When are people going to realise clouds are dangerous? You lose control of your data regardless of smart programmers or civil rights. You can never ever be sure it wont be taken, spied on or just lose it.
Yes, there is a huge convenience to clouds, no doubt what so ever, but I will never ever trust them.
Use? Yes.
Rely on?
Assume to be secure?
Assume to be private?
Assume to be always available?
No, never, ever.
Trust in a US justice system where my data might be? Well, we've seen that plays out. The US justice system scares the hell out of me. So much so that I personally avoid everything I can that might bring me with in the orbit of the US justice system.
And I really don't like the way our data is being herded in to one place, or several holding camps. It really feels like the data equivalent of an internment camp. Put it all in one place so the authorities can control it and us, or just open fire.
You know, if government interference was really just for stuff like anti-terror, then I could accept all this. But its not. They seem more concerned with the profits of media companies and copyright than anything that really effects us plebs.
Oh, got to go, I think I just saw a black helicopter... I'll have rant at that.
Well, with the way it's been going, you'll soon have no choice but to rely on cloud services.
Everything is a goddamn service now - even my fingerprint reader wants an Internet connection - yeah, screw you Authentec!
Even managing multiple WP sites now has to be done via a third party service: https://managewp.com/ (I've got nothing against them, they're very good - in fact, there is no better local alternative, which is what makes me sad/angry).
And I only found out after starting to manually block connections with a firewall... Authentec's TrueSuite became a must-install for some reason if you want to use their drivers and device on Windows.
One connection is for the software updates, and there are 2 other that I have no idea what they're used for. The TrueSuite app has an app store link and the features to export and import the fingerprint scans... So much for security...
Let's hope it is at least their software that they wrote that tries to make the connection and not something riding piggy back.
Fingerprint readers would make for a pretty good tool if you want to apprehend people on the lam, especially since you can lift their fingerprint, their location and a date/timestamp all at once. And they're self selecting in that the kind of people more likely to be doing naughty stuff would also be more likely to invest in such things as fingerprint readers.
And again, out of the user's real control... Sure, the security seems sound, but you still put all your eggs in someone else's basket, so to say, with any such cloud service.
There are specifically EU based companies offering cloud services only at EU based server parks. These companies make sure the US cannot have access to their data because a) the company isn't a US one b) the company does not have a part of its business located on US grounds and c) all servers are located in data centres on EU grounds.
Such services are offered with explicit notion of data protection against US laws, giving "us" EU people a safe harbour of data protection where we are (at this moment) sure "our" laws applies to "our" data.
>Trust in a US justice system where my data might be? Well, we've seen that plays out. The US justice system scares the hell out of me. So much so that I personally avoid everything I can that might bring me with in the orbit of the US justice system.
And you think this kind of polical anti-US-justice-system rants help you in this? You are already on the top list of potential targets, if not for anything else, just for the above comment.
Kidding aside, it's not about the cloud. The cloud is a detail in this discourse. If you cannot trust the justice system or the government you fight, vote, motivate people, organize etc to change them and how they work.
Just avoiding this or that (in this case, the cloud) means nothing in the grand scheme of things. They'll get you in another way.
>If you cannot trust the justice system or the government you fight, vote, motivate people, organize etc to change them and how they work.
Yes, but what if you don't live in the same country as the government you don't trust? Should I try get the people and politicians in the EU to back a war against the US?
No, but you might try to influence people not to use US data companies.
The best thing that could happen to the US (citizen here) is for the rest of the world to shun our data infrastructure and services. We would then have a chance to see the error of our ways.
> And you think this kind of polical anti-US-justice-system rants help you in this? You are already on the top list of potential targets, if not for anything else, just for the above comment.
You're arguing that to stay safe from the U.S. Government, one ought to abstain from criticizing the U.S. Government?
You're right in practical terms, I guess. But this sort of attitude is toxic to democracy.
This just exposes 'safe harbour' for the mockery it is.
