Sign in / up

back to article Singapore signs for Azure-hued sovereign cloud from Microsoft

Singapore is getting its first sovereign cloud, thanks to a partnership between the Home Team Science and Technology Agency (HTX) and Microsoft that was signed into existence on Thursday. A sovereign cloud typically guarantees in-country storage and data processing for highly sensitive workloads and data. Singapore's is …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Pascal Monett Silver badge

    Sovereign clouds

    I rather agree with that idea.

    And basically I'll agree with anything that keeps the NSA away from my data.

    Since I cannot prevent or forbid anyone from putting the data they gather on me in a cloud, well a sovereign cloud is the least bad option.

    Of course, that presumes that the NSA doesn't have its claws in it in the backend somehow - and that might be quite a presumption.

    Especially if the cloud uses Cisco hardware.

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Sovereign clouds

      I rather agree with that idea.

      And basically I'll agree with anything that keeps the NSA away from my data.

      Then you should be horrified that the chosen partner is Microsoft who doesn't exactly have a great track record for security or keeping their fingers off information that doesn't belong to them. Given that Singapore is an economic competitor of Wall Street I think it's pretty much guaranteed that there will be "export".

      If I were the Singaporean government I'd implement some proper data surveillance, and if they want to IPv6 I'd either ban or at least inspect the contents of IPv6 extensible headers for covert data transport.

      0 2 Reply
      1. Wellyboot Silver badge
        Reply Icon

        Re: Sovereign clouds

        Sovereign cloud infrastructure needs serious protection as it's a prime target for attack.

        The French cloud has the advantage of being built 'somewhere' in France and probably dispersed with at least 2n redundancy. The population density & geography of Singapore makes that a difficult task, I'm not sure they can easily build an equivalent set up. Off-site may have advantages.

        0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Still better than Italy's FrankenCloud

    Italy's State-owned cloud proposal is based on TIM bringing in Google, Leonardo bringing in Azure, and SOGEI bringing in Oracle - all together (poor AWS, the only one out of the door...). Datacenters won't be owned but leased. Data security is based on some form of key management, and it's not clear how much Google/Microsoft/Oracle personnel will be involved in maintenance and management - the Minister for Digital Transition, Vittorio Colao (who incidentally works or worked for some US companies and funds...) brushed aside CLOUD Act worries as "exaggerated"

    1 0 Reply
  3. Potemkine! Silver badge

    Does Singapore know about the Cloud Act?

    "The Clarifying Lawful Overseas Use of Data Act or CLOUD Act (H.R. 4943) is a United States federal law enacted in 2018 by the passing of the Consolidated Appropriations Act, 2018, PL 115-141, Division V. The CLOUD Act primarily amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil."

    1 0 Reply
    1. Zippy´s Sausage Factory
      Reply Icon
      Devil

      Re: Does Singapore know about the Cloud Act?

      I'm sure they thought about that, considered the risks carefully, weighed up the pros and cons and came up with a solution that really works for them.

      Then they realised that this was all they could afford.

      2 0 Reply
    2. Peter-Waterman1
      Reply Icon

      Re: Does Singapore know about the Cloud Act?

      Of course, Microsoft operating in a different country (Singapore) would be subject to local laws, not US laws. The US has zero jurisdiction over Singapore.

      Therefore if Singapore has laws in place to prevent data from being slurped up and sent to the US, Microsoft would be breaking the law if they sent it.

      1 1 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Does Singapore know about the Cloud Act?

        They would also be breaking the law in the US, if they didn't

        Them being a US company, stand to be harmed far more by not complying with the US law, than Singapore.

        Hence the recent rulings on US based companies and sending personal data, even if resident in an EU country will break GDPR.

        4 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Does Singapore know about the Cloud Act?

          Yes, that's the funny thing of the CLOUD Act. The company might appeal to a **US** court to have the request quashed in this case (limitations apply, see below), but in the meantime it has to keep the requested data available. The judge will decide to accept the motion to quash or not, with a broad power.

          And the funniest thing is that is possible only if the "foreign government" is a qualifying one - which means it bowed to the CLOUD Act already, and entered an executive agreement with US.

          That leaves a US company in the nice situation to decide which law it prefers to break - and which executives risk jail time.

          Now, that Trumpistani voted for such law I can understand, but what about all those "democrats" who should know better? Didn't they think about what people abroad think about this kind of overreach?

          0 0 Reply
      2. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Does Singapore know about the Cloud Act?

        Especially US laws do not even acknowledge the existence of any other country, and will thus care absolutely zero about what impact their wishes would have in the sovereign country of origin.

