The Dangers Of European Clouds

The Dangers of European Clouds

A recent study by ITIL just predicted that the US cloud industry stands to lose $21.5 – $35 billion over the next few years related to loss of market share due to PRISM. Is the marketing arm of US cloud providers on vacation?

Europeans (including residents of the UK and other parts of the world) have been justifiably outraged by the revelations of Edward Snowden about the US’ data mining of non-citizen information. Maybe. The truth is that most European governments can access their citizens’ data when held in country with far less due process than the US requires. Further, the US press hasn’t bothered to report much about the fact that the GCHQ (Britain’s version of the NSA; its motto: “Keeping our society safe and successful in the Internet age”) has their own version of PRISM: Tempora. With the secret cooperation of BT, Vodafone, Verizon, Global Crossing, Level 3, Viatel and Interoute, GCHQ gets details of telephone calls, emails, FaceBook posts and other online traffic by monitoring undersea fiber-optic cables – the ones that make up an enormous share of the backbone of the Internet.

So, excuse me for laughing at the hyperbole around the dangers of US cloud providers because of PRISM. The proposed solutions from abroad are even worse. Fears of US government surveillance have sprouted such nonsense as a UK-only cloud or legislation restricting EU members from using foreign clouds.

Me thinks there is more behind the proposed isolationism than data privacy. The US absolutely dominates cloud computing. I don’t know why really, but I can make some guesses. One would be the relative strength of the US economy versus Europe in the last ten years when cloud computing has mushroomed. I have another theory that is related to privacy. The reality is that the US has lax privacy laws and the EU has restrictive privacy laws that don’t play well in a cloud environment. It’s normal for the law to lag behind technology, but in this case, the US’ dearth of regulation has allowed the cloud industry to develop relatively unhindered. Europe’s privacy laws from the nineties don’t help.

While both US and European cloud providers serving EU residents need to comply with EU law, in my experience many US providers don’t bother. I blame that on ignorance and arrogance. As many lawyers as we have in the US, cloud providers just don’t think they have to worry too much about legal requirements. And if they stay within our borders and don’t handle financial or health related data, they don’t have much to think about. So, why not allow users from other countries? The US doesn’t regulate transborder data flows.

I’m not advocating for PRISM or Tempora (or the next secret government program that will be revealed). Nor do I believe all privacy laws are useless. But so far, there has been a major disconnect between what cloud users expect, believe and actually get related to privacy – whether their data is in the cavalier US or the tight-lipped EU.

By Cindy Wolf

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

5 Responses to The Dangers Of European Clouds

  1. Thanks for the informative post Cindy – I do think it’s striking how little us Europeans seem to know about our domestic surveillance programmes.
    On the overall subject of cloud security, I would also note that public cloud platforms are often going to be safer than on-premises equivalents because the big providers have the resources (both in terms of hardware/software and personnel) to stay ahead of attackers. Of course, these big providers are overwhelmingly US-based.

  2. My apologies, readers. I gave the wrong name for the organization which did the study on the costs of PRISM to the US cloud industry. It is ITIF – The Information Technology & Innovation Foundation, not ITIL. Cindy Wolf

  3. Interesting that there’s not more press about this — especially from the U.S. side, where the negative spin can be damaging for businesses. Still, regardless of where one lives on the globe the idea of being spied on is unsettling. Those of us who lead pretty simple lives are paying for the actions of a few bad apples.

  4. Basically, you’re saying no cloud, nowhere is going to offer significantly more privacy and security than the US providers. I don’t agree with commenter HH that public clouds are safer than on-premises private clouds like the Cloudlocker. In the US, the law says after 180 days you lose the “expectation of privacy” for files stored in public clouds.
    Also, the big providers like Dropbox, Google, Apple, etc., disclose in their T&Cs that they look through your files, but they say it’s only to find “better ways to serve” their customers, i.e., they’re looking for faster ways to get more money out of your wallet. And they share this info with their affiliates and sell it to others.
    One more thing about public clouds. What goes up doesn’t comes down. You can’t obliterate all traces of any file you ever uploaded. They keep backup copies forever. It’s not clear who can look at these with our without telling you or getting your permission. You can delete your files from Dropbox, you can close your account, but Dropbox, or whoever, will always have backups that NSA or whoever can look at. None of this happens when you keep everything in a private cloud, and the Cloudlocker is a good example. When all your stuff is in your house, they still need a warrant and probable cause that you’re a bad guy. That’s the way it used to be. That’s the way it’s supposed to be. I think private clouds will eventually supplant all the giant public cloud services for this one simple reason.

  5. No arguments here about the lack of privacy in the public cloud. No one bothers to read the terms of service that clearly don’t give the customer an expectation of privacy.
    Perhaps someone more technical than me can explain , however, whether public vs. private really matters as long as the data is being transmitted over the Internet? The GCHQ data gathering is at the transmission level – undersea fiber-optics. It appears that the NSA is also after encryption codes considering the latest news about Lavabit’s shutdown (just my speculation) and the US has strict export rules around types of encryption anyway. When an Internet transmission is broken into packets and sent via multiple pathways, how do you know it hasn’t passed a government collection point on the way to a private cloud? Thanks for sharing your expertise.

Simple And Recommended SaaS Security Tips

Simple And Recommended SaaS Security Tips

SaaS Security Tips Most people and companies are now using a significant amount of SaaS solutions. Companies are running sales support software, they are file sharing, collaborating and using e-mail programs and a lot more in the cloud. However, that usage also leads to concerns about the security of those solutions. How safe are they? What…

Vendors To Enter The Cyber Security Game

Vendors To Enter The Cyber Security Game

IT Regulatory Compliance as the Next Big Focus for Cloud Vendors Back in October 2014, Defense Information Systems Agency (DISA) submitted a public request for information, calling for the assessment of the marketplace’s ability to “provide cloud ecosystems and services in two integration models that place vendor cloud services on DoD networks for use by…

Cloud Service Provider Selection Considerations

Cloud Service Provider Selection Considerations

Why Cloud Brokers Make Sense Different workloads perform differently on different cloud service providers. Enough so that it is prudent in planning to consider the optimal configuration and the optimal CSP for your solution. Consider this old word problem from years ago. One person can carry two buckets of water. It takes 5 minutes to…

Insider Threats and Sensitive Data in the Cloud

Insider Threats and Sensitive Data in the Cloud

The Age of Sensitive Data in the Cloud A recent survey report conducted by the Cloud Security Alliance (CSA) revealed that cloud security had reached a tipping point: 64.9% of respondents (which included IT security professionals from enterprises across all industries and regions) believed that the cloud was as secure or more secure than their…

How Data Privacy Reform Is Wreaking Havoc In The Cloud

How Data Privacy Reform Is Wreaking Havoc In The Cloud

Data Privacy Reform Is Wreaking Havoc Nations around the globe are stepping up efforts to better protect the personal data of private citizens. In particular, cross-border data security regulations and legislative reform is on the rise. The laws must evolve in order to mitigate theft, abuse and misappropriation of personally identifiable information (PII), better guard…

Hoarders And Data Collectors:  On The Brink Of Unmanageability

Hoarders And Data Collectors: On The Brink Of Unmanageability

Hoarders and Data Collectors In our physical world, hoarders are deemed “out of control” when they collect too much.  Surely the same analogy applies in our online world.  When providers collect realms of data from us, it seems they lose control of that too?  In the last months it’s not just the frequency of data…

Three Factors for Choosing Your Long-term Cloud Strategy

Three Factors for Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.