Feeds

Privacy winds blow through Clouds towards Switzerland

Safe haven guaranteed?

Secure remote control for conventional and virtual desktops

Opinion Cloud services are one of the major changes to the way companies use computing services, but the weather may be changing as a consequence of increasing activity of European Data Protection watchdogs.

Whereas US citizens and companies have to contend with ever decreasing rights to privacy, EU companies will come under pressure from Data Protection regulators keen to show their independence (as Google has discovered). This will create a demand for assurances.

Companies that do not want to fall foul of privacy regulations have a problem: the legislative anti-terror backdoors installed post 9/11 offer authorities easy access, but provide for little transparency in how those rights are used or what happens to the data afterwards, and they exist in European law too.

In the UK alone, fairly public events have shown that not only such legislation will be abused, even more so when those who are supposed to guard against abuse are in collusion with those who break the law.

The result will be a continued search for a safe haven for any company that requires confidentiality. There are plenty companies that need it: organisations with interesting IP and any entity that handles truly private data such as law firms, medical practices, private banks and finance advisers.

Unsafe harbour

Companies with links to the US will have to prove they are not simply shipping all data to the US, and this may prove impossible. The lack of oversight and control over use of the US PATRIOT Act renders the whole Safe Harbor agreement effectively meaningless, yet companies without such links will only have local legal leverage available as an offset to the risks posed by laws that effectively seek to bypass due process. Europe may be safer, but not safe.

Companies with intelligent lawyers will eventually discover that cross-jurisdictional IT deployment offers the only route to secure storage. For example, they can avoid the EC legal risks by hosting in Switzerland. This creates a two-pronged safety net for abuse of intercept facilities: not only will an international request for assistance create a visible audit trail, Swiss laws are also stricter when it comes to standards of evidence and containment of any information gleaned during an investigation, thus frustrating abuse and returning due process to investigations.

Continuing the Swiss theme, last year has also seen a hardening of the Swiss stance against data theft. They will no longer collaborate with investigations where evidence has been sourced by means considered illegal under Swiss law, which makes the nation all the more attractive as a new data haven for European organisations.

US as well as European law makers will have to find ways to demonstrate that they use their powers responsibly, with more transparency of their use of special powers as a good first step. Otherwise, pressure groups such as Anonymous and Wikileaks will see a continued justification of their existence. A jurisdiction that seeks to avoid due process should not be surprised when its citizens start to ask:

What do they have to hide?

Peter Houppermans is a privacy and IT security expert based in Switzerland.

Security for virtualized datacentres

More from The Register

next story
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
Shades of Mannesmann: Vodafone should buy T-Mobile US
Biting the bullet would let Blighty-based biz flip the bird at AT&T
Net neutrality fans' joy as '2.3 million email' flood hits US Congress
FCC invites opinions in CSV format, after Slowdown day 'success'
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.