What's new
Frozen in Carbonite

Welcome to FiC! Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

International EU Internet Sovereignty

Vorpal

Administrator
Administrator
Reuters said:
PARIS (Reuters) - France and Germany are stepping up efforts to foster homegrown rivals to U.S. tech giants Amazon and Microsoft in cloud computing, according to a joint statement by the countries' finance ministries issued on Tuesday.
...
This dominance is raising concerns in Europe that sensitive corporate data could be spied on in the wake of the adoption of the U.S. CLOUD Act of 2018 and in the absence of any major competitors, with the exception of China's Alibaba. Amazon's cloud division has a $600 million contract with the CIA, while Microsoft recently won a $10 billion cloud computing contract with the Pentagon.

"We want to establish a safe and sovereign European data infrastructure, including data warehouses, data pooling and develop data interoperability," French Finance Minister Bruno Le Maire said in a statement.
The 2018 Clarifying Lawful Overseas Use of Data Act [ref] was initiated as a response to Microsoft refusing to provide emails stored on their server in Ireland. The Act seems to have two parts: the obligations of the US companies to provide data even on foreign servers, and also a framework for agreements between US and foreign governments to share such data. Crucially, unless there is such an agreement between the US and another country, citizens such countries countries have no protection under the act, as US companies can be compelled by warrant to provide their information regardless of the laws the country the server is located in.
(2) MOTIONS TO QUASH OR MODIFY.— (A) A provider of electronic communication service to the public or remote computing service, that is being required to disclose pursuant to legal process issued under this section the contents of a wire or electronic communication of a subscriber or customer, may file a motion to modify or quash the legal process where the provider reasonably believes (i) that the customer or subscriber is not a United States person and does not reside in the United States; and (ii) that the required disclosure would create a material risk that the provider would violate the laws of a qualifying foreign government.
Specifically, 'qualifying foreign government' is defined as one having an agreement under this law and having their own laws providing 'substantive and procedural opportunities similar to those' to those in some sections of the CLOUD Act.

Science Business said:
[ref] The cloud project will be open to other member states, while the European Commission will offer support and advice, the statement says.

Both governments will host a workshop before the end of November 2019, where other interested companies will be invited to provide input. A similar event will be held in Brussels early next year.

Experts from both countries will meet later this year to set up organisational and governance structures for the project.
I wonder what kind of legal framework the EU wants and how they view the CLOUD act specifically (this seems like essentially being extorted into agreements in order to even partially provide for their citizens' privacy rights).
 
I wonder what kind of legal framework the EU wants and how they view the CLOUD act specifically (this seems like essentially being extorted into agreements in order to even partially provide for their citizens' privacy rights).
I'm pretty sure that they want "fuck off away from our citizens", but the way the act is written the US can spy on anyone they want so long as long as they are not from or in the US. I doubt that the US will ever walk that back, so the best they can hope for is a Five Eyes situation where they agree that other partners can spy on anyone other than their own citizens.

Sure, they would love for an EU company to be able to compete with the big boys in the US so they could keep their shit private, but that would take years to establish if at all possible,

Otherwise they are back to the way things are right now. They can write a law saying that handing over information to the US is illegal and put the companies in a situation where they will have to pay fines out the ass if they break that law.

As it sits, the EU wants privacy and the US does not. Companies will be watching the world economies and trying to decide which region offers the greatest financial advantage, because it is at the point where regional firewalls are going to become a reality as they choose which laws to follow.

As hard as it is to believe, monoliths like Google might have to pull out of the EU if they lose enough money in fines for following US law (because it would be almost unthinkable that they would resettle the company HQ within the EU). Huge fucking disruptions while EU startups fill in the gaps, or possibly Google will sell off EU operations while essentially contracting that the new company is to offer Google products with only necessary modifications to be within EU law.

That's about all that can be done. Either bend over and console yourself that maybe you can also spy on other countries while you are repeatedly and brutally penetrated, or write your own laws to punish the companies that follow US laws even if they have no choice in the matter. Otherwise it will be a financial catastrophe to punt the tech companies out so they no longer have the option to violate EU privacy.
 
Solution: any company that provides EU Citizen data to the US must pay fines equal to their entire gross revenue for the year.
 
Solution: any company that provides EU Citizen data to the US must pay fines equal to their entire gross revenue for the year.
Then see those companies either start lobbying like crazy or pull out. There are tons of money with consumer data mining and that is going to end in one bad way or another...
 
