back to article EU cloud data can be secretly accessed by US authorities

Personal information belonging to EU users of US-owned cloud-based services could be shared with US law enforcers without the user being informed, Microsoft has said. The software giant said it could not guarantee that it would not have to hand over EU customers' data on a new cloud service it has developed whilst keeping …

COMMENTS

This topic is closed for new posts.
  1. John G Imrie

    These EU provisions might conflict with obligations US-based firms

    If you can't obey EU data protection laws then you shouldn't be allowed to trade in the EU.

    That should put the cat among the pidgins :-)

    1. Mark 65

      Or maybe

      They could find some way of offering overseas companies the ability to store their data in an encrypted container. That way at least there's some work to be done which would thin out phishing trips by the authorities. This just sounds like state-sponsored corporate espionage otherwise.

      1. Ken Hagan Gold badge

        Re: an encrypted container

        This is fine, as long as data storage is the only service you are getting from the cloud. Sadly, I think you will find it is quite hard to perform computations directly on encrypted data (*). In practice, you'd have to decrypt it, perform your computation and then encrypt the results -- all on a CPU that is owned by that US company and therefore subject to US laws on snooping.

        (* Off the top of my head I can't think of a simple proof that this is impossible, but equally I'm not aware of any way of doing it.)

      2. Anonymous Coward
        Anonymous Coward

        Alright here's a fucking title then.

        "They could find some way of offering overseas companies the ability to store their data in an encrypted container."

        Trusting "them" to provide proper encryption is exactly as effective as trusting "them" not to peek at your data in the first place. Do your own encryption or don't play would be my advice.

        Also - performing calculations with encrypted data: You can either bring back the required bit; decrypt it locally; perform your calculation locally; re-encrypt it locally; then send it back up. That's one approach. Or -if the calculation would be sufficiently obscure out of context- you could maybe do the processing part on another (or several) different parts of the cloud; ideally with business rivals/countries at war to lessen the odds of the data being shared and reconstructed...a "cell organisation" for your data. If the data is that secret though, it shouldn't be on somebody else's server.

    2. Ken Hagan Gold badge

      Re: Cat amongst the pidgins

      No it won't.

      MS have simply pointed out that as a US company they are bound by US law. This is not a new phenomenon. Multinational companies have always had to square their obligations in several jurisdictions at once. The cloud (as ever) adds nothing qualitatively new to this old problem. It merely makes it easier to get confused about "where" a given transaction takes place.

      It is easy to imagine situations where it is impossible to grant freedoms enshrined by law in one country and simultaneously protect rights guaranteed by law in another country, so the hard line you advocate is pretty much a ban on the existence of multinational companies. Since such companies clearly exist, I assume that the lawyers, courts and politicians have seen sense and take a more moderate view.

      1. JohnG

        Re: Cat amongst the pidgins

        "It is easy to imagine situations where it is impossible to grant freedoms enshrined by law in one country and simultaneously protect rights guaranteed by law in another country,...."

        Conventionally, multinationals obey the local laws in each country in which they operate, for their activities within that country's jurisdiction. Walmart sells guns in their stores in the USA but not in Europe. Supermarkets in the UK sell things like ibuprofen and cold remedies but their counterparts in Germany cannot.

        The difference in this case is that US legislation appears to overstretch itself to include the activities of Microsoft (and others) well outside of US jurisdiction. By the same thinking, a court in Saudi Arabia might prosecute an multinational online book retailer for selling bibles in the USA and Europe.

        Perhaps the EU agreed to this arrangement with the USA to favour cloud providers entirely based in Europe...

      2. Anonymous Bosch
        Unhappy

        Re: Cat amongst the pidgins

        And it won't stop Microsoft from moving data in the EU to the US so that the FBI et al can peruse it.

  2. The BigYin

    Sorry...

    ...is this story about the USA or China? It's hard to tell sometimes.

    1. BristolBachelor Gold badge
      Joke

      How to tell...

      If they say "We used to be worse, but are getting better" then it is China.

