The Dangers Of European Clouds

The Dangers of European Clouds

A recent study by ITIL just predicted that the US cloud industry stands to lose $21.5 – $35 billion over the next few years related to loss of market share due to PRISM. Is the marketing arm of US cloud providers on vacation?

Europeans (including residents of the UK and other parts of the world) have been justifiably outraged by the revelations of Edward Snowden about the US’ data mining of non-citizen information. Maybe. The truth is that most European governments can access their citizens’ data when held in country with far less due process than the US requires. Further, the US press hasn’t bothered to report much about the fact that the GCHQ (Britain’s version of the NSA; its motto: “Keeping our society safe and successful in the Internet age”) has their own version of PRISM: Tempora. With the secret cooperation of BT, Vodafone, Verizon, Global Crossing, Level 3, Viatel and Interoute, GCHQ gets details of telephone calls, emails, FaceBook posts and other online traffic by monitoring undersea fiber-optic cables – the ones that make up an enormous share of the backbone of the Internet.

So, excuse me for laughing at the hyperbole around the dangers of US cloud providers because of PRISM. The proposed solutions from abroad are even worse. Fears of US government surveillance have sprouted such nonsense as a UK-only cloud or legislation restricting EU members from using foreign clouds.

Me thinks there is more behind the proposed isolationism than data privacy. The US absolutely dominates cloud computing. I don’t know why really, but I can make some guesses. One would be the relative strength of the US economy versus Europe in the last ten years when cloud computing has mushroomed. I have another theory that is related to privacy. The reality is that the US has lax privacy laws and the EU has restrictive privacy laws that don’t play well in a cloud environment. It’s normal for the law to lag behind technology, but in this case, the US’ dearth of regulation has allowed the cloud industry to develop relatively unhindered. Europe’s privacy laws from the nineties don’t help.

While both US and European cloud providers serving EU residents need to comply with EU law, in my experience many US providers don’t bother. I blame that on ignorance and arrogance. As many lawyers as we have in the US, cloud providers just don’t think they have to worry too much about legal requirements. And if they stay within our borders and don’t handle financial or health related data, they don’t have much to think about. So, why not allow users from other countries? The US doesn’t regulate transborder data flows.

I’m not advocating for PRISM or Tempora (or the next secret government program that will be revealed). Nor do I believe all privacy laws are useless. But so far, there has been a major disconnect between what cloud users expect, believe and actually get related to privacy – whether their data is in the cavalier US or the tight-lipped EU.

By Cindy Wolf

Cindy Wolf

Cindy Wolf is a Colorado lawyer with more than 25 years experience representing large and small domestic and multinational companies. Her expertise is in helping companies enter the cloud safely, either as providers or users. She also practices in the areas of corporate law and commercial contracting, with an emphasis on international issues. She can be reached at cindy@cindywolf.com.

(*Note - This publication is provided for informational purposes only. It does not constitute legal advice. There is no implicit guarantee that this information is correct, complete, or up to date. This publication is not intended to and does not create an attorney-client relationship between you and the author...)

Latest posts by Cindy Wolf (see all)

FacebookTwitterLinkedInGoogle+Share

5 Responses to The Dangers Of European Clouds

  1. Thanks for the informative post Cindy – I do think it’s striking how little us Europeans seem to know about our domestic surveillance programmes.
    On the overall subject of cloud security, I would also note that public cloud platforms are often going to be safer than on-premises equivalents because the big providers have the resources (both in terms of hardware/software and personnel) to stay ahead of attackers. Of course, these big providers are overwhelmingly US-based.

  2. My apologies, readers. I gave the wrong name for the organization which did the study on the costs of PRISM to the US cloud industry. It is ITIF – The Information Technology & Innovation Foundation, not ITIL. Cindy Wolf

  3. Interesting that there’s not more press about this — especially from the U.S. side, where the negative spin can be damaging for businesses. Still, regardless of where one lives on the globe the idea of being spied on is unsettling. Those of us who lead pretty simple lives are paying for the actions of a few bad apples.

