back to article Want the EU to work on making cloud snoop-proof? Speak up, my good 'stakeholder'

The public has less than two weeks to respond to one of the vaguest European Commission consultations ever… but one that will decide where the Commish spends its money. The deadline for submissions to the public consultation on Cloud Computing and Software has been extended by a week to 17 October. But unlike many …

  1. Anonymous Coward
    Anonymous Coward

    Link please

    There doesn't appear to be link to the mechanism for submitting comments to the EU consultation.

  2. Brusselsgeek

    Apologies: Links here: http://ec.europa.eu/digital-agenda/en/news/public-consultation-cloud-computing-and-software

  3. peter_dtm
    Black Helicopters

    am I just paranoid ?

    cutting through the “jungle” of technical standards, developing safe and fair contract terms and conditions, and establishing a European Cloud Partnership

    sounds more like a way to enforce one monolithic arbitary (but probably the worst possible) set of standards on EU companies & people.

    It wil then be made llegal to offer anything that some ignorant politician can broadly define as 'Cloud Computing' using any other standards, methods or contracts. Especially once they work out how to tax it all.

    No doubt there will be lots of compulsory back doors so they can keep an eye on things (for our own benifit -not).

    1. Anonymous Coward
      Anonymous Coward

      Re: am I just paranoid ?

      Yes,

      You are paranoid, but that's OK.

      Based on what has gone down over the last decade or two, you should be.

      On the bright side, a call for discussions by the EU is a healthy democratic initiative, and more of this is needed.

      However, for it to have any impact, people will need to discuss and add input.

      I for one, plan to check out some of the papers and policy discussions. If I see something I don't particularly like, I will comment on their page. 3600 words is not an insignificant contribution, particularly if it is well-reasoned and pertinent.

      One of the biggest failures of modern nation states is massive voter abstinence as noted in almost every modern democracy (except perhaps Belguim). This indicates profound disillusionment and proves that in democracies people WILL get the government they deserve.

      I believe online initiatives and e-voting could help reverse this trend.

      So go out there and say something. It might even catch on.

      1. Matt 21

        Re: am I just paranoid ?

        While I agree with you I wondered if voting in Australia was also considered a duty, just as it is in Belgium.

        Personally I like the idea but I would like to see more decisions put to the vote in a similar way to Switzerland. The combination of the two might bring us closer to something we can realistically call democracy.

        It might finally put an end to the anarchist saying 'doesn't matter who you vote for the government always wins'.

  4. Mephistro

    Just a few suggestions

    - Make end to end encryption mandatory for cloud providers that sell their product in Europe.

    - Create a legal framework defining the duties of cloud providers on security and data control, including a set of employees roles and the degree of responsibility for each role. Make the companies send to 'the authorities' a list of the people responsible for each of these roles and keep the list always current, so if/when a security breach happens, it's far easier to pinpoint the suspects.

    - Create laws to fine -heavily- any cloud provider found in breach of the conditions listed above, and also to make them liable for the consequences of any data breach.

    - Make mandatory for cloud providers selling their services in the EU to accept 'surprise inspections' from EU authorities to test the compliance with the above norms, and do lots of these surprise inspections.

    - Make laws that allow the EU either to close a local cloud provider or prevent access from Europe to foreign cloud providers found repeatedly in serious breach of the conditions named above. Oh, and put a mandatory clause of cloud contracts that the cloud company is responsible for the monetary damages caused to final customers by this.

    - And apply the laws that are already in place and prevent any government to request data from 'the cloud' without a warrant, signed by a judge (a true one, not one in some 'secret court'), with probable cause and all that stuff.

    Difficult, but not impossible, I'd say.

    1. Anonymous Coward
      Anonymous Coward

      Re: Just a few suggestions

      Pretty heavy on the stick, not heavy enough on the carrot.

      I do believe that establishing codes of best practice and some sensible regulation is fine, but history has shown that governments are notoriously bad at regulating most things. I don't think allowing bureaucrats a free license to regulate fast moving fields like emerging technologies is really a step in the right direction.

      I'd be more inclined to create and encourage think-tanks and voluntary associations where technologists, legislators, businessmen, journalist and private citizens can thrash issues out in public (like this forum).

      Excessive rules and regs tend to get in the way, become quickly obsolete or worse yet, create unfair advantages for groups with more lobbying power and money. The world is moving too quickly to continue applying old school thinking (tax, regulate, rinse, repeat). We are seeing more and more evidence of this everyday.

      In those cases where clear and present danger to the population exists (think CC fraud, identity theft, mass surveillance, warrantless searches, etc-) it is time to apply existing laws against fraud, impersonation, abuse of power, not make new ones.