      If they say "We used to be free, but are getting worse", then it is US of A

    2. LaeMing
      Headmaster

      Easy to tell the difference

      If the Government is saying "this draconian measure is to protect us" it is China.

      If the Government is saying "this draconian measurels to protect you" it is the US.

    3. Dave 15

      Easy to tell

      The Americans tell you this snooping, prying and the restrictions are to protect your freedom, the Chinese just get on and do it without telling pork pies.

  3. Anonymous Coward
    Big Brother

    So that would be where Lulzsec could have got the UK census data from then?

    If they had indeed done so (subsequently denied/refuted).

    Not from a blu-ray* disk left on a train but from the US Gov copy obtained for National Security reasons from Lockheed Martin.

    Lets face it if McKinnon could find DoD computers without much protection, they're hardly going to worry about the security of data of the civilians on board their Eastern Altantic ("Unsinkable") Aircraft Carrier are they?

    *or HD-DVD, the UK Gov beleiving in security by obscurity

    1. Dave 15

      Yup

      The UK census was carried out by a US company (paid handsomly by UK tax payers)

      This means that the USA government had access to the data before our own one!

      Why? Because somehow the stupid idiots who think they are clever (politicians) couldn't work out that paying British workers with British tax payers money to produce goods/services for Britain was cheaper than giving a stack of dosh to a bunch of foreigners. We must be the ONLY country in the world where the tax payer funded police, prime minister, ambulance, army, airforce, navy, fire service run around with foreign equipment while their country men sit on the dole. Certainly the French don't have MAN lorries for their army, the Germans don't have Renault ambulances, the Americans won't by EADS planes.... The British on the other hand won't buy anything at all that might possibly have been made in Britain.

  4. Anonymous Coward
    Mushroom

    How does this affect ISO27001/2 ? Implications for UK companies

    we're currently looking at SaaS hosted solutions for HR, Payroll, and Learning and development. We've already got a (US) hosted recruitment solution, which was signed off by our data security officer.

    Without pandering to conspiracy-centric loons, the most important question, is "what does this story mean for UK companies who might outsource and have US accessible data ?". Does it create a legal liability, that they can't escape. If so, then there will be a massive halt on all SaaS projects, if there is a hint the data could be routed via a US-bound company.

    Or can the liability be managed with consumer consent ?

    I suspect we'll end up with the latter - effectively putting the onus on the consumer to object (by refusing to use companies that do use such services). This is one issue I would like to see the EU grow a pair on, and declare it unlawful for EU companies to use such systems. Or, alternatively, pass an EU-wide equivalent to the Patriot Act, and data-slurp the merkins, for a change.

    I really don't know way the EU acts so lame sometimes. Depsite what you may think, the US is very aware of the implications of a single trading block of 350+ million consumers. They are also aware that the more socialist nature of the EU gives it a massive advantage in dictating standards and forcing progression, rather than relying on the "free market", which saddled the US with NTSC while we (mostly) got PAL. I recall watching a business report years ago, where US businesses were terrrified that while they argued over HD standards, the EU and Japan would simply pick one, and work to it, leaving them behind.

    1. SImon Hobson Bronze badge

      It puts you up ***t creek

      >> Does it create a legal liability, that they can't escape. If so, then there will be a massive halt on all SaaS projects, if there is a hint the data could be routed via a US-bound company.

      >> Or can the liability be managed with consumer consent ?

      Taking the latter bit first, no you can't - not fully. You cannot (for example) just insist that every employee and applicant signs a privacy document allowing you to export the data outside of EU data protection. I'm fairly certain that would be considered unlawful since that permission would not have been freely given - as in "agree to this or don't have a job" does not make for a free choice.

      So having ruled out compliance by data subject agreement, I believe you are now up the proverbial brown tributary without propulsion. If the data you wish to store and process is considered personal (which HR, Payroll, and Learning and development would), then you are stuck because you can't store that data on any server under the control of a US owned business. To do so means you cannot give the guarantees of privacy required of EU law.

      That's my interpretation anyway.

