US Unhappy With Australians Storing Data On Australian Shores

Fluffeh writes "The United States' global trade representative has strongly criticized a perceived preference on the part of large Australian organizations for hosting their data on-shore in Australia, claiming it created a significant trade barrier for U.S. technology firms. A number of U.S. companies had expressed concerns that various departments in the Australian Government, namely the Department of Defence had been sending negative messages about cloud providers based outside the country, implying that 'hosting data overseas, including in the United States, by definition entails greater risk and unduly exposes consumers to their data being scrutinized by foreign governments.' Recently, Acting Victorian Privacy Commissioner Anthony Bendall highlighted some of the privacy concerns with cloud computing, particularly in its use by the local government. He said the main problems were the lack of control over stored data and privacy, in overseas cloud service providers."

Re:ERROR

[Moryath]

No, this is typical US attitude. They think they own the world.

If the rest of the world would tell the US to piss off, maybe things could get better. Instead, the US throws their totalitarian weight around and we get bought-off British judges trying to extradite British citizens to the US for conduct that occurred in Britain, between British citizens, that was 100% legal under British law because the US MafiAA wants to try to have the British citizen prosecuted under US fascist law. [wired.co.uk]

Re:*cough* Megaupload *cough*

[kulnor]

Read this article and you'll know why government, private companies, and individuals may not want their data in the "cloud", particularly when you know half of the Internet traffic likely transits through US soil: The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say) http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/ [wired.com]

No America - you're not getting our data.

[Anonymous Coward]

One of the reasons we don't like hosting stuff on American servers is due to one of their laws that the FBI (and similar agencies) can obtain data with a warrant that tells the service (cloud) provider not to tell the customer us. We have our own private cloud infrastructure here in Perth and spread to Adelaide and Sydney with talks of having some in Singapore. We do not want our data on cloud infrastructure we don't manage in another country.

Cloud Perception

[rogueippacket]

As someone who regularly solutions cloud services for customers, I can assure you, the exact location of the cloud is very important to our big customers. Being able to say it's based out of entirely Canadian datacenters on an entirely Canadian network is a huge advantage over our competitors south of the border. It's not like any of them have been bitten yet, but the perception is that their data is much less safe in another country.

Dear United States trade representative

[Ralph Spoilsport]

Fuck You.

whoa

[nomadic]

The U.S. trade representative, whose sole job is to promote U.S. companies overseas, is complaining because the Australian government is telling Australian companies not to use American companies for a certain service? In other word, a guy whose job it is to complain about trade barriers is complaining about trade barriers? HOW DARE HE?

Re:ERROR

[poetmatt]

yep. it's amazing the US is complaining here, but then again our country is on a constant downward spiral into idiocy. can't say I'm surprised.

Re:LOLWUT???

[fuzzyfuzzyfungus]

There are really multiple problems...

The US has sufficiently aggressive surveillance and limited privacy protection(and I'm just referring to the stuff that has been declared legal) that it is neither obviously desirable, nor even necessarily possible, for entities in areas with more demanding privacy law to use US-based hosting or storage service.

Second, by the standards of places developed beyond the barter economy, Australia's overseas links are long, not terribly fast, and rather expensive(Also, Telstra...)

Re:ERROR

[the eric conspiracy]

The judge in the extradition case did actually rule that O'Dwyer had violated British laws. So please don't make statements that O'Dwyer's activities were legal under British law when in fact there is a court ruling that they weren't.

http://www.telegraph.co.uk/technology/news/9013803/Student-Richard-ODwyer-can-be-extradited-over-TV-website.html [telegraph.co.uk]

"However, Judge Purdy rejected the argument from Mr Oâ(TM)Dwyerâ(TM)s barrister, Ben Cooper of Doughty Street Chambers, because of the control the student had over what links were posted on TVShack.net and TVShack.cc.
He set up the second website a day after authorities shut down the first in July 2010. The main page of the new version included the cover image from a rap single called âoeF*** the Policeâ, according to American prosecutors.
âoeFirstly both TVShack websites were entirely in the hands of Richard Oâ(TM)Dwyer and his co conspirators requiring third parties to sign up to TVShack and be vetted before going further,â Judge Purdy said.
The judge agreed with John Jones, barrister for the United States government, that âoebecause he was intimately involved in deciding who was allowed to post links on the TVShack websites, which links would be postedâ, Mr Oâ(TM)Dwyerâ(TM)s alleged conduct was a criminal offence under British copyright law."