Just found this thread... actually, moving European companies (at least most of them) on European cloud infrastructure isn't that difficult. All it takes is to use the current tariff madness to introduce substantial tariffs on cloud services provided by overseas companies in the EU. It needs a good definition of "overseas company" as Internet and borders... not very clear most of the time. Also, serious penalties for sharing of EU citizens' data - like confiscation of infrastructure where it happened - can help. The thing is, large cloud infrastructures are quite location-dependent. If you want to provide good, fast, reliable and cheap cloud services to European companies, you have to base the infrastructure in Europe. That is because the data transfers to/from such infrastructure are huge and quite expensive if they have to go long distance.
As long as we don't go into such things as "use only European hardware" (which does not really exist), just providing cloud infrastructure, with good web management apps and APIs isn't that difficult. But OMG getting the whole EU to agree that it's really necessary (which absolutely is, currently we're completely at the mercy of our Big Brother) will be 10-times harder.
 
Just found this thread... actually, moving European companies (at least most of them) on European cloud infrastructure isn't that difficult. All it takes is to use the current tariff madness to introduce substantial tariffs on cloud services provided by overseas companies in the EU. It needs a good definition of "overseas company" as Internet and borders... not very clear most of the time.
I kind of wonder whether that's true in a practical sense. Well, in a narrow sense it is because in theory one can always make up a big enough penalty, but at some point it becomes politically and economically unviable (even more so than any have any tariff at all, I mean), and if too little I suspect a lot of companies would swallow the costs if cloud providers pass them on to their EU customers, esp. if cost of migration would be higher than their next quarterly report. (NB: I am not an IT person.)

Specifically, what I'm curious about are effects of large global presences and and vendor lock-ins. Say you have some EuroCom that mostly does business in the EU but has some customers South America, and its cloud services are hosted by Amazon (which IIRC is the biggest global player and mostly caters to larger businesses), and not many cloud services have a presence there. So because Brazil has some laws about hosting their citizens' data, an alternative cloud provider needs to have a presence in São Paulo or wherever, and if the tariff is big enough to make EuroCom seriously think about getting rid of their business there, your tariff is arguably hurting the EU more than it helps. Meanwhile, Amazon does a lot of things, and does them in a peculiar ways dependent on their own APIs and infrastructure. Say EuroCom has a bunch of geographically separated servers that mount the same disk, or a serverless database that's automatically replicated across many locations globally; none of them are actually irreplaceable, mystical features, but it does mean that EuroCom would need to think very carefully about how to untangle them for migration and possibly permanently get more tech monkeys for their NFSs and more DBAs for their databases, which is potentially yet more costs. Meanwhile, they also probably have a contract with Amazon for the next several years anyway, so it's easier to raise a political fuss about internet tariffs being bad than seriously consider migration.

I don't know... little cloud providers like Linode and Digital Ocean are one thing, but how different is that for the big fish?

(Naturally, I don't want to imply that any of that is in anything close to truly insurmountable, but I have doubts it's as simple a problem as that, and in particular I suspect it may require investment and/or more complicated economic incentives.)
 
There would be certainly some problems and some decisions to make, but it's doable. And I think that sooner or later it will be done, because clearly Internet is too important to just leave it to US companies - and ultimately to total US control (which is the case right now, especially here in Europe). EC is trying to push for some indigenous innovation here in Europe, I know because I get some of the grant money (which is in billions). Clearly, US market has more money, US companies can innovate better (they always could, that's what I love about America) and especially have better access to funding. So EU needs to level the playing field somehow, otherwise we'll always remain a colony of the US in the virtual domain, our infrastructure and personal data at the mercy of NSA. Perfect pressure point, through which the US can make the EU do many things, if it becomes necessary.
Vendor lock-in is a problem in cloud computing, a colleague of mine did his dissertation thesis in designing an overlay that would provide a uniform API, translating it to various vendor-specific APIs (EC2 among them, of course), with migration etc...
And regarding the need for careful thinking that you mentioned - that is exactly the place where government grants need to step in to make the required changes financially viable.
 
There would be certainly some problems and some decisions to make, but it's doable. And I think that sooner or later it will be done, because clearly Internet is too important to just leave it to US companies - and ultimately to total US control (which is the case right now, especially here in Europe). EC is trying to push for some indigenous innovation here in Europe, I know because I get some of the grant money (which is in billions). Clearly, US market has more money, US companies can innovate better (they always could, that's what I love about America) and especially have better access to funding. So EU needs to level the playing field somehow, otherwise we'll always remain a colony of the US in the virtual domain, our infrastructure and personal data at the mercy of NSA. Perfect pressure point, through which the US can make the EU do many things, if it becomes necessary.
Vendor lock-in is a problem in cloud computing, a colleague of mine did his dissertation thesis in designing an overlay that would provide a uniform API, translating it to various vendor-specific APIs (EC2 among them, of course), with migration etc...
And regarding the need for careful thinking that you mentioned - that is exactly the place where government grants need to step in to make the required changes financially viable.

Then there is the problem of what to do when the likes of Huawei and other major chinese companies start claiming major stakes in Europe.
 
Then there is the problem of what to do when the likes of Huawei and other major chinese companies start claiming major stakes in Europe.
It would be best to do something else than what we did when it happened with US companies... :)
 
  • Like
Reactions: Kol
Back
Top Bottom