      Having said that, it may be possible. It may be worth having a look at the privacy stuff related to the Census. It you trawl around their website hard enough, there is a document explaining how they've (so they claim) been able to guarantee privacy from US snooping while employing a US contractor. IIRC it involves several entities connected in such a way that no-one covered by the US Patriot act actually has any access to the data or the system it's stored on. It;s one thing doing that when the company concerned is a contractor and you own the kit - but that's more or less the reverse of the situation with cloud.

      But possibly still worth a look.

    2. Anonymous Coward
      Paris Hilton

      Who's Zoomin' Who?

      On first blush, I thought you wholly upended your tit-for-tat legislative suggestion at the end of paragraph 4 but then I remembered 'merkins' carry two meanings. Your take stands up to America; mine suggests delighting Lady Liberty......

    3. Fred Flintstone Gold badge

      Actually, no - EU law prohibits implied consent

      "I suspect we'll end up with the latter - effectively putting the onus on the consumer to object"

      I do cross-border privacy for a living. EU laws do not permit implied permission (i.e. embedded in the small print of some contract), data protection permissions must always be given explicitly (i.e. separately described and authorised) - that's also why a default opt-in is actually somewhere between frowned upon practice to downright illegal depending on the specific nation's implementation of EU laws.

      The problem isn't the laws - it's the abuse thereof. Especially the US seems to be hell bent on abusing privileges or even simply breaking agreements when it suits them. The results is a problem that pervades business there to the point of companies involved in serious Intellectual Property development now actively avoiding the US as a place of business until development is complete. It's ridiculous that a nation who alleges to be the land of freedom has acquired a reputation for being less safe than China or Russia, but that's the reality of today: Safe Harbour very definitely isn't.

      Your primary problem with SaaS is where the data resides, because that's where legal access will first be attempted. This is the situation with legal firms in the UK who outsource their IT as well: their data may be backdoored due to a warrant served on the provider, and the intercept laws (in the UK that's RIPA 1998) do not permit to inform the data owner of the backdoor).

      We advise people and companies on these issues, and generally exploit cross border differences to improve security and privacy protection - cross border abuse of privacy laws leaves an audit and paper trail exposure that abusers don't like as it provides court admissible evidence of abuse.

      By the way, this has little to do with "conspiracy theories", but with offsetting liabilities. Unless you can point the finger elsewhere, a leak or breach means your company ends up with the liability. If you're a major law firm handling a shipping claim you're talking about *VERY* large numbers..

  5. John Smith 19 Gold badge
    Flame

    The PATRIOT Act

    Every f**king time.

    "We're just like EU companies in our data protection (*unless* any federal law enforcement person waves this under noses and then we just bend you over and grease your cheeks)"

    No they are *not* like the EU. It's time to stop pretending they are.

  6. Trollslayer
    Flame

    Security reasons only?

    This would make a great fishing ground and Micrsoft must have been very unhappy in order to make a statement like this.

  7. Anonymous Coward
    Anonymous Coward

    Cloud

    Yet another reason NOT to use the cloud.

    1. Andy Barker

      Not cloud, US companies

      Is more an issue of not using US owned companies surely?

      1. Mark 65

        Indeed

        Be interesting to see the ramifications for those using Amazon's services which have backup in multiple zones. For instance what is controlled by elements in the US and how does data move around their networks? If it touches their US datacentres in any way there's the possibility of a quick slurp. I seem to remember an article about a European bank (Paribas maybe?) using Amazon's services (I think) for performing their risk calculations. You wouldn't touch them with a shitty stick after this statement.

        1. Rob
          Black Helicopters

          I read it differently...

          ... I thought it read as, if the company is registered as a US company then it doesn't matter where the data is stored their snooping gov can ask for the data no matter what.

          I haven't checked but I'm assuming Amazon is a US registered company.

          1. LaeMing
            Flame

            "regardless of where it is stored in the world"

            that's the kicker. According to the US, if the co. is registered with them, all data they hold anywhere is fair game for a slurp.

  8. Anonymous Coward
    Anonymous Coward

    why?

    large organisations like to split themselves up in to lots of smaller companies for tax purposes, why not have the EU data centres owned by a wholly owned subsidiary Microsoft Datacentres Europe registered out of Ireland (seems popular) for example? then if Microsoft US gets a request their response would be "sorry that data isn't held by us, you might want to try directing your request to Microsoft Datacentres Europe who run those datacentres"?

