Sign in / up

back to article When hyperscalers can’t safeguard one nation’s data from another, dark clouds are ahead

The details of cloud data regionalization are rarely the stuff of great drama. When they’ve reached the level of an exec admitting to the Senate that a foreign power can help itself to that nation's data, no matter where it lives, things get interesting. It was the French Senate, Microsoft France’s director of public and legal …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. VoiceOfTruth Silver badge

    I think it was news for some people

    >> This is a great story, but it’s not really news.

    Actually quite a lot of people thought that American companies like MS would obey local laws. After all, that is what they say.

    Any data on American computers is subject to access by the American regime. The Foreign Commonwealth and Development Office signed a new contract with MS earlier this year. I seem to recall Parliament doing the same a few years ago. All that supposedly confidential data, discussions with your MP about topics which are nothing to do with the USA, are slowly being added to an American database about you and me, Britain really is just a stub of an independent state. And the USA is not our friend.

    33 4 Reply
    1. Secon
      Reply Icon

      Re: I think it was news for some people

      The contract terms on which G Cloud 14 was competed absolutely require all processing to be conducted inside the UK.

      Microsoft (as well as others) sell services through that contract - but far from being UK only they actively support those services from 100 countries outside of the UK (according to Microsoft’s own listing of locations where administrators and persons with need to remotely access M365 or online services data are located.

      Only about 64% of those countries have any UK or EU data adequacy.

      EVERYONE must by now know that MSoft services have zero capability to support any form of sovereignty - and yet everyone keeps using them…

      6 0 Reply
  2. may_i Silver badge

    Microsoft's claims to defend EU data

    Have already been evaluated and found to be wanting.

    Microsoft's hands are tied by the laws of the country in which they are headquartered. Anyone who purports otherwise is either lying or stupid.

    The only reason why the EU has not banned US based cloud services from the region is that they are too scared of the consequences in terms of retribution from the US government. This cowardice is a perfect example of what happens when you don't stand up to a bully. Give 'em an inch and they'll take a mile. That the EU allowed themselves to be bullied into a shit tariff "deal" with the mad orange king, without even threatening to hurt the massive income that the USA gets from EU customers of US hyperscalers shows clearly how scared they are of the bully.

    Not to mention that the consequences for EU businesses, who have ignored all the down sides of putting their data on computers owned by a US company, would be significant. Many companies would need years to divorce their IT infrastructure from the US hyperscalers. This fact is something that the hyperscalers are fully aware of and something that they do their utmost to maintain. The US government is also very happily aware of the fact that they have the EU by its digital testicles and only need to squeeze to get whatever they want.

    We find ourselves at a turning point. Either we roll over and allow the USA to rule Europe and steal our resources, or we stand up and say "Enough!".

    29 1 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Microsoft's claims to defend EU data

      The EU tariff deal isn't that bad. US importers have to pay 15% to import from the EU, while importers in the EU can buy stuff from the US and pay no tariff.

      If this tariff was only levied against the EU, then it would be a really bad deal. However since the orange one has decided to tariff the entire world, it isn't. While a few countries like the UK get a slightly lower rate of 10% most are at 15% or higher. This means any US importer that currently buys from the EU doesn't have much wiggle room. If they want to go somewhere else for the product they will still be paying a similar amount of tariff. If they try to buy from a US supplier, they will find that they are also cranking up their prices to match the new higher import prices.

      So at the end of the day the competitive outlook for EU companies selling into the US hasn't changed that much. All that has happened is that the US consumer is being landed with a tax hike, so that trump can claim 'tariffs are working' and use the extra revenue collected from out of US importers pockets to give his rich mates a slight tax cut.

      10 0 Reply
      1. Softsuits
        Reply Icon

        Re: Microsoft's claims to defend EU data

        Even if you encrypted your data. A DOS on the sovereign your storing at will cripple operations. Always choose wisely the Ark.