        If you have as much as a shed and a dog in the US, they will come and demand their data if they find a decent enough excuse (or serve you an NSL, of course), and if you can can say bye bye to either your US company, your freedom or your ability to enter the US.

        Hence the inability to get any solidity behind Safe Habor and Privacy Shield - that those failed wasn't the surprise, it was how long the lie managed to last.

        0 0 Reply
        1. Peter-Waterman1
          Reply Icon

          Re: Does Singapore know about the Cloud Act?

          There has to be a bilateral agreement for this to work.

          It creates a framework under which the United States can enter into bilateral (or executive) agreements with foreign states. Those agreements would allow law enforcement authorities in the United States and the foreign state to make requests directly to local law enforcement and service providers located in the other jurisdiction. In other words, a foreign government could directly contact a service provider or local U.S. law enforcement to request information stored in the United States, and likewise the U.S. government could directly contact a foreign service provider or local law enforcement to request information stored in the foreign country. No such agreements have been passed yet, but the UK has passed the Crime (Overseas SCA orders) Act 2019 in anticipation of these bilateral arrangements

          https://www.justice.gov/dag/page/file/1153466/download

          Do CLOUD Act agreements allow the U.S. government to acquire data that it could not before?

          No. CLOUD Act agreements remove the possibility that one party’s legal restrictions on

          disclosing data could conflict with the other party’s legal authority to collect evidence. CLOUD

          Act agreements do not alter the fundamental constitutional and statutory requirements U.S. law

          enforcement must meet to obtain legal process for that data – standards that are among the

          most privacy-protective in the world.

          0 3 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: Does Singapore know about the Cloud Act?

            No, no bilateral agreement is required. If you don't enter any agreement the CLOUD Act requires US company to hand data they control abroad anyway.

            If a government enters an agreement there is some ridiculous concessions but still only US entities control what is requested and what it is actually delivered. US can asks data about foreign citizens too, but other governments can't ask data about US citizens.

            US Depts are trying hard to put some lipstick on the pig - but it is too late.

            This kind of contempt especially towards long time allies shows very well what kind of ignorance and ill will permeates the whole Congress.

            1 0 Reply
            1. Peter-Waterman1
              Reply Icon

              Re: Does Singapore know about the Cloud Act?

              Here is the wording in the cloud act . There has to be an agreement in place

              TABLE OF SECTIONS.—The table of sections

              9 for chapter 121 of title 18, United States Code, is

              10 amended by inserting after the item relating to sec11 tion 2712 the following:

              ‘‘2713. Required preservation and disclosure of communications and records.’’.

              12 (b) COMITY ANALYSIS OF LEGAL PROCESS SEEKING

              13 CONTENTS OF WIRE OR ELECTRONIC COMMUNICA14 TION.—Section 2703 of title 18, United States Code, is

              15 amended by adding at the end the following:

              16 ‘‘(h) COMITY ANALYSIS AND DISCLOSURE OF INFOR17 MATION REGARDING LEGAL PROCESS SEEKING CON18 TENTS OF WIRE OR ELECTRONIC COMMUNICATION.—

              19 ‘‘(1) DEFINITIONS.—In this subsection—

              20 ‘‘(A) the term ‘qualifying foreign govern21 ment’ means a foreign government—

              22 ‘‘(i) with which the United States has

              23 an executive agreement that has entered

              24 into force under section 2523; and

              March 21, 2018 (6:08 p.m.)

              0 0 Reply
              1. Anonymous Coward
                Reply Icon
                Anonymous Coward

                Re: Does Singapore know about the Cloud Act?

                Yes, for the reciprocal part (limited to a select number of countries) of the cloud act and when there is one in place, the company in that country doesn't have to worry about which law they will be breaking. Otherwise they have 14 days to move to modify or quash the request.

                All US companies are subject to the CLOUD act in all countries, no agreements needed with said countries.

                0 0 Reply
    3. kat_bg
      Reply Icon

      Re: Does Singapore know about the Cloud Act?

      Probably they do. However, they can proceed like Germany did, where data centers storing Office 365 are located in Germany but operated by a 3rd party and Microsoft does not have access... Like that, Microsoft can claim that it doesn't own or operate the servers.

      0 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Does Singapore know about the Cloud Act?

        But for that instance, microsoft does have access and does operate the datacenter. They only have an agreement / contract that says that they dont own or have access to the data (which is on the systems they manage), nor is the datacenter theirs.

        That is why they are currently in court in the US over not complying with a request, which they will likely lose as they are in reality in control and it is their hardware that they manage, it is part of their infrastructure so falls under the requirements of the cloud act.

        Microsoft provide the hardware investment, the software investment, get the profits, manage the systems etc. It is their infrastructure.

        0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like