    That's assuming they want businesses from the EU to be allowed to be their customers...

    1. Tom 35

      wholly owned subsidiary

      Is still US owned. They would have to outsource to a EU owned company.

      1. Fred Flintstone Gold badge

        Doesn't work

        If they have a EU back end, the main company gets served for access. If they have an EU front but a US back end, the back end gets served. The bottom line is that any part on US soil is a liability.

        As I said in another post, the problem is not the laws per sé, it's the abuse thereof (and, I may add; the total lack of transparency and oversight which has allowed this abuse to mushroom to the point of destroying trust in any US located partner).

        If the US doesn't start reigning in its own paranoia and the abuse it allows their services to make of privacy they will no longer be able to contain the resulting economic damage. I am 100% in agreement with properly controlled access privileges to fight crime, but with transparency and oversight. Without it, you get the sort of abuse visible today..

    2. Fatman
      FAIL

      splitting up large organizations

      Would do squat to keep the nosy Feds away?

      As long as any of these "region specific" companies has a US registered company as an owner, the Feds will use the PATRIOT Act to slurp as much data as they can get away with.

      There is only one way to prevent that, and that is to insure that a "region specific" company HAS NO US BASED OWNERS, and the data never sees US territory. When the Feds come calling, the proper and appropriate response would be the "erect middle finger".

  9. ScaredyCat
    Devil

    Merkins...

    ...it's a cover up

  10. h4rm0ny

    MS Need to avoid this

    It will impact their business in Europe. They need to set up a European based company or find a suitable partner here who can run an equivalent, perhaps even integrated system, but under EU law.

    I always thought that the US gov and MS were good friends. But apparently the US gov thinks friendship only works one way. So no change there, then.

  11. Syren Baran
    Stop

    Call me old-fashioned

    but i prefer a simple ftp-server, thank you very much.

    Still, any non-US based cloud-services out there?

    Only thing that comes to mind is Ubuntu One, any others?

    1. Anonymous Coward
      Holmes

      diino - I think

      Have a looksee at

      www.diino.com

  12. Red Bren
    WTF?

    Too late for this stable door...

    Do Virgin Media, O2 (Telefonica) or any other EU companies listed on US stock exchanges have to comply with the Patriot act? They have comply with Sarbanes-Oxley...

  13. Anonymous Coward
    Black Helicopters

    What's the situation

    with *properly* encrypted data. Does the Patriot act give the US RIPA-type powers to extract the decryption keys by thumbscrew ?

    More to the point, if a UK (there is a reason why I say UK, not EU[1]) company were to store it's data encrypted, in the cloud, and Uncle Sam decided he wanted to see it, and discovers it's encrypted, then can they issue a demand the owner provides it decrypted ?

    If the owner refuses, do they have criminal penalties ?

    [1]Because with the UK->US extradition treaty, you might find yourself on a flight to JFK without a fight.

    1. Number6

      Notification

      The point with encrypted data is that either they've already got the resources to decrypt it, so you'll be none the wiser, or they have to ask you for the keys. At that point, at least you know they're up to something, whereas the point of this article is to show that for unencrypted data they can get it without you knowing.

      Not that I've ever trusted the cloud anyway, and this sort of thing just reinforces it. They probably already have information on me, but why make it easy for them to get more?

      1. Anonymous Coward
        Mushroom

        which is why they said

        "Properly" encrypted - requiring more than a dictionary attack. As for the article's point ... if that was the point of the article, then it's rather a non-story, it rather boils down to:

        "Unencrpted data can be read by anyone",

        although you can argue about adding "without your knowing", but any decent system achitecture should start with the assumption that unencrypted data can be read without audit anyway. This leads to a design where the important bits are properly protected. Either by physical security (can only be accessed from certain locations) or encryption.