        0 0 Reply
    2. graemep Bronze badge
      Reply Icon
      Unhappy

      Re: Microsoft's claims to defend EU data

      I think the bigger problem with regard to digital sovereignty is that they (like everyone other than China, and a few other countries that have been subject to US sanctions) are too dependent to break away easily, rather than the fear of retribution. As you say its not just government, but the private sector too.

      While there are some moves to reduce this dependency, there are others that increase it. The EU's digital identity system has been specifically designed to only run on Android if Google attests the phones are under its control: https://github.com/eu-digital-identity-wallet/av-doc-technical-specification/issues/18

      I am more familiar with the UK in terms of government systems where AWS is deeply embedded. Has your GP send an NHS prescription to a pharmacy? It goes through an AWS hosted system (according to NHS docs I have read, you have to go through AWS to integrate external systems with NHS ones - there may be legacy systems I do not know about or other exceptions, of course).

      As for the private sector, everyone I have talked in the UK and multiple other countries are more to be using a US hyperscaler. This is true globally. The US also controls payment systems, etc. It controls almost all the world's mobile phones. China controls a lot of electronics - vehicles, and IoT. The US has a vice like grip on everyone (increasingly China does too). Fail to roll over? They just turn everything off. it will take years, of not decades to reverse it, even if there was a real will to do it. I see little sign of major change and I think it is simply because it is a long term, expensive, project that is opposed by a powerful lobby group.

      3 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Microsoft's claims to defend EU data

        > I am more familiar with the UK in terms of government systems where AWS is deeply embedded.

        > Has your GP send an NHS prescription to a pharmacy? It goes through an AWS hosted system

        > (according to NHS docs I have read, you have to go through AWS to integrate external systems

        > with NHS ones - there may be legacy systems I do not know about or other exceptions, of course).

        I assume you were referring to NHS *England* and there is not really a single NHS entity.

        The "NHS" in Wales, Scotland, and Northern Ireland (where it is actually called HSC NI) design and manage their own IT infrastructure and in the case of Northern Ireland do not use AWS or any other cloud provider for their infrastructure (it is hosted in a pair of Data Centres in Belfast), though the GP Practices' electronic records systems are provided by/hosted by EMIS & INPS and EMIS do apparently use AWS.

        Note: GPs/GP Practices are *not* part of the NHS, they are run by private individuals/partnerships/limited companies contracted by the NHS (via GMS contracts) to provide services and so the electronic records systems used by GP Practices are not "government systems".

        3 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Microsoft's claims to defend EU data

          Emis were bought by Optum so even if they were not using aws you are still dealing with an American company

          0 0 Reply
  3. alain williams Silver badge

    On-prem services is a good start ...

    but what software do you run on your in-house machines ? If that is written by an entity beholden to an inquisitive government how can you be sure that your data will not be exfiltrated ?

    If you run Microsoft then its telemetry is designed to do just that - beam parts of your data back to the mother ship. If the USA government takes an interest in you how much telemetry will have nothing to do with debugging faulty Microsoft code ? A good firewall cannot be used to stop MS telemetry.

    Open source software is much better but not a 100% silver bullet. I suspect that Debian is more resilient to 'interesting/unseen' code additions than Red Hat but it is likely that you will have some proprietary business specific code running on the machines.

    18 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: On-prem services is a good start ...

      A good firewall most certainly can stop Microsoft telemetry. Mine do.

      6 0 Reply
      1. I could be a dog really Silver badge
        Reply Icon

        Re: On-prem services is a good start ...

        It can, but then it will also stop traffic that you do need. The problem is that a (for example) Windows Server will need to talk to Mother to get things like security updates and the like, but MS are careful to make it hard (if at all possible) to differentiate "good" traffic from "bad" traffic. Given that it's all encrypted, it's hard to do deep packet inspection - though yes, I know there are techniques involving private security certificates, but I bet MS hard code that sort of stuff specifically to stop people working around the problem.

        And the newer stuff is all designed to need to talk to Mother in order to work at all - even if running on-prem.

