy for most people to do that. Or maybe we'll all start using Bittorent Sync for our own devices.
I think the main reason anti-American sentiment is growing is that the internet is making it harder for the US government to hide the behavior they've actually had for decades. To try and avoid getting any more political, I won't name any names but there is a certain president who is worshiped by a certain large group of people. I suspect that if the internet had been big then the perception about him would be radically different.
Did you even read the article? This has nothing to do with the EU. The US can obtain data from persons that are not US citizens without a warrant, if this data is stored on servers of US companies.
If the EU doesn't agree with this, it would be better to create an economic environment that facilitates EU-based tech companies, instead of having its citizens depend on US companies.
European companies considering hosting personal data on American servers need to consult the so called Safe Harbour List, which is a list maintained by the American Department of Commerce:
http://safeharbor.export.gov/list.aspx
Now, what it means when a company is on the safe harbour list, is that the company has declared that it adheres to a privacy policy that complies with the U.S.- EU Safe Harbor agreements:
http://export.gov/safeharbor/eu/eg_main_018493.asp
As the OP shows, this is by no means adequate protection against American government surveillance. But then again, many European governments also have surveillance laws in place that allow certain government agencies access to hosted data, emails etc. with or without warrants. Often, the scrutiny of your local government is just as relevant a concern as that of being watched by the US government.
This is why I don't want to have anything to do with hosting providers who only have US hosting available. My clients wouldn't be terribly happy; nor would I about this.
Heck, it probably is illegal for us to store customer data in the US in this case.
"But a US judiciary subcommittee on FISAAA in 2008 stated that the Fourth Amendment has no relevance to non-US persons.
FISAAA also forces US Internet giants and other tech companies operating clouds in the EU to hand over the data or face sanctions, says Bowden."
According to this, they can request data stored in EU server if the company is American. This means that it does not matter where the servers are, they will still get the data.
So, time to start to migrate to EU companies for hosting any sensitive information. Anyways, the cloud will never be secure, so the best we can try to do is Encrypt as much as possible, and not use the cloud for any sensitive information.
The one useful thing I see from the cloud is: Private Cloud in your house. With fiber getting more, and more distributed, we can soon have our home cloud with Music / Movies / series / news / email / phone all routed to our home cloud then to the devices. Now that would be a nice usage of the cloud!
"Private Cloud in your house"
Agreed! TB harddisks with encription, fast internet, mobile templates to access data. Add a little distrust into it and boom! PrivateCloud for Average Joe.
Maybe there is an opportunity for countries with liberal internet/freedoms and privacy laws to start make themselves more attractive as datacenter location.
Especially countries with natural advantages in this area that are already trying to move in this direction. Iceland comes to mind.
Most of the human race are ignorant peons who can't spot a warning a mile away. A fine example of this is the amount of people I saw in hospital gowns outside my local hospital the other day with oxygen masks, yet they were outside smoking.
I don't host anything sensitive on the cloud but this makes me think twice before using Linode or Amazon. It's a shame really. I don't know any cloud services that don't have any American presence.
Any Asian-European company that I had worked with forbids the management of any critical information by any American company, not just cloud, for this simple reason.
> Any Asian-European company that I had worked with forbids the management of any critical information by any American company, not just cloud, for this simple reason.
This is just as they should though, it's not as if the U.S. would feel it's a good idea to host their cloud services in China on Huawei kit. For better or worse the days when "gentlemen do not read each other's mails!" fell by the wayside decades ago.
Nations need to either agree specifically not to read each other's data in transit (perhaps this is the EU-US "Safe Harbor" that's being talked about?), or assume that their data would be read and plan accordingly.
Note that we already have to do this planning as tech developers anyways. If we had sensitive PII we wouldn't store it unencrypted on a shared host with world-readable files, would we?
I saw this and wrote to my MEP asking that the EU makes it mandatory for American companies providing services to European consumers to clearly and distinctively inform said consumers that their data may be handed to American authorities without notice or specific consent.
Also, I wonder what's going to happen when American companies hand data to the US Gov't in compliance with US law but in breach of privacy laws in the non-US territories they are operating in : large-scale breaches like this will not only earn them hefty sanctions, but could also lead to some courts shutting down their services altogether...
There are already EU laws about exporting data outside the EU.
US saying they can grab data just means US companies who want EU business need to set up EU companies with servers in the EU. That means more work for EU citizens, and more tax[1] paid in the EU.