      2. Dave 15

        Properly vs non-properly encrypted - no difference

        Well, only in the size of the machine needed to break it. Do you believe the US government allows software with sufficiently robust encryption that they can't decrypt? Not a chance. They won't admit what they can read but you can bet your bottom dollar that if an American company has produced the software the American company can read the encrypted data. You can be pretty damned sure that the same applies in all 'friendly' nations (Europe...)

        It may be (only may be) that China, Russia or some 'rogue' state / private individual has produced something they can't decode immediately, but they do have enough computing power to break that as well.

    2. Dave 15

      extradition

      As pointed out the extradition is one sided. This is the case all the way through... even ww1 showed the Americans do nothing thats not to their direct advantage, they screwed the UK in ww2 (leaky wrecks of destroyers in exchange for every ounce of gold, every piece of land and every company you possess).

      We would have been better off ignoring all the ww1 treaties and building ourselves decent defence so we didn't need to rely on a 'friend' who was no friend at all... we should remember that thought right now.

      BTW I'm not actually saying the Americans are wrong here, they are looking after their own, just as it should be. What is very wrong is that neither Conservative or Labour governments in the UK will look after us!

  14. Whitter
    Stop

    The controversial law was established as an anti-terrorism tool.

    Was that meant to read "The controversial law was established as an industrial espionage tool"?

    1. Fatman
      Joke

      RE: anti-terrorism tool

      No, No, No, you have that wrong.

      It was established as a means to bilk the taxpayers out of billions and transfer that wealth to vartious defense related industries.

      It was also established to run roughshod over civil liberties; and one would think (and here I am standing on quicksand) the "Tea Partiers", who espouse LESS government regulation, would have done more to see that this abomination was allowed to die. But, when a "Tea Partier" is confronted with two equally disgusting choices; one being to do away with the PATRIOT Act, and restore civil liberties; versus creating ever greater profits for big mega-corps; we know where they stand.

      And merkins get their civil liberties shit upon - daily.

      Heard recently from a airline traveler: "How do you say TSA security screener in German?"

      "Gropin' furher"

  15. Andrew Duffin

    Great!

    Another fine reason to put your data on someone else's servers!

  16. justincormack
    Stop

    Hmmm

    They are openly saying they will break EU law? Makes the due diligence easier, just say no. Clearly good scope for EU companies in this market then.

    1. Dave 15

      more interestingly

      If I am a customer of the EU company that puts its data on a cloud server that the US can read, do I have the chance to sue them for improperly making my data available?

  17. g e

    And we're surprised how?

    Store your shit on a Yank server and expect to lose even the veneer of privacy.

    Surely everyone's known this for years?

    1. Anonymous Coward
      Holmes

      No surprise there

      but the gist of the article is actually "store your shit on a server ANYWHERE yanks have a finger in the pie and expect to lose even the veneer of privacy."

  18. ao7
    Big Brother

    Verisign: .com .net

    The Telegraph reports today ("British website owners targeted by US anti-piracy officials") that a director of a customs enforcement agency "said that all “.com” or “.net” websites were fair game" because if they touch Verisign's space they are subject to US law.

    My technical knowledge is sketchy, but isn't this a more sweeping jurisdiction grab than that done by accessing various clouds?

    1. Anonymous Coward
      Anonymous Coward

      It's also bullshit

      In theory, all they *could* do with a .com is ask the registrar to manipulate DNS records so you route site traffic through a proxy, but that's technically complicated - they tend to be too lazy and incompetent to do that normally (low ROI). Besides, if your actual host is outside the US it's a matter of using IP based VPNs or SSH tunnels and they won't stand a chance.

      You're more likely to get data through the usual manipulation of BGP routing tables, but that's done by a club that won't hand off information just for prosecuting some spotty teenager - they cannot afford to expose their presence or the quality and depth of their SIGINT in a public ourt of law - you have to stay realistic here and separate fact from scare story.

      The .com/.net argument is pure, raw and unadulterated bullshit aimed at scaring people. To me, it just shows the spokesperson is suffering a severe case of cranial invasion of the rectal cavity..