        13 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: On-prem services is a good start ...

          That's what WSUS is was for, no need for your server to talk to the internet if they don't need to and no need to talk to anything, if they do your firewall or proxy can restrict the outbound to what they do need.

          I work in a sector that requires completely disconnected environments, there are windows servers and desktops in there, they all still get updates perfectly fine.

          The other zones have limited access, with very few servers having very limited access to the outside world, only if they need it.

          It is possible to limit access and if they get anything sent to them.

          3 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    Where Are Internet Service Providers Based?

    Amazon -- USA

    Meta -- USA

    Microsoft -- USA

    Palantir -- USA

    Yahoo -- USA

    Google -- USA

    Apple -- USA

    IBM -- USA (includes RedHat)

    .......so how hard can it be for ANYONE OUTSIDE THE USA to figure out where private data will end up?

    Let me spell it out -- USA!!

    Yup....."cloud" is not the answer!!

    The actual answer (partial) -- Air Gaps!!

    10 2 Reply
    1. Thomas Steven 1
      Reply Icon

      Re: Where Are Internet Service Providers Based?

      Alibaba?

      5 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Where Are Internet Service Providers Based?

        ByteDance?

        1 0 Reply
      2. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Where Are Internet Service Providers Based?

        you left off the " - China" location. Is is possible you don't know where Alibaba are headquartered?

        0 4 Reply
        1. DS999 Silver badge
          Reply Icon

          Re: Where Are Internet Service Providers Based?

          Depending on what your business is and what the data is, it might be safer in China's hands than America's.

          Certainly as a US citizen if I had a choice between exposing every bit of electronic data I hold on my phone and PC as well as data third parties hold about me to the US government or the Chinese government I'd choose the latter. Simply because the US government is in a much better position to take action against me based on that information should they choose to, than China's is. A Chinese citizen living in China might come to the opposite conclusion for the same reason.

          I didn't trust my government before, but with Trump and his cronies in charge I REALLY don't trust it.

          13 0 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: Where Are Internet Service Providers Based?

            As a US citizen China already has all of your data.

            3 0 Reply
          2. GM1491
            Reply Icon

            Re: Where Are Internet Service Providers Based?

            Actually, China is as bad as the US. As a company you cannot trust them, especially if you do things they can't.

            0 0 Reply
    2. Aladdin Sane Silver badge
      Reply Icon
      Headmaster

      Re: Where Are Internet Service Providers Based?

      With the exception of the limited reach of Google Fiber, not one of those is an ISP.

      1 0 Reply
    3. BobChip
      Reply Icon
      Big Brother

      Re: Air Gap

      I prepare client sensitive (planning) plans and drawings on a Linux system.

      1 Internet access is OFF while I am working. Whole desktop is completely airgapped.

      2 Work is saved to an external USB HDD. If needed, I will create a temporary directory on the external drive to store work in progress, or useful files copied from the desktop.

      3 Finished work is copied from HDD to USB / DVD, and then delivered to the client BY HAND. No emails, file transfers etc..

      4 HDD is safely unmounted.

      5 Machine is restarted with internet enabled, to permit system updates, searches etc.

      6 Desktop is checked for any residual data, copy and paste files or informative emails etc, to be properly cleaned / deleted. Nothing sensitive is stored on the desktop. Ever.

      7 On request, the external HDD is either overwritten or handed to the client. NOTHING is left in my hands, except for paper records.

      Is all this too extreme? If it sounds like a lot of work, it is. Plus quite a lot of forethought and care in carrying out. But it provides a level of privacy and security which my clients obviously appreciate. I get repeat work.

      No clouds for me, thank you!

      1 0 Reply
  5. Roland6 Silver badge

    It’s back to basics: business models

    The real problem is we are obsessed with bigger is better. Thus we are obsessed about creating monoliths. Microsoft can’t guarantee data sovereignty because it wants to own and control those cloud data centres. If however, we move to the cooperative model, which underlies Open Systems and was the ideal of cloud before everyone flocked to AWS, Google and Microsoft. Microsoft doesn’t need to operate those data centres, it merely provides tools and standards.