I've been attempting to have a dispute with the uk government over this and failed. In a nutshell - revamped uk government website gov.uk launched recently, using google analytics. When I questioned why as US company was being informed about my interactions with my government a ticket was opened at a helpdesk service and I was told that it was ok because google were not allowed to use the data. The helpdesk service are based in San Francisco.
I think at present that citizens interacting with government services online is still relatively new, and they obviously havn't fully thought through the potential national security implications of using things such as Google Analytics and outsourced helpdesks.
I've been using UK government services online for several years now. I'm not sure if it's always been the way it is now, I never bothered to look at the loaded artifacts and page source for the older sites, but I get the impression that it wasn't like this before.
There was a big fanfare a few months back about how gov.uk was modern, useful, using industry best practices, open source tech and was just generally awesome and cool. I think what's happened is that they've either outsourced to or hired in a bunch of hip, trendy web developers s who had no real comprehension of data protection.
As someone with an interest in computer security, and who has in the past lived with data protection consultants, this disturbs me.
Anyone know which minister or ministry in the UK government is ultimately responsible for the UK government electronic data presence? Or who I might approach about these Data Protection concerns?
I would contact the ICO in the first instance. It would be the Department for Culture, Media and Sport that would deal with internet-related issues generally, then there is of course your local MP.
I must admit to being a little surprised that they are using Google Analytics plus the site doesn't have a privacy policy either. It seems a little bizarre to have a cookie policy but not one detailing usage of user information generally.
Yes they should, and a lot of the gov.uk stuff is open source and seems to me to be a very positive development.
BUT they've really dropped the ball by feeding analytics data about UK citizens to a bunch of US firms. IMHO. And not because I think the US is the worst place in the world ever, but simply because it demonstrably does not respect private data in the same way the EU does, especially when it comes to people who are non-citizens.
And they wonder why the anti-American sentiment is growing. I don't like these trends of US dictating EU policy one bit. Sure, US has always had "great relationships" with some European countries after WW2, and many European countries liked US for its culture etc, and have been friendly towards them. But this is getting pretty absurd, with US getting access to EU citizens data and having them dictate the whole EU's privacy policies, too.
This is why we need to move towards having everything encrypted locally, before sent to the cloud, and make it brain-dead easy for most people to do that. Or maybe we'll all start using Bittorent Sync for our own devices.
I think the main reason anti-American sentiment is growing is that the internet is making it harder for the US government to hide the behavior they've actually had for decades. To try and avoid getting any more political, I won't name any names but there is a certain president who is worshiped by a certain large group of people. I suspect that if the internet had been big then the perception about him would be radically different.
Then you're not adding anything to the discussion. Some people will know who you're talking about because they know what he did. The rest of us don't know who you're talking about and still don't know what he did.
>Then you're not adding anything to the discussion.
Nonsense and this is a cheap way to try and manipulate me into satisfying your curiosity.
The fact is, my statement probably applies to most (all?) of them in some form or another. As written I'm sure some people will assume I mean someone they know some dirt on and others would pick someone else.
The whole " still don't know what he did" is exactly the kind of politics I wanted to avoid while making my point as anything I would point to in my example is likely to draw out apologists and start a big fight about "what is evil anyway?". Exactly the kind of thing this site doesn't need.
And in any case I was probably specific enough for most to correctly guess who I was thinking of, as it is.
Did you even read the article? This has nothing to do with the EU. The US can obtain data from persons that are not US citizens without a warrant, if this data is stored on servers of US companies.
If the EU doesn't agree with this, it would be better to create an economic environment that facilitates EU-based tech companies, instead of having its citizens depend on US companies.
So the solution for the problem "seizing data from cloud service providers without a warrent" is to blame the EU why they dont build some tec companies that can hop in here?
Following your argument we should have EU and US services only?
We could even turn this around to "The EU can now seize data from US citizen from companies that operate in the EU."
Seizing data without a warrent is always wrong and can never be right regardles of citizenship to any country. Simple example the EU seizes data from US citizen and the US from EU citizen and then they just create an "foreign information exchange database" nobody knows about. Because we have to fight terrorism.