  19. Anonymous Coward
    Anonymous Coward

    Might this not be a bit of a spin/ploy by MS

    If MS are not as far down the SaaS and Cloud route as say Facebook, Google, Oracle, IBM, Apple and Amazon - to name but 6 - then anything that can crimp their competitors business and add costs to them has to be a good thing. Especially if MS already has a solution... Not suggesting for one moment that they would throw out such a confidence bashing line just for purely commercial purposes.... They obviously have their customers interests at heart!

    Just a thought.

    1. Anonymous Coward
      Anonymous Coward

      Or...

      Or, maybe: MS are alerting their customers to the fact that this law applies to them.

      Never expect a conspiracy when there is a much more likely explanation, no matter how unpalatable it may be.

      1. Ken Hagan Gold badge

        Re: Or...

        "Or, maybe: MS are alerting their customers to the fact that this law applies to them."

        Of course, you don't even need to credit MS with great sensitivity either, since this law also applies to their principal competitors. As a result, warning customers carries no great competitive risk and clearly covers Microsoft's ass for when the government come asking questions.

        But yes, the smart money favours cock-up over conspiracy every time, because most human beings just aren't smart enough to do a proper conspiracy, but cock-ups are easy.

  20. NoneSuch Silver badge
    Holmes

    Team America Internet Police

    The US Gov wants global access to HTTPS Google searches, Skype convo's, TOR, PGP emails, Hushmail and every other source of confidential or encrypted communications that businesses and private individuals have. They have wanted this since those technologies were introduced and the brighter ones among you will realize this predates 9-11 by many moons.

    Cloud computing's big marketing push is based on "convenience". Only the truly naive will imagine the US Gov holding up its imperious hand and saying "No-no, we do not want access to your medical records, lists of music, documents, friends, family, travel data and other personal information stored in the cloud."

    1. Ken Hagan Gold badge

      Re: Team America

      "The US Gov wants global access to HTTPS Google searches, Skype convo's, TOR, PGP emails, Hushmail and every other source of confidential or encrypted communications that businesses and private individuals have."

      But on the face of it, the US consitution tells that same government VERY CLEARLY to fuck right off. It would be interesting to see a challenge to these powers in the Supreme Court.

      But as I once said to a visiting merkin, the constitution is a truly wonderful document and it is fun to imagine a state run according to its terms. Sadly...

  21. Asgard
    Big Brother

    We cannot trust ANY government to stay out of the cloud.

    “These EU provisions might conflict with obligations US-based firms, such as Microsoft, face under US law. “

    Unfortunately they don't conflict as much as we would hope, because the EU provisions already have small print allowing law enforcement access to the data. For example, EU grounds for processing personal data include:

    “Processing is required by a legal obligation;” … and “Such exceptions are permitted if, among other things, it is necessary on grounds of national security, defence, crime detection, enforcement of criminal law, or to protect data subjects or the rights and freedom of others.”

    http://ec.europa.eu/justice/policies/privacy/guide/index_en.htm

    Unfortunately if a government wants to look at our cloud data, then they will just play their usual “national security & defence” or “law enforcement so legal obligation” joker cards, so they can gain access to whenever they want. Sadly its already allowed in the small print of the EU provisions.

    Plus make no mistake, governments will abuse cloud data assuming its their right to access it for an ever increasing number of reasons. Low hanging fruit so to speak, will be to scan for terrorism and before you know it, it'll be scanning for everything.

    The simple truth is, we cannot trust governments to stay out of the cloud. Governments have small print in everything they do. For example, article 12, of the human rights act sounds like it should protect us, as it states:" No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks." … But of course, the small print is “arbitrary interference” … so therefore define “arbitrary interference”. A legal obligation is being argued its not arbitrary, therefore they argue they are not violating article 12, therefore article 12 is meaningless in practice. It won't protect us from state overview of anything they define as legal obligation and they will abuse that over time to mean anything they want it to mean as legal obligation.

    Plus don't forget we have seen laws abused to mean totally different things over time before. For example, just look at how the insane UK to US extradition ruling has been abused out of all proportion from what it was originally intended for. It was started to help stop terrorism and yet now, its being turned into anything including trying to extradite a kid for just linking to sites which violate copyright!