    I suggest the easiest way to gain sovereignty is to limit the market ownership. The EU could require Microsoft et al to sell all of its EU datacentres to local operators and demerge them from their highly centralised operations. So businesses could still run 365, just that it’s on a local cloud operators infrastructure.

    3 2 Reply
    1. I could be a dog really Silver badge
      Reply Icon

      Re: It’s back to basics: business models

      That wouldn't work.

      365 is designed now to be "chatty". There's no conceivable way any local operator could provide any assurances about what the Micro$oft software running on their servers might do with any data. And given how 365 is now designed to be chatty, they can't even just cut off outside access - that will just make stuff "not work properly".

      This revelation isn't news - it's been obvious, and some of us have been pointing out the obviousness of it for years. At a previous employer, we (well, not me obviously) were busy selling 365 to clients, in part because the senior management had a secret policy of running down anything in-house before eventually making those of us who ran it redundant. I did point out that it was dishonest telling people that 365 and the stuff that went with it was GDPR compliant when it was really obvious that the client would not have the level of control/sovereignty over their data (and their clients' data) that was needed for GDPR - but the boss just carried on telling gullible clients that their data was secure, held in the UK, and covered by Micro$oft's assurances about lack of access. Anyone with 2 brain cells to rub together could see the male bovine manure in that - especially when MS just handed over data held in Ireland the day after the CLOUD act was passed.

      6 0 Reply
      1. Doctor Syntax Silver badge
        Reply Icon

        Re: It’s back to basics: business models

        Obviously not your company because of the way they went. But if the EU insisted - unlikely but possible - that the only way MS could continue to run their stuff in the EU would be at arm's length through some sort of franchise arrangement it would be made possible in short order. Necessity is the mother of invention, etc.

        2 1 Reply
      2. graemep Bronze badge
        Reply Icon

        Re: It’s back to basics: business models

        "especially when MS just handed over data held in Ireland the day after the CLOUD act was passed."

        I did not know about that. Do you have a source for that I could cite to others?

        0 0 Reply
        1. may_i Silver badge
          Reply Icon

          Re: It’s back to basics: business models

          Here's a couple of good sources for you:

          https://digitalcommons.wcl.american.edu/cgi/viewcontent.cgi?article=2103&context=facsch_lawrev

          and

          https://www.stanfordlawreview.org/online/microsoft-ireland-CLOUD-act-international-lawmaking-2-0/

          1 0 Reply
  6. nijam Silver badge

    "Sovereignty" simply means the financial and military muscle to boss your way in the world.

    Anyone who imagines it to have another meaning is naive, in my opinion.

    4 0 Reply
  7. Adam Trickett
    Linux

    european-alternatives.eu

    The site european-alternatives.eu tries to list local alternatives to US providers. I think the concept of smaller and local providers is gaining some traction, though I don't know how the likes of OVH or Ionos compare against Microsoft/AWS or Google.

    I know my virtual servers are locally hosted and by smaller more personal providers, doesn't cost me much and it all seems to work fine.

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: european-alternatives.eu

      The issue is one of TRUST.

      Being non-USA does not mean that your data is any safer ... it just means that the 'people' poking their noses in your data are more 'local' !!!

      I agree with not wanting the US of A to 'hoover' up all the data they want ... BUT there are other entities that are just as 'inquisitive', are they any more desirable 'silent partners' ???

      What is the real point is that there should be limits on what 'others' can legally acquire under the guise of 'Safety for all or the greater good'.

      The intent may be admirable BUT abuse is always 'just around the corner' by some power hungry politician/leader etc.

      Look at what Herr Trump is doing in the US of A, he is pushing the bounds of what was considered acceptable by the POTUS.

      No-one is able to slow him down, never mind stop him.

      Watch as the Herr Trump starts 'asking' the Tech Behemoths to do his bidding, as he continues to manipulate the world and its economy.