Re:The latency kills you - Mod anon up

[aristotle-dude]

Even if the USA had sane laws & law enforcement, the fact that your data is sitting on the other side of the planet adds a lot of latency.

The speed of light is the limiting factor, and we haven't figured out how to beat that one yet.

Further, the high cost of fat pipes in Australia strongly discourages cloud providers.

I cannot get into specifics to protect my identity but this is why you want to have at least a cache of your data in australia if you are a multi-national. It makes no sense whatsoever for Australian entities to store their data in the US.

Re:LOLWUT???

[ian_mackereth]

Funny how Americans think that since breaking Enigma helped them win the WW2 so much, they are entitled to have the same advantage over the wole world now.

Umm... that movie where US troops secured the vital Enigma machine wasn't actually accurate. It was the Brits who stole the intact Enigma and the brightest of the Brits who cracked the code and, to a large extent, helped them win the war. (OK, having a whole lot of US planes and bombs and ships and tanks and stuff to DO something with the intercepted data was also quite significant, but the intelligence side of things was all down to the Poms.)

Re:ERROR

[RelaxedTension]

You really don't understand the situation. People like me are paid to be paranoid, and to make sure that our company's data is safe from prying eyes as much as absolutely possible (In fact, we are legally responsible for it). I cannot afford to just toss our data out there and not worry about it. My job is to mitigate all of the possible things an outside entity could do to access that data. And fyi, a provider can setup the server such that they cannot read the data on it while still being able to administer the server itself.

And to the trade representative, boo-fucking-hoo. Instead of allowing US companies to guarantee data privacy, even when hosted outside of the country, the Patriot Act forces them to guarantee the opposite. As much as I would like to use a lot of the cloud services out there, I can't just because of that.

Re:LOLWUT???

[tqk]

It was the Brits who stole the intact Enigma and the brightest of the Brits who cracked the code and, to a large extent, helped them win the war.

Not according to Vasili Mitrokhin [wikipedia.org]. He reported that the Poles had cracked Enigma and handed it all over to the Brits and the French five weeks before WWII broke out, yet another reason why the Poles were rightfully incensed at what happened to Poland at the end of WWII.

Re:ERROR

[Troed]

http://wuala.com/ [wuala.com]

Based in Europe, and uses client-side encryption. They can't peek at your data even if they wanted to.

"It's like Dropbox, but actually usable!"

Re:ERROR

[hobarrera]

If you have root access, you surely *can*.
If you have root access and don't know how, I would avoid hiring your company's services at any cost!

The problem is the Patriot Act

[presidenteloco]

In Canada, it is illegal for public agencies or IT companies serving them to store customer/member data on US-operated servers because the Patriot Act contravenes Canadian privacy laws. Many other Canadian associations and businesses have similar policies, because Patriot Act searches would violate their infomration privacy policy.

Re:ERROR

[Ihmhi]

Is there a cloud based company that will not take a peek at any of the information stored on it's servers?

Yes: SpiderOak [spideroak.com]. They are physically incapable of looking at your data [spideroak.com]:

Your SpiderOak data is readable to you alone. Most online storage systems only encrypt your data during transmission, meaning anyone with physical access to the servers your data is stored on (such as the company's staff) could have access to it. Or, even if your data is encrypted during storage, your password (or set of encryption keys) is often stored along with your data, thus making its easily decoded by anyone with local access to those servers.

With SpiderOak, you create your password on your own computer -- not on a web form received by SpiderOak servers. Once created, a strong key derivation function is used to generate encryption keys using that password, and no trace of your original password is ever uploaded to SpiderOak with your stored data.

SpiderOak's encryption is comprehensive -- even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see, are sequentially numbered containers of encrypted data.

This means that you alone have responsibility for remembering your password or 'Password Hint' (which you can create to help you remember) allowing SpiderOak to create a true 'zero-knowledge environment' – keeping your data as safe and secure as it can possibly be.