  4. Basically, you’re saying no cloud, nowhere is going to offer significantly more privacy and security than the US providers. I don’t agree with commenter HH that public clouds are safer than on-premises private clouds like the Cloudlocker. In the US, the law says after 180 days you lose the “expectation of privacy” for files stored in public clouds.
    Also, the big providers like Dropbox, Google, Apple, etc., disclose in their T&Cs that they look through your files, but they say it’s only to find “better ways to serve” their customers, i.e., they’re looking for faster ways to get more money out of your wallet. And they share this info with their affiliates and sell it to others.
    One more thing about public clouds. What goes up doesn’t comes down. You can’t obliterate all traces of any file you ever uploaded. They keep backup copies forever. It’s not clear who can look at these with our without telling you or getting your permission. You can delete your files from Dropbox, you can close your account, but Dropbox, or whoever, will always have backups that NSA or whoever can look at. None of this happens when you keep everything in a private cloud, and the Cloudlocker is a good example. When all your stuff is in your house, they still need a warrant and probable cause that you’re a bad guy. That’s the way it used to be. That’s the way it’s supposed to be. I think private clouds will eventually supplant all the giant public cloud services for this one simple reason.

  5. No arguments here about the lack of privacy in the public cloud. No one bothers to read the terms of service that clearly don’t give the customer an expectation of privacy.
    Perhaps someone more technical than me can explain , however, whether public vs. private really matters as long as the data is being transmitted over the Internet? The GCHQ data gathering is at the transmission level – undersea fiber-optics. It appears that the NSA is also after encryption codes considering the latest news about Lavabit’s shutdown (just my speculation) and the US has strict export rules around types of encryption anyway. When an Internet transmission is broken into packets and sent via multiple pathways, how do you know it hasn’t passed a government collection point on the way to a private cloud? Thanks for sharing your expertise.

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...

Popular

Top Viral Impact

Cloud Infographic: Cloud Computing Growth

Cloud Infographic: Cloud Computing Growth

An excellent infographic provided by AwesomeCloud which predicts a continued high level of growth in the cloud computing industry. Potentially staggering numbers for Public Cloud IT Services of $100 Billion by 2016. Infographic Source: AwesomeCloud About Latest Posts Cindy WolfCindy Wolf is a Colorado lawyer with more than 25 years experience representing large and small domestic and multinational

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future of Work: What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at

Cloud Infographic – Cloud Fast Facts

Cloud Infographic – Cloud Fast Facts

Cloud Infographic – Cloud Fast Facts It’s no secret that Cloud Computing is more than just a buzz term as that ship has sailed off a long time ago. More and more companies are adopting the uses and benefits of cloud computing while aggressively factoring cloud services spending into their budget. Included is an excellent

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate long term with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

Please review the guidelines before applying.

Whitepapers

Top Research Assets

HP OpenStack® Technology Breaking the Enterprise Barrier

HP OpenStack® Technology Breaking the Enterprise Barrier

Explore how cloud computing is a solution to the problems facing data centers today and highlights the cutting-edge technology (including OpenStack cloud computing) that HP is bringing to the current stage. If you are a CTO, data center administrator, systems architect, or an IT professional looking for an enterprise-grade, hybrid delivery cloud computing solution that’s open,

Public Cloud Flexibility, Private Cloud Security

Public Cloud Flexibility, Private Cloud Security

Public Cloud Flexibility, Private Cloud Security Cloud applications are a priority for every business – the technology is flexible, easy-to-use, and offers compelling economic benefits to the enterprise. The challenge is that cloud applications increase the potential for corporate data to leak, raising compliance and security concerns for IT. A primary security concern facing organizations moving

Hewlett-Packard Company On-Demand Webinar

Hewlett-Packard Company On-Demand Webinar

Shifting Workloads and the Server Evolution Learn more about the latest industry trends and the challenges customers are talking about. Every ten to fifteen years, the types of workloads servers host swiftly shift. This happened with the first single-mission mainframes and today, as disruptive technologies appear in the form of big data, cloud, mobility and