      Herr Trump is driven by greed for money and power (that enables him to gain even more money) !!!

      Market manipulation on the back of his 'Tariff Campaign' is blindingly obvious ... what next !!!???

      Anything Herr Trump can do ... others will 'ape' and try elsewhere ... do you feel any safer now ???

      :)

      3 1 Reply
      1. Peter Gathercole Silver badge
        Reply Icon

        Re: european-alternatives.eu

        "Being non-USA does not mean that your data is any safer"

        I actually slightly disagree, because if you make it local law that data must not be exported from those local datacentres, then at least you can arrest and incarcerate any 'locals' that break those laws, and fine the local entities who run the services. Try arresting someone in the US for breaching GDPR or the Official Secrets Act, or asking Microsoft to pay the fine for leaking the data.

        But there is another problem here, one of scale. We've allowed all of the cloud providers to get so big that only they can offer the economies that come with that scale. and allow them to migrate yesterday's servers to lower tier offerings to allow them to replace them with today's technology.

        Small operators just cannot compete, so their services will be more expensive, have less headroom, and will need a longer refresh cycle on the hardware.

        2 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: european-alternatives.eu

          Sort of get your point ... BUT arrest & incarceration ONLY works if there is some oversight function that is NOT controlled by the same entities that are 'hoovering' up your data !!!

          It is very easy to NOT 'See' what you would prefer to be hidden.

          The scale issue is real ... totally agree ... the only answer is to pay more in the short-term to allow the competition to grow so that it can be a real alternative to the 'usual suspects' !!!

          The 'Rest of the World' should have learnt from the 'Tariff' nonsense that america is no longer 'your friend', which means that alternatives to the Tech Behemoths need to exist for the basic safety of non-US countries/businesses.

          Herr Trump may have actually done the world a favour ... by accident ... there needs to be some alternative to the Tech Behemoths that are NOT under the ultimate control of the US of A.

          Mega-huge global entities are not such a good idea when your 'friend' can be come your 'enemy' overnight !!!

          :)

          0 1 Reply
  8. Anonymous Coward
    Anonymous Coward

    "Sovereignty" -- Just More Misdirection!

    Let's just think this through!

    I want MY DATA to be private.

    I want to know that MY DATA and access to MY DATA is all being controlled by ME!

    That means that I need to know EXACTLY who reads MY DATA, and I need to stop anyone I don't approve of reading my data.

    So......(Q) How in the world can this happen if MY DATA is in the "cloud"?

    (A) It can't! Full stop. It can't!

    Anyone (MS, Amazon, Meta, Google, Palantir) who claims that I should trust them .... is lying!

    6 0 Reply
  9. Omnipresent Silver badge

    I got news

    America has been had and hacked and manipulated by russia and china in the least. This is before the saudis and isreal joined the party. America is an open book run by career criminals, felons, rapists, and known dictators. There is no internet security. It's a farce. The internet is INSECURITY. Being on the internet is as unsafe as it gets. It's more safe to write everything down on a "post it" note.

    1 0 Reply
  10. Anonymous Coward
    Anonymous Coward

    EU should stop complaining.

    They have always been a vassal of the USA. What the actual President of the US just did is to make it crystal clear.

    1 4 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: EU should stop complaining.

      "They have always been a vassal of the USA."

      The key point is ... was it willingly the case ???

      The US of A took advantage of the situation at the end of WWII.

      They were big, powerful and effectively the industrial powerhouse of the world.

      They had profited from WWII and their 'Willing' help to re-build Europe was at a cost that Europe could not refuse.

      Of course, Europe was/is thankful BUT the cost is 'coming home to roost' and the real meaning of that cost is now obvious !!!

      The US of A industrial/financial/tecnological might has grown enormously since WWII and the creation of global Tech has given them effective control of the world economy.

      [Yes ... there was a misstep giving China the job of being the 'Workshop' of the world ... bought about by ultimate Greed of some of the people who became rich on the back of rebuilding after WWII. A misstep which they are trying to reverse, too late to be really effective !!!]