    Cloud data will be utterly abused by governments and they have small print ready and waiting to be exploited for them to continue to find reasons to access the cloud data. Plus these companies offering this Cloud are not doing it out of the goodness of their hearts. They also want to scan and spy on the data.

    Exploiting our privacy is turning into a free for all gold rush for corporations and governments and they are trying to lie to us to fool us into believing we should just give up our privacy to put it all in the cloud. Because ultimately violating our privacy is very valuable to the corporations and governments.

    There are good reasons why people fight to stop state intrusion into their privacy. History has shown this so many times and if that isn't enough, then look at the revolutions this year, where people are still dying to this very day, as they fight to try to stop state intrusion and control over their lives. We are not all fools who believe in the cloud. The cloud cannot be trusted because ultimately governments cannot be trusted.

  22. Field Marshal Von Krakenfart
    Big Brother

    Patriotism is the last refuge of a scoundrel: Samuel Johnson

    Seeing this really make we wonder about the Irish Grubberment using CACI (UK), an UK based subsidiary of the abu ghraib torture for hire company, to process the Irish census data.

    That’s CACI, “ever vigilant, a national asset for national priorities”

    That’s CACI, “Solutions and technology to safeguard our nation and way of life”

    (I got these for CACI’s own web site…)

    Now, while I don’t doubt for a minute that there are a lot of people out there who wish ill on merkin-land, what sort of a half-wit idiot is going to store “terrorist information on a USA based cloud application????!!!! I’m quite sure that department of homeland defence are aware of that fact as well, so what sort of terrorist do they expect to find at home, another Timothy McVeigh???

    I suspect that the information what will be of real interest to them is not so called terrorist information, but soft commercial information that will enable merkia to maintain is position as a ‘world’ power… and keep all those green back that are away on holidays as petro-dollars, away even longer.

    1. Anonymous Coward
      Anonymous Coward

      You're right..

      "what sort of a half-wit idiot is going to store “terrorist information on a USA based cloud application?"

      You're absolutely right - smart terrorists will know the clouds come afterwards, when it all blows up..

      I personally cannot really understand this terrorist crazed world we have now. I lived in London during the time the IRA regularly brought in fertiliser for other reasons than gardening, and (a) the Met Police did actually do a good job at catching them without banning tourists from taking holiday snaps and (b) the press sensibly deprived the terrorists of the one thing they craved: publicity.

      Personally, I think that terrorism would be quicker eradicated if they no longer got the global coverage they now have. But hey, that wouldn't make such a scandalous amount of money for everyone. The press sells lots of papers and ads, the TSA gets to either irradiate or fondle you instead of using dogs which cost 1/10 of your average scanner per year and can also catch criminals that run away, security agencies the world over get frankly ridiculous budgets to waste on building larger hay stacks which only help AFTERWARDS to figure out what happened, but never find the needles before the event, and in the meantime we do squat about the root causes. Let's not disturb this little gravy train, shall we?

    2. John Smith 19 Gold badge
      Unhappy

      @Field Marshal Vo Krakenfart

      "Seeing this really make we wonder about the Irish Grubberment using CACI (UK), an UK based subsidiary of the abu ghraib torture for hire company, to process the Irish census data."

      Whereas the UK used everybody's favorite global arms corp Lockheed Martin to process theirs.

      In the US.

      Then did it again.

  23. BTUser
    Black Helicopters

    Adding Fuel to the Fire

    because this needs SORTING!

    http://blog.alexanderhiggins.com/2011/06/27/microsoft-files-patent-software-government-py-digital-communications-31641/

    Microsoft Files Patent For Software That Allows The Government To Spy on All Personal Digital Communications

    1. OziWan
      FAIL

      RE Adding Fuel to the Fire → #

      I think intercepting all forms of packet based communication by law enforcement is definitely got some prior art on it :).

      (Fail not aimed at the poster but by the patent requester).

  24. Anonymous Coward
    Paris Hilton

    Being realistic

    Of course every cloud has its security force permit for access at ease.

    Welcome to the new realism.

