“Kroes: Cloud can deliver digital growth” with my immediate observations including questions cc @NeelieKroes @euractiv @DigitalAgendaEU @10comm

EU Digital Agenda Commissioner Neelie Kroes talks excitedly about “Cloud computing” here:

The Cloud, like the Internet, is Global in nature. Cloud services are offered by a myriad companies whom are based in many of nation states and so their services fall under the jurisdictions of many authorities.

Digital Agenda Commissioner Neelie Kroes states, “European institutions and governments should throw their weight behind joint procurement of computing services to encourage the use of cloud computing“.

Which services does she wish EU Institutions and governments to throw their weigh behind? I thought gone into pushing computing services  Cloud computing service which are under the jurisdiction of EU acquis so as to be covered by EU standards of privacy, Fundimental Rights, etc. This is of paramount importants, a mandatory red-line must-have from EU business as well as an EU citizens perspective.

Procuring Cloud services from companies who are under the jurisdiction of non-EU authorities exposes those EU business and EU citizens to extra-EU jurisdictions and the associated dangers of their data not having the adequate level of protection that EU acquis gives.

We only have to look at the MegaUploads fiasco to see that EU businesses and EU citizens have had access to their legal data halted by the actions of the United States of America, for instance. MegaUploads’ service was an example of a cloud computing service; a cyber-locker.

We only have to look at the Wikileaks fiasco to see that extra-EU controlled financial services (Paypal, VISA, Mastercard, etc) are heavily influenced by non-EU powers and can choose withdraw necessary services on at their whim.

We only have to look at Twitter being subpoenaed in US courts for data relating to Icelandic Members of Parliament to see the dangers in our Cloud services falling under the jurisdiction of extra-EU states.

We only have to look at the seizure of Bodog.com by the US Department of Homeland Security. Bodog.com “is run by Canadian billionaire Calvin Ayre and the domain was purchased through a Canadian registrar. None of the defendants are believed to be US citizens. US authorities never approached the Canadian registrar to enforce the seizure, instead they used .com and .net domain operator VeriSign to alter the “glue” records and take down the website“.

Extra-EU authorties are asserting authority over huge parts of the internet. “US law can now be asserted over all domains registered under .com, .net, org, .biz and maybe .info”.

Twitter.com have been caught downloading iPhone users’ contact lists and storing them for up to 18 months.

Google have recently made massive changes to their privacy terms in the face of request by the EU and interested parties to halt these changes until they are fully investigated.

Andriod Apps have been found to be creaming off smart-phone users personal data with most users unaware.

Do we really want the EU to push businesses and netizens into the hands of extra-EU internet services including Cloud & Digital Financial services where the EU business & citizen does not have, through the EU apparatus,  control and jurisdiction?

I think Digital Agenda Commissioner Neelie Kroes needs to make clear what Cloud & digital Financial services she wants EU businesses and netizens to seize upon. We need to check whether we should be directly/indirectly promoting our rivals’  (US, China, Russia, South America, etc) Cloud & digital Financial services which fall under their control/jurisdictions.

I think we should step up and create our own Cloud & Digital Financial services independent of our competitors and under our, EU, control/jurisdiction.

That’s not to say the EU is perfect, far, far from it. There are many issues with current and proposed EU legislation in regard to citizens rights on the internet, for an overview I’ve written this other article.

This entry was posted in Activism, EU Legislation of the Internet, Privacy, Protesting, The Freedom Revolution(s) and tagged , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

2 Responses to “Kroes: Cloud can deliver digital growth” with my immediate observations including questions cc @NeelieKroes @euractiv @DigitalAgendaEU @10comm

  1. François says:

    The nature of the Cloud itself makes it vulnerable to jurisdiction conflicts. But buiding “our own” cloud is certainly not the correct path. Defining “our own” will inevitably lead to an excluding concept, and the need here is for inclusion and interoperability.

    We are talking about an infrastructure and a set of services that exist and function regardless of borders or even disregarding borders when they may work as obstacles.

    Cloud infrastructure needs to be free to locate and relocate itself according to its functioning costs. The service providers need to have the flexibility to move their servers around in order to keep the service running, which is what they are being paid for. Ultimately, end users should not need to worry about where the servers are physically located, but only about the quality of execution of the service they’re paying for.

    It is pretty clear, indeed, that we are in front of a new legal challenge: establishing a legal framework acceptable to States, citizens, businesses and service providers that protects the rights of everybody, makes law enforcement possible and ensures competition between service and infrastructure providers and that their activity is economically viable and sustainable.

    Law enforcement has been struggling to get a grip on things, but the Megaupload case shows that it’s adapting to the reality and constraints of this entirely new space. Questions remaining are: what to enforce, how to enforce it and who should enforce it?

    When it comes to the user’s rights (individual or business), what law is applicable? His personal law (think of a multinational company)? The law of his residence/location? The law applicable to the contract he signed with the provider?

    When it comes to the service provider’s obligations, what law is applicable? The law of the place where its headquarters are located? The law of the place where its servers are located? Some other law?

    And last but not least: what law is applicable to the data? The one applicable to the user? The one applicable to the service provider? The one of the location of the specific server physically hosting it? The law of the State that has first inserted into its legislation that it has universal jurisdiction over matters of the cloud?

    We all have our own answers to those questions, but what the cloud needs is for everybody to come together with one negotiated answer to each question. It takes tons of time and gives very powerful headaches, but States must sit at the table with transparency (forget the ACTA modus operandi) to talk with and listen to users, providers and each other.

    If each one works on “their own” cloud we will keep on having jurisdictional conflicts and lack of legal certainty. We need a Montego Bay Convention for the Cloud.

  2. awbmaven says:

    @ François

    By “our own” cloud, I meant the EU should utilise Cloud services which operate solely under EU jurisdiction, not under some extra-EU jurisdiction where the EU has no control.

    I agree, end users should not need to worry about where the servers are physically located. As an EU citizen with no say in extra-EU policy, I am worried though. I need to be worried as evidenced by the MegaUploads take-down; as the pressure put in VISA, Mastercard, and Paypal regarding Wikileaks; as Twitter being subpoenaed in US courts for data relating to Icelandic Members of Parliament, all shows and highlights in a stark manner.

    Cloud services utilised by EU business and citizens need to operate for the benefit of EU businesses and citizens, and while we can have global partners in the industry that is the Cloud, partners do not always see eye to eye, we may often want to agree to disagree. With extra-EU authorities having jurisdiction over EU data, they effectively have the EU over a barrel (an old saying in the UK, possession is nine tenths of the law).

    You list a lot of questions that need answering, and until they are answered in a manner that guarantees EU businesses and citizens the same rights and freedoms they enjoy within the EU’s border, extra-EU Cloud services should be avoided. This is especially true of Cloud services utilised by public bodies within the EU.

    EU business and citizens’ data should be under the jurisdiction of just the EU until such a time as extra-EU jurisdictions puts law in place that at least come up to the standards of EU laws. For that, we need “our own” Cloud services and digital Financial services. EU data should be black-boxed within the EU so extra-EU authorities cannot delve into EU data at their whim.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s