For me (as a European) it all seems pretty good.
[1] Albeit minimal tax with their borderline illegal weird methods to avoid tax.
It boggles my mind how easy it is to throw principles over board when convenient. Either you believe in freedom and democracy or you don't. If you do you would extend your principles to non-citizens as well (with exceptions in form of warrants of course)
Once security trumps liberties you are on a downward spiral.
That's a bit extreme. If anything it will force a lot of introspection among the string pullers and any illusions people still have about privacy in the cloud (without encryption) will hopefully be shaken. When you affect those with capacity, you make things better for the less capable or incapable... All this is noise, and noise is good.
After all that's what cleaned up business practices significantly at the start of the industrial revolution.
In fact, this is just another growing pain in a new industry.
Industrial Revolution => Child Labour
Automobiles => Safety
Data => Privacy
Are they perfect now? Of course not, but they became better.
[+] [-] alan_cx|13 years ago|reply
When are people going to realise clouds are dangerous? You lose control of your data regardless of smart programmers or civil rights. You can never ever be sure it wont be taken, spied on or just lose it.
Yes, there is a huge convenience to clouds, no doubt what so ever, but I will never ever trust them.
Use? Yes.
Rely on? Assume to be secure? Assume to be private? Assume to be always available? No, never, ever.
Trust in a US justice system where my data might be? Well, we've seen that plays out. The US justice system scares the hell out of me. So much so that I personally avoid everything I can that might bring me with in the orbit of the US justice system.
And I really don't like the way our data is being herded in to one place, or several holding camps. It really feels like the data equivalent of an internment camp. Put it all in one place so the authorities can control it and us, or just open fire.
You know, if government interference was really just for stuff like anti-terror, then I could accept all this. But its not. They seem more concerned with the profits of media companies and copyright than anything that really effects us plebs.
Oh, got to go, I think I just saw a black helicopter... I'll have rant at that.
[+] [-] jakeonthemove|13 years ago|reply
Everything is a goddamn service now - even my fingerprint reader wants an Internet connection - yeah, screw you Authentec!
Even managing multiple WP sites now has to be done via a third party service: https://managewp.com/ (I've got nothing against them, they're very good - in fact, there is no better local alternative, which is what makes me sad/angry).
[+] [-] junto|13 years ago|reply
[+] [-] reidrac|13 years ago|reply
Related: http://www.katescomment.com/is-cloud-safe/
[+] [-] pretoriusB|13 years ago|reply
And you think this kind of polical anti-US-justice-system rants help you in this? You are already on the top list of potential targets, if not for anything else, just for the above comment.
Kidding aside, it's not about the cloud. The cloud is a detail in this discourse. If you cannot trust the justice system or the government you fight, vote, motivate people, organize etc to change them and how they work.
Just avoiding this or that (in this case, the cloud) means nothing in the grand scheme of things. They'll get you in another way.
[+] [-] Nursie|13 years ago|reply
I've been attempting to have a dispute with the uk government over this and failed. In a nutshell - revamped uk government website gov.uk launched recently, using google analytics. When I questioned why as US company was being informed about my interactions with my government a ticket was opened at a helpdesk service and I was told that it was ok because google were not allowed to use the data. The helpdesk service are based in San Francisco.
[+] [-] motters|13 years ago|reply
[+] [-] nextparadigms|13 years ago|reply
[+] [-] nextparadigms|13 years ago|reply
This is why we need to move towards having everything encrypted locally, before sent to the cloud, and make it brain-dead easy for most people to do that. Or maybe we'll all start using Bittorent Sync for our own devices.
[+] [-] flyinRyan|13 years ago|reply
[+] [-] gst|13 years ago|reply
If the EU doesn't agree with this, it would be better to create an economic environment that facilitates EU-based tech companies, instead of having its citizens depend on US companies.
[+] [-] flexie|13 years ago|reply
European companies considering hosting personal data on American servers need to consult the so called Safe Harbour List, which is a list maintained by the American Department of Commerce: http://safeharbor.export.gov/list.aspx
Now, what it means when a company is on the safe harbour list, is that the company has declared that it adheres to a privacy policy that complies with the U.S.- EU Safe Harbor agreements: http://export.gov/safeharbor/eu/eg_main_018493.asp
As the OP shows, this is by no means adequate protection against American government surveillance. But then again, many European governments also have surveillance laws in place that allow certain government agencies access to hosted data, emails etc. with or without warrants. Often, the scrutiny of your local government is just as relevant a concern as that of being watched by the US government.