    Maybe one advantage is that state/national security agencies access stuff directly rather than hire party analysis a la phorm?

  25. Field Marshal Von Krakenfart
    Boffin

    what everyone should do....

    is store files in the 'merkin cloud..... created by generating files by taking the output of a random number generator (range 0 - 255).

    We'll see how much cray cpu time it will take to crack that code....

  26. John Smith 19 Gold badge
    Coat

    *established" for terrorism

    But as always.

    They came for the terrorists, but I was not a terrorist.

  27. Smoking Man
    Big Brother

    And the difference is??

    Now what should make cloud services different from classical outsourcing?

    If I'd outsourced all of my IT to EDS/HP, IBM, Dell, all american companies, today,

    why should it be any "safer" (intentionally put in quotes) compared to cloud?

    I guess we're already there since long time, it's just that nobody cared..

  28. Sergie Kaponitovicz
    Megaphone

    Solving a non (OK negligible) problem?

    Question: Anyone know (via FOI requests??) how many people have been killed by terrorists in the past 30 years compared to deaths from heart disease, obesity, drugs (booze & alcohol included), suicides, murders, car crashes, manslaughters, fatal five-finger massages ....... ?

    Just one attack on the USA since Pearl Harbor and the whole world must dance to their song.

    Dear Politicians

    PLEASE, Dump all of this 'we will protect you' crap and just let us take our own chances.

    "The End"

    Quote courtesy of a recent CSI episode on C5USA.

  29. Anonymous Coward
    Mushroom

    Straight forward really...

    I, for one, will not be welcoming our evil cloud overseers, and will in fact be avoiding the cloud like the plague it really is.

    When so many worry about the security on their local machine, how the hell can you trust *ANY* of your data (personal or otherwise) on a system owned by a company/government. You can't, in my mind.

  30. Michael Mokrysz

    Err

    No shit, sherlock. If you're worried over this sort of thing, avoid US companies, and ideally companies with any slight US presence.

  31. shawnfromnh
    Facepalm

    sounds fair

    I'm sure there won't be a single problem also when the E.U. or China do the same thing since it will be the same thing.

  32. Anonymous Coward
    Anonymous Coward

    Rackspace et al

    I presume this applies to not just cloud but also managed services such as Rackspace (based in Texas)? And what about backup services like Iron Mountain (based in Massachusetts)?

  33. Tony Paulazzo
    Facepalm

    Title

    >because ultimately governments cannot be trusted.<

    QFT

  34. thegladfan
    Thumb Down

    shouldnt multinational companies have the option to obey local laws (exclusively)

    Now im in eu so dont know allot about the patriot act, only what we see on the tv, but from what we have seen they can do what they want when they want to and call it "patriot act" so they dont have to explain themselves. So when we sign up for a service in the EU and the EULA states local law rather than US law then shouldnt this be the case, if i sign up in EU then if there is a problem or the authorites do want to see my data then they should have to follow that and not their own. If this isnt the case how does the rest of the world get on. Forgetting microsoft for a minute, what are the rules for other companies like sony or toyota, they deal internationally and are based in chine that has restrictions gallore, so are their satellite services like sony reader for instance under their law or local law...

    in this day and age you should be bound by the law of the internet if you buy a service from a provider then the location of the provider not their parent company should be used, if i buy windows in london then how can they enforce their EULA if they are then gonna tell me the USA is on my machine under the Patriot act.

  35. Dave 15

    Just a warning shot

    From the US today - another warning shot - they are apparently looking at whether journalists on the News of the World broke any US laws while working in the UK.... US jurisdiction is world wide apparently...

    1. John Smith 19 Gold badge
      Happy

      @Dave 15

      Not really. News Corp is the US parent of News International and it *is* registered in the US.

      It gets interesting in that NoTW and Staff are NI employees, but AFAIK NI is a *wholly* owned subsidiary of News Corp.

      Just as BAe Systems (If I've got their name correct) were being investigated for paying bribes to Saudi nationals in Saudia Arabia by the *British* authorities, despite the people *allegedly* being bribed living in the Middle East.

This topic is closed for new posts.

Other stories you might like