Following on from my last Blog, “Data storage in and outside the UK”, I thought that I would contribute an update on this topic.
For the benefit of those who didn’t read the last white paper, well in summary it contained risks associated with outsourcing data storage and the data protection act (DPA).
So, on with the update.
In November I read a very embarrassing article (for Microsoft) and I must admit, for the first time I had some sympathy for the software giant even though most resellers of their technology wouldn’t agree with me of late (for obvious reasons). Back in June of this year poor old Gordon Frazer (use the term loosely), MD of Microsoft UK, announced to a room full of journalists that he could not guarantee that data stored in Microsoft’s European datacentres would not end up in the hands of the US government.
Now, imagine the scene, he is announcing the highly publicised “Microsoft Office 365” product (at its launch) in London. The press had a field day and what came next was an onslaught of criticism from all sides of the room.
So why would “poor old” Gordon say this I hear you ask? Well since the September the 11th attacks on the World Trade Centre (and the Pentagon), a new US Government act came into play – SEC 215, ACCESS TO RECORDS AND OTHER ITEMS UNDER THE FOREIGN INTELLIGENCE SURVEILLANCE ACT.
So, what does this mean? Well simply put it allows the FBI to obtain ANY data from European companies that have their data stored in US-owned datacentres, even if the datacentres are based in Europe. If this wasn’t serious enough, the datacentre in question would be under a gagging order not to mention this to the individuals under suspicion.
Now in most circumstances people such as you and I would not be worried about this prospect and live safe with the fact that the nasty terrorists are being observed (which I 100% believe in), however it’s the speculative reasons that I am not overly happy about and let me explain why.
The above Government act (also known as the Patriot Act) is supposed to be linked to terrorism, however we will not know how it’s being used. In fact you never will and if you object to your data having the ability to be in the hands of the US Government, you yourself will automatically come under scrutiny for being a terrorist by not cooperating, see the dilemma?
Just to raise another eyebrow, how about this. When Microsoft was asked to comment on this they declined. When HP and Amazon were asked, they didn’t even respond and Dell and Salesforce suggested that they didn’t have a spokesperson to available! Interesting hey? So, it comes back to my first paper on where you should store your data, within the country you reside in. Unfortunately this statement is now not good enough to protect the security of your IP (intellectual property), now it goes one level deeper – Is the datacentre US owned? Sound crazy? Then you would be thinking like me and expect a visit from the FBI for being uncooperative. Seriously though, this has big ramifications to the online hosting market place and data security.
Imagine what data could be accessed without your knowledge? Financial data, Health records, IP that you have been working on, pictures of the ex-wife, well maybe that’s a bit too far but you get the point.
Many UK based companies are now considering this topic seriously and the fact that this is not commonly known and there is very little, if any, publicity on this issue makes me think. Cloud Computing is a complex subject as it is with its own questions surrounding the variants of technology. This together with the topics of data sensitivity and security, it could “Cloud”(pardon the pun) the issue even more and potentially steer people away from the technology.
What do I think? Well I can see a move to a more local approach to data storage. I am a patriot of this country called Great Britain and wherever possible adopt and suggest this approach, this topic is just another reason for justifying it, one that I am sure that the UK government would agree with me on (G-Cloud).
For a more in-depth feature on this topic, please read the November issue of Computing (Nov 3rd), however this article does raise both sets of arguments with a slant and big centre on Rackspace, a US owned datacentre.