Countries have privacy laws that are regulate how personal data has to be held. These laws are mandatory for any company operating on EU soil for instance, including american companies like google or amazon having EU datacenters.
Now, it might seem ok for you that the US government can obtain the personal data stating that, since these are US companies indeed; but the condition they had for operating in foreign countries was to abide to their laws, including the privacy laws.
Thus, a solution could be for these US companies to close their business in europe; that would help creating an economic environment that facilitates EU-based tech companies...
(though that not the world I'd like to live in...)
Or, putting it other words: the US should create a better legislative environment that facilitates US tech companies to continue to be successful world wide.
European companies considering hosting personal data on American servers need to consult the so called Safe Harbour List, which is a list maintained by the American Department of Commerce:
http://safeharbor.export.gov/list.aspx
Now, what it means when a company is on the safe harbour list, is that the company has declared that it adheres to a privacy policy that complies with the U.S.- EU Safe Harbor agreements:
http://export.gov/safeharbor/eu/eg_main_018493.asp
As the OP shows, this is by no means adequate protection against American government surveillance. But then again, many European governments also have surveillance laws in place that allow certain government agencies access to hosted data, emails etc. with or without warrants. Often, the scrutiny of your local government is just as relevant a concern as that of being watched by the US government.
Yes, your influence on the UK democracy is at least 2.17391304 × 10 * * (-6) percent (1 out of the 46 million voters) whereas your influence on the American government is 0 percent.
It's not so much a matter of the influence I have as a matter of the government's goal.
Protecting me is somehow one of the missions of my government. Even if they tend to be quite bad at it, that still has to be on their minds.
The American government (or any foreign one), on the other hand, can and will screw me over, if they need it. And they will brag about it to gain poll points. Protecting me isn't part of their mission. Why would it be ? To them, I am the enemy.
This is why I don't want to have anything to do with hosting providers who only have US hosting available. My clients wouldn't be terribly happy; nor would I about this.
Heck, it probably is illegal for us to store customer data in the US in this case.
"But a US judiciary subcommittee on FISAAA in 2008 stated that the Fourth Amendment has no relevance to non-US persons.
FISAAA also forces US Internet giants and other tech companies operating clouds in the EU to hand over the data or face sanctions, says Bowden."
According to this, they can request data stored in EU server if the company is American. This means that it does not matter where the servers are, they will still get the data.
So, time to start to migrate to EU companies for hosting any sensitive information. Anyways, the cloud will never be secure, so the best we can try to do is Encrypt as much as possible, and not use the cloud for any sensitive information.
The one useful thing I see from the cloud is: Private Cloud in your house. With fiber getting more, and more distributed, we can soon have our home cloud with Music / Movies / series / news / email / phone all routed to our home cloud then to the devices. Now that would be a nice usage of the cloud!
"Private Cloud in your house"
Agreed! TB harddisks with encription, fast internet, mobile templates to access data. Add a little distrust into it and boom! PrivateCloud for Average Joe.
Maybe there is an opportunity for countries with liberal internet/freedoms and privacy laws to start make themselves more attractive as datacenter location.
Especially countries with natural advantages in this area that are already trying to move in this direction. Iceland comes to mind.
Most of the human race are ignorant peons who can't spot a warning a mile away. A fine example of this is the amount of people I saw in hospital gowns outside my local hospital the other day with oxygen masks, yet they were outside smoking.
I don't host anything sensitive on the cloud but this makes me think twice before using Linode or Amazon. It's a shame really. I don't know any cloud services that don't have any American presence.
Here are the AWS alternatives I could find when I was searching for them 2 months ago. They are both hosted in Germany and operated by German companies.
I haven't played with them yet, so I can't say if they are any good.
EC2 alternative: http://jiffybox.de Not as feature rich as EC2, but they do have an api to launch, stop, and resize instances.
Any Asian-European company that I had worked with forbids the management of any critical information by any American company, not just cloud, for this simple reason.
> Any Asian-European company that I had worked with forbids the management of any critical information by any American company, not just cloud, for this simple reason.