      Over night the US of A could crash the world economy without a single shot being fired, allies or not !!!

      This was NOT an issue because the US of A was on 'OUR side' and it was politically expedient for Europe to accept the almost endless help from the US of A without a thought.

      [That endless help was for a reason that was NOT about anything other than the US of A trying to gain power & control over everything vital.]

      Herr Trump is demonstrating that the idea that the US of A is your friend can be wrong and that the technological advantage/hold they have over EVERYONE could be weaponised with ease !!!

      The world needs to plan for the worse starting today ...

      Putin is an 'old style' military threat ... Herr Trump is a 'new style' technological threat which can cause much greater harm, far quicker than a conventional war.

      The world got lazy ...

      they thought that the US of A would play its political games BUT keep funds flowing due to their paranoia about the communist threat ...

      the world waited and slept ...

      the US of A saw the USSR go away due to the collapse of the USSR economy...

      the US of A saw the new Chinese threat and hoped it could be 'bought' by making them the 'Workshop' of the world ...

      the US of A thought everyone was like them, Greedy ...

      the US of A realised their 'misstep'/'greedy thinking' hoping that china would simply be happy with their cut of the 'Workshop' deal ...

      the US of A voted in Herr Trump for a 2nd time ...

      Herr Trump tries to reverse history and bring back America based Industrial power by taxing the rest of the world ...

      the world wakes up to 'Tariff Games' ...

      the world realises that they got lazy and slept for too long ...

      Now you have to fix the problem or likely be a 'vassal state of the US of A' for evermore !!!

      :)

      2 1 Reply
  11. StrangerHereMyself Silver badge

    Knee deep

    Most EU governments, councils and companies are already knee-deep in the American cloud quagmire, requiring maybe years to relocate to on-prem. There's a fair chance they'll wait for this to blow over and do nothing.

    0 0 Reply
    1. fg_swe Silver badge
      Reply Icon

      UK ICL/Siemens/Fuji

      There are some pockets of resistance inside UK_GOV and BUND_DE, which run on Fujitsu systems. SPARC, BS2000, VME Algol mainframes etc.

      Dreamers would say that this can be easily expanded. If only the Euro crowd had some Cojones.

      1 1 Reply
  12. fg_swe Silver badge

    IT Airbus

    There exist viable alternatives to Microsoft, Oracle, IBM, Apple, Google, Amazon, Facebook etc:

    https://di-fg.de/IT_Airbus.html

    Hetzner, Fujitsu, Qwant, Linux, DeltaChat, SSH, MaxDB, CompCert, seL4, xBSD, FramaSoft, Tuxedo, RPI...

    We all can start using them instead of just b1tch1ng about Trump.

    1 1 Reply
  13. fg_swe Silver badge
    Go

    Example Google TO Qwant

    Go to the settings page of your web browser and enable Qwant (out of Paris) instead of Google.

    In my experience, Qwant is in 99,9% of cases as good as Google.

    But Qwant does not suffer from the same world domination complex as the Googlers do. And it provides jobs in France, maybe one day for one of ourselves.

    This is what YOU can do.

    0 1 Reply
  14. fg_swe Silver badge

    Example WhatsApp TO DeltaChat

    DeltaChat uses the proven GNUpg cipher system, unlike the shady stuff inside WhatsApp. Also, it runs on ANY email server, no central servers needed.

    DeltaChat cannot do phone or video calls, though. Apart from that, it works like a breeze.

    Developed in Freiburg, Baden, Germany.

    https://delta.chat/de/

    0 1 Reply
  15. Anonymous Coward
    Anonymous Coward

    it's in the name

    Cloud!

    Anyone who has the vaguest interest in the weather knows that clouds don't observe any political boundaries - even air-gaps aren't secure. It's called the cloud for a reason (although I'll admit the name might not have been chosen with that in mind - more a case of digital nominative determinism).

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like