Patriot Act Clouds Picture For Tech 203
Harperdog writes "Politico has a piece on how the Patriot Act is interfering with U.S. firms trying to do business overseas in the area of cloud computing. Here's a quote: 'The Sept. 11-era law was supposed to help the intelligence community gather data on suspected terrorists. But competitors overseas are using it as a way to discourage foreign countries from signing on with U.S. cloud computing providers like Google and Microsoft: Put your data on a U.S.-based cloud, they warn, and you may just put it in the hands of the U.S. government.'"
Laughable (Score:4, Interesting)
The "cloud" analogy always seemed like "newspeak" to me, designed to get the customer to NOT think about where their data is "Don't worry we will take care of it" while their data is sitting on some cheesy server with questionable security practices and the usual disgruntled suspects.
Seriously what next? A service to wipe your ass because you can't be bothered? (note to self research iPhone controlled bidet)
Since it still has to sit on a server somewhere it might as well be your own server then deploy software that makes it accessible to you on the road, in addition how many jobs does this destroy for IT personal, some of the few decent paying jobs left in the USA.
To me the "cloud" is as ridiculous as Facebook, if you're stupid enough to put your data on FB you deserve what you get.
Cloud computing is pie in the sky (Score:3, Interesting)
This will show who's asleep at the wheel. All the services offering SaaS and Cloud-based services including anti-virus, mail storage, NAS, vulnerability management, the list grows - come at a cost. Namely who are the vendors and who are the customers? When a business had all their enterprise servers on-site there was no question who managed, maintained, and monitored the data at rest or in motion. Now, if a company (and what happens if the "company" is a hospital or retailer having to meet auditory compliance) used a cloud-based service offering they have no way of knowing who is managing, monitoring, maintaining or accessing their data. This is off-shore outsourcing gone awry. It may make sense briefly on the bottom-line, but the bean counters are not considering the extended costs of security and vulnerability. Put your trusted data in someone else's hands and you are assuming they are just as, if not more, safe as you would be.
Re:Who can blame them? (Score:5, Interesting)
Not all providers are based in a single nation.
Amazon, for instance, has AWS locations around the world, although that probably doesn't help you much given their track record.
But rsync.net (I am the founder) has storage locations in Zurich and Hong Kong, in addition to the US. These sites are protected, just like the US sites, by the Warrant Canary:
http://www.rsync.net/resources/notices/canary.txt [rsync.net]
So while I agree that everyone in the world should be wary of USA PATRIOT, it's not a given that non-US consumers have to avoid US providers across the board.
Re:Probably, but... (Score:0, Interesting)
Now, if someone could make some appliances that I could drop at my place, and at a few friends' places, with all three mirroring with ironclad consistency, that would be a true "personal cloud". Ideally, at the block level, as opposed to file level like rsync, although if one mounted a file based filesystem via loopback and used rsync, that would be close enough.
Of course, having a client just send up changes to files and not the complete files would be important, a la Dropbox. Even better, have the client encrypt all data being uploaded before it goes up and decrypt as it comes back, and the encryption can be a password, a keyfile, or a generated nonce that is protected by a public/private keypair where the private key is stored on a cryptographic token.
For a number of uses, this would be the ideal cloud setup.
If one decides to take it a step further, one can do what an old (I'm talking antediluvian) Mac application did -- it would present a drive to the user, but all files stored would be distributed among other machines in the LAN. Add an encryption layer, and a layer of redundancy, and that would be a very usable cloud. People who run the cloud servers can allow only themselves, users/groups they authorize, or anyone store data.