Dan Swinhoe (Global) - Data, Cloud, Government: The Dangers Of Data Sovereignty
Cloud Computing

Dan Swinhoe (Global) - Data, Cloud, Government: The Dangers Of Data Sovereignty

When Obama signed an extension to the Patriot Act, something interesting happened. People became worried the US would be able to access their data, no matter which country they resided in, because it was kept on the Cloud. When questioned, Microsoft couldn't promise that people's data was secure on their Office 365 Cloud service, because though you may be working from the EU, Microsoft is a US company and has to comply with the rules, and doesn't necessarily have to tell you about it. These rules apply to Gmail, Amazon and a host of others, despite various EU laws preventing this kind of thing, because they are all US companies.

When all this information came to the fore, it put the spotlight on two things; the generally scary, Big Brother approach the US seem to be taking, and the issue of Data Sovereignty.

Concept
The legal term is ‘trans-border data flow'. Each country has their own data laws, all varying in strength and in regard to issues such as privacy and security, which is fine when you know where that data is being stored and are familiar with those rules. But what happens when your data is on the Cloud, on a server you can't find, subject to laws you don't know about? You might still be able to access your data, but can local governments? Or even departments from further afield? Though the Act is the main culprit of data sovereignty hysteria, it's just the tip of the cloudy iceberg.


Pirate Bay's journeyman approach to data hosting has highlighted how sketchy laws can be when it comes to data. Though recently the company is having domain troubles having switched from Swedish to Greenland-based domains, the Privateers moved to the Cloud in order to escape being shut down.  Even before the Cloud, the company had been linked to countries that exist outside regular jurisdiction, such as sea fort-turned-Micronation, Sealand and North Korea.

Recently, UK PM David Cameron had to sign a cybersecurity pact with the Indian government after deciding to host government data in the country , in order to reassure those concerned that this wasn't a fool-hardy idea. As Ian Lamont, IT security specialist at BMW told GigaOM; a stock photograph from a brochure might be ok to store anywhere, but "customer data or the company's crown jewels? No way." Adding to the problem is a lack of information and involvement on where the data is stored. "It doesn't help for a bank to hear its customer data will be in this European cloud ‘region'. Not specific enough."

So while I personally invite the US to look at my Facebook pics and inane Tweets, I'm not so hot on the idea of them getting a hold of my bank details, or messages to my mum. Likewise, with governments increasingly turning to the Cloud, the stakes become even higher - another country being able to access your whole identity is kind of scary, no?

People may argue that as long as you stay on the legal side of things everything is hunky dory, but that's an opinion, not a guarantee. It's also worth noting that the Patriot Act, while being the media grabber, isn't the only law of this kind and lots of countries can get their mitts on Cloud data, but that doesn't make it any more ok, does it?

Ignorance is bliss
Despite the PR hype the Cloud has had, there's still a degree of misunderstanding around it. A worryingly large segment of people think Cloud computing has something to do with the weather. Knowledge around Data Sovereignty is even patchier, and while white papers do exist, but lack of awareness is still a danger.

Currently, if you want to try and protect your data and embrace all those Cloud benefits, there are few options really. Keep data in-house, and be very cautious about where your data goes and make sure you know all the details when it is being stored elsewhere. For Cloud service providers, being open about where the data is being held, and what assurances they can provide on its protection should come as standard.

While new rules governing certain areas, for example more pan-EU legislation on the issue, isn't out of the question, that only fixes the problem to a certain extent. Cloud computing is a global concept, one which needs a globally unified set of rules from which everyone can play along to. As long as the rules vary by state, region, island, etc., the paranoia over who owns what, who's snooping where, and which country Pirate Bay will be based in next, will never end.

By Dan Swinhoe, Editorial Assistant, IDG Connect

How do you feel about putting your data on the Cloud? Are you worried about governments accessing your data without your knowledge or permission?

Take our survey now. 

 

PREVIOUS ARTICLE

«Nelson Phillips (Global) - Humans vs. Machines: Managing People and Resources in Today’s Modern Enterprise

NEXT ARTICLE

Kathryn Cave (South Africa) Starting a Business: Jozi vs. The Mother City»
author_image
Dan Swinhoe

Dan is Senior Staff Writer at IDG Connect. Writes about all manner of tech from driverless cars, AI, and Green IT to Cloudy stuff, security, and IoT. Dislikes autoplay ads/videos and garbage written about 'milliennials'.  

  • twt
  • twt
  • Mail

Comments

no-images

Wim Schollaert on April 19 2013

Where People in the business right now are focusing on the teritoriality of the stored data. It is clear that we speak about Data flow... as data is moved between locations trough who knows what location, it quickly transits trough switching and routing located in a different country, so does that imply that the contry where the data flows trough has access rights ? port duplication / sniffing ....) Data privacy has not yet seen the end of the tunnel

no-images

C.C. Warren on April 19 2013

I don't particularly mind, as I (and other should do so as well) encrypt any vital information to the nth degree. And moreover, I only use the "cloud" for nonvital things (Amazon MP3 purchases, for example, or school assignments) prefering to instead carry my data on my person, just as portable and reliable as the cloud , on a flash disk. I'd suggest everyone do so as well. (When feasible.) What I *do* fear is the snooping of governments on internet transmissions (emails, im's, etc. ) and I'm already beginning to enact countermeasures to this... but if I told them here, that'd kind of defeat the purpose of having secrets. I'd encourage you all to be very cautious and be creative in your data storage and transmission. I wish you all the best in everything and hope that nothing disaterous befalls you, even if you are prepared.

