Oracle plans German DCs to soothe NSA-ruffled nerves Oracle has become the latest US IT giant to placate European businesses with extra local data centres. According to V3.co.uk, the company's Loïc le Guisquet, EMEA executive veep, told Oracle's OpenWorld conference on Sunday that there will be two new bit barns opened in Germany in the coming weeks. The Frankfurt and Munich …
This post has been deleted by its author
I think it probably brings a bit of legal safety to European companies, though, even if it is almost baseless.
If my UK company sticks customer data on a server in the US or Canada, we're potentially in a world of legal pain for doing that. If we put it on a server in Germany, and the hosting company there goes and exports it without our consent, that's probably *their* problem rather than ours.
(Besides, a US court order against Oracle to get access to our data really isn't something we need to guard against, either legally or practically: legally, we're supposed to keep it in compatible jurisdictions and take appropriate precautions, practically, half of it's a matter of public record anyway and the other half is just something we'd like to keep away from our bigger UK competitor.)
I think it probably brings a bit of legal safety to European companies, though, even if it is almost baseless.
No, it brings absolutely nada re. legal safety. I do privacy structures for a living, and if you're in the EU you should really avoid US based companies - regardless of where their data centres are.
If my UK company sticks customer data on a server in the US or Canada, we're potentially in a world of legal pain for doing that. If we put it on a server in Germany, and the hosting company there goes and exports it without our consent, that's probably *their* problem rather than ours.
Well, it's still your problem (you carry the responsibility for your client's data) but at least you are on a much better footing legally as you are at least under EU privacy law. If your data lives in the US you're pretty much exposed, and it gets worse if your data leaks (because Safe Harbor is at best an excuse).
(Besides, a US court order against Oracle to get access to our data really isn't something we need to guard against, either legally or practically: legally, we're supposed to keep it in compatible jurisdictions and take appropriate precautions, practically, half of it's a matter of public record anyway and the other half is just something we'd like to keep away from our bigger UK competitor.)
Err, no, if Oracle draws data from your company to supply it to US authorities and it gets out (or such data gets abused to the point that it harms clients) you end up with the problem as it's your responsibility. Placing data in a location that is exposed is something that your clients can take you to court for.
There are other gotchas, which is why you need to use people who know what they're doing re international privacy and who understand what happens when data and data ownership crosses borders. A classic one is a UK company hosting its data in Switzerland and thinking that the data is now under Swiss privacy laws. Nope, but don't feel bad, there's even a large law firm that got this wrong..
I think you're casting it too black and white. With ~$50Bn in the bank - that reduces the attack surface in all sorts of ways not applicable for smaller companies.
There has got to be massive tech industry pressure behind the scenes to kill off the MS vs DOJ Dublin data center case.
I think you're casting it too black and white. With ~$50Bn in the bank - that reduces the attack surface in all sorts of ways not applicable for smaller companies.
There has got to be massive tech industry pressure behind the scenes to kill off the MS vs DOJ Dublin data center case.
Sadly not. The problems for US based companies run a lot deeper than a couple simple court cases can fix. I would be extremely surprised if MS wins this other than via some seriously creative lawyering because the problems are pretty fundamental, and have been in the making for about 2 decades. That's not going to be fixed overnight. That's not even going to be fixed in a year - it'll take a decade, and that's assuming there is a WILL to fix it as some are making good money off it.
It just appeals to the "made in Germany" crowd. But until there is serious reform to the Patriot act and other laws, it's basically window-dressing.
And even if there is reform, I'm willing to bet paychecks that there is some serious hoovering of data being done by European sigint agencies. Either by themselves or as part of reciprocal arrangements with the NSA, NATO or other European sigint agencies. There is a lot of awareness among European spooks of what the U.S. is doing/has been doing, and a realization that the U.S. provides an outsized proportion of sigint that is available and useful to these agenies. Further, they know that if European sigint agencies want to keep that NSA feed, they need to contribute something back to their U.S. benefactors.
It's just that in Europe, there hasn't been a real Snowden-type figure to come forward and expose the local skullduggery. If there were, I think people would be alarmed by what they find.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