This is just as they should though, it's not as if the U.S. would feel it's a good idea to host their cloud services in China on Huawei kit. For better or worse the days when "gentlemen do not read each other's mails!" fell by the wayside decades ago.
Nations need to either agree specifically not to read each other's data in transit (perhaps this is the EU-US "Safe Harbor" that's being talked about?), or assume that their data would be read and plan accordingly.
Note that we already have to do this planning as tech developers anyways. If we had sensitive PII we wouldn't store it unencrypted on a shared host with world-readable files, would we?
I saw this and wrote to my MEP asking that the EU makes it mandatory for American companies providing services to European consumers to clearly and distinctively inform said consumers that their data may be handed to American authorities without notice or specific consent.
Also, I wonder what's going to happen when American companies hand data to the US Gov't in compliance with US law but in breach of privacy laws in the non-US territories they are operating in : large-scale breaches like this will not only earn them hefty sanctions, but could also lead to some courts shutting down their services altogether...
There are already EU laws about exporting data outside the EU.
US saying they can grab data just means US companies who want EU business need to set up EU companies with servers in the EU. That means more work for EU citizens, and more tax[1] paid in the EU.
For me (as a European) it all seems pretty good.
[1] Albeit minimal tax with their borderline illegal weird methods to avoid tax.
It boggles my mind how easy it is to throw principles over board when convenient. Either you believe in freedom and democracy or you don't. If you do you would extend your principles to non-citizens as well (with exceptions in form of warrants of course)
Once security trumps liberties you are on a downward spiral.
That's a bit extreme. If anything it will force a lot of introspection among the string pullers and any illusions people still have about privacy in the cloud (without encryption) will hopefully be shaken. When you affect those with capacity, you make things better for the less capable or incapable... All this is noise, and noise is good.
After all that's what cleaned up business practices significantly at the start of the industrial revolution.
In fact, this is just another growing pain in a new industry.
Industrial Revolution => Child Labour
Automobiles => Safety
Data => Privacy
Are they perfect now? Of course not, but they became better.
Yes, Piwik I can highly recommend! The fact that you are doing the analytics by yourself also means they don‘t become part of a larger graph–in theory, this is better for the privacy of your users because you can’t track them outside your domain.
most big enterprise companies (banking, finance, pharma, manufacturing, etc) have, regardless of their HQ, an office in the US. so, to be "protected", they would need to cut those office off completely.
just sucks that the US market is one of the most important ones.
so where else would you like to host? China? India?
and what exactly guarantees your German super private cloud not to be attacked by:
1., The classic internal employee with a USB stick
2., The NSA which won't stop at some magic fluffy national border which doesn't even exist on the net.
3., The manufacturers of the hardware you're working on, from Chinese chips in your notebook to the components in your networking equipment.
and don't get me started on ISPs.
You want to be secure? Do not connect to the Internet, ever. Good luck in the economy though.
> "binding corporate rules for data processors" was inserted into the European Commission’s data protection regulation proposal with loopholes built-in which allow for FISAAA surveillance.
The only conceivable reason for such loophole is a reciprocal agreement. We can't spy on our people but you can and vice versa. Looks pretty bad.
When are people going to realise clouds are dangerous? You lose control of your data regardless of smart programmers or civil rights. You can never ever be sure it wont be taken, spied on or just lose it.
Yes, there is a huge convenience to clouds, no doubt what so ever, but I will never ever trust them.
Use? Yes.
Rely on? Assume to be secure? Assume to be private? Assume to be always available? No, never, ever.
Trust in a US justice system where my data might be? Well, we've seen that plays out. The US justice system scares the hell out of me. So much so that I personally avoid everything I can that might bring me with in the orbit of the US justice system.
And I really don't like the way our data is being herded in to one place, or several holding camps. It really feels like the data equivalent of an internment camp. Put it all in one place so the authorities can control it and us, or just open fire.
You know, if government interference was really just for stuff like anti-terror, then I could accept all this. But its not. They seem more concerned with the profits of media companies and copyright than anything that really effects us plebs.
Oh, got to go, I think I just saw a black helicopter... I'll have rant at that.