      The newer problems (like a right to be forgotten or copyright) need to cook awhile in the public laboratory before we let legislators get their hands on them and only after a good case has been argued based on real life experience, not the ranting and screaming of industries newly threatened by technological change.

      1. Mephistro

        Re: Just a few suggestions (@ AC)

        "not heavy enough on the carrot."

        The carrot is the right to sell cloud services in Europe, and it's a huge carrot, in my opinion.

        And I agree that public discussion is important, but based on previous experiences in similar matters, such discussion groups will be infiltrated, controlled and corrupted by industry moles, grass roots movements and the whatnot, in a similar way to what's now happening with net neutrality. Following this route, we may end up with yet another of those 'industry self regulating authorities' which, in my humble opinion, are just an institutionalized scam.

        "...it is time to apply existing laws against fraud, impersonation, abuse of power"

        Many of those existing laws can't do anything about cloud companies. Sometimes said companies are based in countries whose laws allow them to do whatever they -or their governments- please with customers data. Sometimes the companies have awful security and current laws will punish them only with a slap on the wrist. The lack of defined roles in these companies -something that could be so 'by design'- makes impossible to identify the persons responsible for security breaches.

        We need to lay some some legal foundations now. The longer we wait, the more difficult the task will become.

        Of course, it'd be better to do it right from the start, but if this is not the case, having an EU working group charged with finding errors and loopholes in these new cloud laws and proposing changes to said laws where necessary doesn't sound too difficult, does it?

        1. Destroy All Monsters Silver badge
          Holmes

          Re: Just a few suggestions (@ AC)

          The carrot is the right to sell cloud services in Europe, and it's a huge carrot, in my opinion.

          The world does not work that way. That would be like the "right to set up a bank". A bank can make enormous profits due to a special status which allows it to socialize risk about lending out other people's money. Thus the incentive to set up a bank is very much higher than the incentive to set up a cloud service. Indeed, suddenly the cloud service is all about pain, maintenance and regulatory compliance (a shifting and uncertain set of requirements demanding risk management and bullshitting at the best of times)

          There just will be less "cloud services" and those that exist will either be abroad (what's that? want to tell people to not use them? good luck to you, sir) or the persons in charge will just make sure people very near the Hubs Of Power have their back in case unfortunate questions arise. A recipe for cronyism and The Vatican Bank mirrored in the Cloud Domain.

          1. Mephistro

            @ Destroy All Monsters (was Re: Just a few suggestions (@ AC))

            "There just will be less "cloud services" and those that exist will either be abroad (what's that? want to tell people to not use them? good luck to you, sir)"

            No need to tell people not to use them. Filtering these services at ISPs level would be more than enough.

            "or the persons in charge will just make sure people very near the Hubs Of Power have their back in case unfortunate questions arise"

            That's business as usual for other big companies. There are solutions to this problem, but, alas, TPTB don't seem too interested in applying them.

            1. monkeyfish

              Re: @ Destroy All Monsters (was Just a few suggestions (@ AC))

              ...Filtering at the ISP level...

              What? So if a friend over the pond wants to let me view their photos on the cloud I can't because my ISP says so? Why don't we just make an EUnet and pull the walls up while we're at it.

              1. Mephistro

                Re: @ Destroy All Monsters (was Just a few suggestions (@ AC))

                "What? So if a friend over the pond wants to let me view their photos on the cloud I can't because my ISP says so?"

                It wouldn't be the ISPs who say so, but the local laws. You and your friend would need to use a cloud service that respects the laws both sides of the pond. Or just email the photographs.

    2. Daniel von Asmuth
      Pirate

      Re: Just a few suggestions

      Just one: forbid organisations offering services for profit on the Internet, the cable TV network, the telephone network, and the cloud.

  5. Lt.Kije

    How??

    Wot? No Link!!

    How can I drive this stake that I hold into the heart of this privacy sucking vampire?

    1. JudeKay (Written by Reg staff)

      Re: How??

      http://ec.europa.eu/digital-agenda/en/news/public-consultation-cloud-computing-and-software

  6. Lt.Kije

    How??

    Wot?? No Link??

    How can I drive this stake that I hold into the heart of this privacy sucking vampire??

    1. P. Lee
      Joke

      Re: How??

      Seems like we need to plunge a stake into the heart of this comment... it keeps coming back!

  7. Destroy All Monsters Silver badge
    Windows

    Recipe #1

    No software patents, ever and any that exist are retroactively declared null and void.

    No wait, that was another problem, though there is undeniable linkage.

    I like my government-granted monopolies in the morning.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like