no-images

B Cairn on April 20 2013

The criterion is 'the jurisdiction in which the data is located'. Not the 'jurisdiction of the data owner' or the 'jurisdiction in which a company is incorporated'. Consider a Bank holding company registered in Delaware, owns a subsidiary in London (UK). The subsidiary stores its customer account data on a cloud server located in Luxemburg. 1. Does the US/Delaware have jurisdiction over London? 2. Does the US/Delaware have jurisdiction over Luxemburg? 3. Does London have jurisdiction over Luxemburg? 4. Does London have jurisdiction over US/Delaware? Generally, to answer to 1 thru 4 in no. The question to be asked is "What bi-lateral terrorist and money-laundering arrangements are there between the various countries?"

no-images

Don O'Neill on April 21 2013

Every organization has information it cannot afford to lose. The remedy for the loss of proprietary information and data lies not in better Cyber Security hygiene, perimeter defense, or defense in depth measures. Instead the remedy can be found in a far more muscular and critical inquiry by consumers themselves into the actual risk of loss of proprietary information and data they cannot afford to lose and cannot protect. That inherent risk is heightened in the joint use of cloud computing with the Internet and a supply chain of third party participants and outsource vendors. In the Internet as public commons, there is no overarching responsibility for making the Internet safe; instead safety depends on cooperation and responsible choices by the commoners who use it. Considering the widespread Cyber Security risk associated with Internet use, why is the default option with respect to Internet use one of use not nonuse? Indiscriminately applied, the presumed use option only serves to enable Cyber crime whose bad actors threaten competitiveness and national security. Instead the default option on Internet use should be nonuse.

no-images

slayerwulfe on April 21 2013

i have no concerns about gov't i'm a very little person. my gov't doesn't (as strange and unrealistic, they do want me to be successful)to use me. i'm more concerned about those claiming to be business that are not. we have to accept the pains of getting older (that means the future)50 yrs this will not be an issue we'll either get older or we'll all be gone. hedge my bet, Hello, Goodbye. i feel so much better. very well written article

no-images

Hawk 79 on April 23 2013

Instead of asking little people, how do you feel about having created another "wonder",ripe for abuse by wronged politicians? Maybe like Albert felt after Atom Bombs dropped on civilians??

no-images

Wim Schollaert on April 19 2013

Where People in the business right now are focusing on the teritoriality of the stored data. It is clear that we speak about Data flow... as data is moved between locations trough who knows what location, it quickly transits trough switching and routing located in a different country, so does that imply that the contry where the data flows trough has access rights ? port duplication / sniffing ....) Data privacy has not yet seen the end of the tunnel

no-images

C.C. Warren on April 19 2013

I don't particularly mind, as I (and other should do so as well) encrypt any vital information to the nth degree. And moreover, I only use the "cloud" for nonvital things (Amazon MP3 purchases, for example, or school assignments) prefering to instead carry my data on my person, just as portable and reliable as the cloud , on a flash disk. I'd suggest everyone do so as well. (When feasible.) What I *do* fear is the snooping of governments on internet transmissions (emails, im's, etc. ) and I'm already beginning to enact countermeasures to this... but if I told them here, that'd kind of defeat the purpose of having secrets. I'd encourage you all to be very cautious and be creative in your data storage and transmission. I wish you all the best in everything and hope that nothing disaterous befalls you, even if you are prepared.

no-images

B Cairn on April 20 2013

The criterion is 'the jurisdiction in which the data is located'. Not the 'jurisdiction of the data owner' or the 'jurisdiction in which a company is incorporated'. Consider a Bank holding company registered in Delaware, owns a subsidiary in London (UK). The subsidiary stores its customer account data on a cloud server located in Luxemburg. 1. Does the US/Delaware have jurisdiction over London? 2. Does the US/Delaware have jurisdiction over Luxemburg? 3. Does London have jurisdiction over Luxemburg? 4. Does London have jurisdiction over US/Delaware? Generally, to answer to 1 thru 4 in no. The question to be asked is "What bi-lateral terrorist and money-laundering arrangements are there between the various countries?"

no-images

Don O'Neill on April 21 2013

Every organization has information it cannot afford to lose. The remedy for the loss of proprietary information and data lies not in better Cyber Security hygiene, perimeter defense, or defense in depth measures. Instead the remedy can be found in a far more muscular and critical inquiry by consumers themselves into the actual risk of loss of proprietary information and data they cannot afford to lose and cannot protect. That inherent risk is heightened in the joint use of cloud computing with the Internet and a supply chain of third party participants and outsource vendors. In the Internet as public commons, there is no overarching responsibility for making the Internet safe; instead safety depends on cooperation and responsible choices by the commoners who use it. Considering the widespread Cyber Security risk associated with Internet use, why is the default option with respect to Internet use one of use not nonuse? Indiscriminately applied, the presumed use option only serves to enable Cyber crime whose bad actors threaten competitiveness and national security. Instead the default option on Internet use should be nonuse.

no-images

slayerwulfe on April 21 2013

i have no concerns about gov't i'm a very little person. my gov't doesn't (as strange and unrealistic, they do want me to be successful)to use me. i'm more concerned about those claiming to be business that are not. we have to accept the pains of getting older (that means the future)50 yrs this will not be an issue we'll either get older or we'll all be gone. hedge my bet, Hello, Goodbye. i feel so much better. very well written article

no-images

Hawk 79 on April 23 2013

Instead of asking little people, how do you feel about having created another "wonder",ripe for abuse by wronged politicians? Maybe like Albert felt after Atom Bombs dropped on civilians??

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should the government regulate Artificial Intelligence?