[+] [-] Nursie|13 years ago|reply
[+] [-] cmircea|13 years ago|reply
Heck, it probably is illegal for us to store customer data in the US in this case.
[+] [-] calgoo|13 years ago|reply
FISAAA also forces US Internet giants and other tech companies operating clouds in the EU to hand over the data or face sanctions, says Bowden."
According to this, they can request data stored in EU server if the company is American. This means that it does not matter where the servers are, they will still get the data.
So, time to start to migrate to EU companies for hosting any sensitive information. Anyways, the cloud will never be secure, so the best we can try to do is Encrypt as much as possible, and not use the cloud for any sensitive information.
The one useful thing I see from the cloud is: Private Cloud in your house. With fiber getting more, and more distributed, we can soon have our home cloud with Music / Movies / series / news / email / phone all routed to our home cloud then to the devices. Now that would be a nice usage of the cloud!
[+] [-] digitalengineer|13 years ago|reply
[+] [-] netcan|13 years ago|reply
Especially countries with natural advantages in this area that are already trying to move in this direction. Iceland comes to mind.
[+] [-] venomsnake|13 years ago|reply
People will become more and more careful and uncomfortable with the cloud in the coming years.
[+] [-] meaty|13 years ago|reply
Most of the human race are ignorant peons who can't spot a warning a mile away. A fine example of this is the amount of people I saw in hospital gowns outside my local hospital the other day with oxygen masks, yet they were outside smoking.
Get the hint people!
[+] [-] obsession|13 years ago|reply
[+] [-] gmac|13 years ago|reply
[+] [-] cmircea|13 years ago|reply
[+] [-] jakobe|13 years ago|reply
I am currently using Fastmail, which is operated by an Australian company owned by a Norwegian company, and apparently their servers are in the US.
Everytime I read stuff like this, I keep saying to myself that I should move to a European company...
[+] [-] robotmay|13 years ago|reply
[+] [-] forgottenpaswrd|13 years ago|reply
Any Asian-European company that I had worked with forbids the management of any critical information by any American company, not just cloud, for this simple reason.
[+] [-] mpyne|13 years ago|reply
This is just as they should though, it's not as if the U.S. would feel it's a good idea to host their cloud services in China on Huawei kit. For better or worse the days when "gentlemen do not read each other's mails!" fell by the wayside decades ago.
Nations need to either agree specifically not to read each other's data in transit (perhaps this is the EU-US "Safe Harbor" that's being talked about?), or assume that their data would be read and plan accordingly.
Note that we already have to do this planning as tech developers anyways. If we had sensitive PII we wouldn't store it unencrypted on a shared host with world-readable files, would we?
[+] [-] acd|13 years ago|reply
[+] [-] rapht|13 years ago|reply
Also, I wonder what's going to happen when American companies hand data to the US Gov't in compliance with US law but in breach of privacy laws in the non-US territories they are operating in : large-scale breaches like this will not only earn them hefty sanctions, but could also lead to some courts shutting down their services altogether...
[+] [-] Nux|13 years ago|reply
[+] [-] jostmey|13 years ago|reply
[+] [-] DanBC|13 years ago|reply
US saying they can grab data just means US companies who want EU business need to set up EU companies with servers in the EU. That means more work for EU citizens, and more tax[1] paid in the EU.
For me (as a European) it all seems pretty good.
[1] Albeit minimal tax with their borderline illegal weird methods to avoid tax.
[+] [-] linuxhansl|13 years ago|reply
Once security trumps liberties you are on a downward spiral.
[+] [-] meaty|13 years ago|reply
This is resulting in the instant removal of Google Analytics for us.
[+] [-] eksith|13 years ago|reply
After all that's what cleaned up business practices significantly at the start of the industrial revolution.
In fact, this is just another growing pain in a new industry.
Are they perfect now? Of course not, but they became better.[+] [-] mbesto|13 years ago|reply
http://www.ciphercloud.com/solutions/data-residency.aspx
[+] [-] Revisor|13 years ago|reply
We're using Google Analytics and GetClicky.com right now, both from the USA.
[+] [-] kexek|13 years ago|reply
[+] [-] Buzaga|13 years ago|reply
http://piwik.org/
http://www.openwebanalytics.com/