Feeds

UK.gov! frets! over! Yahoo! exodus! to! RIPA-free! Dublin!

Theresa May warns Purple One of security worry

The Power of One Infographic

Yahoo! was reportedly called into the Home Office on Thursday where Teresa May expressed UK government security concerns about its plans to move its main base in Europe to Ireland.

The internet giant has harboured privacy concerns for some time, according to The Guardian. These concerns can only have been exacerbated by recent revelations from the Edward Snowden files that GCHQ was tapping the images of millions of people using Yahoo! webcams, regardless of whether they were suspects in any criminal activity. Much of the footage was sexually explicit. Yahoo! denounced this as a "whole new level of violation of our users' privacy".

Protecting users' privacy in such cases involves using encryption rather than pulling up roots and moving a firm's base of operations. Yahoo! has been much slower than either Google or Microsoft to roll out encryption for its webmail users, and when it did roll it out, its belated initial crypto efforts were full of security weaknesses.

The Guardian reports that Charles Farr, head of the office for security and counter-terrorism within the Home Office and a former intel agent, lobbied May to talk to Yahoo! because of concerns from Scotland Yard's counter-terrorism command that the move to Ireland could stymie inquiries.

"There are concerns in the Home Office about how RIPA [Regulation of Investigatory Powers Act] will apply to Yahoo once it has moved its headquarters to Dublin," a Whitehall source told The Guardian. "The home secretary asked to see officials from Yahoo because in Dublin they don't have equivalent laws to RIPA. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue."

The paper adds that Yahoo!'s move to Dublin was announced last month. Yahoo! pointed us towards a press release from March 2013 about its plans to hire 200 new people in its Dublin operations centre in arguing that it was simply following a long-standing business plan that was in motion long before the Edward Snowden revelations began last June.

In a statement supplied to El Reg Yahoo confirmed it was moving its main base of operations to Ireland. It sidestepped our request to confirm whether or not this been the topic of recent discussions with the UK Home Office.

In line with the expansion of our Irish operations announced last year, we have made the decision to streamline our operations further and therefore, as of March 21, the services for all our European users will be provided by Yahoo! EMEA in Ireland.

Yahoo! is committed to expanding its operations internationally. To that end, Yahoo strives to make its business operations efficient and flexible. The recent notification of change to the provision of products is part of that drive. We can confirm that we have no plans to close any of our European operations and are committed to driving growth for Yahoo! in EMEA.

Brian Honan, an infosec consultant who founded and heads up the Republic of Ireland's Computer Security Incident Response Team, explained that moving to Ireland will "put Yahoo’s data out of direct reach of the UK government" without changing anything much about how US authorities might be able to access Yahoo! users' data.

"Ireland does not have a version of RIPA, but it is subject to the EU Data Retention Directive which requires all telcos and internet service providers to retain metadata on users phone calls, location (for mobile phones), and emails," Honan explained. "Law enforcement and Defence Forces officials can request access to that data. So moving to Ireland will put Yahoo!’s data out of direct reach of the UK government as they would then have to request that data via courts etc in both jurisdictions."

"However, as Yahoo is a US company it will still be subject to US laws such as the Patriot Act and FISA [Foreign Intelligence Surveillance Act] which they will have to comply with."

Yahoo! is following the same patch as many other internet giants in basing their main European internet operations in the Emerald Isle. The reasons have as much to do with access to a skilled pool of English-speaking technologists as with tax breaks, according to Honan.

"Ireland also provides Yahoo with a lot of other advantages such as a young English speaking and well educated workforce. We are also part of the Euro Zone, which makes trading with companies in other parts of the Euro zone much easier for companies as there are no concerns regarding currency fluctuations. Ireland has invested a lot in the past in the ICT infrastructure and there are many high quality data centres and offices available with excellent international ICT capabilities."

Ireland is also rapidly becoming a centre of excellence for cyber security. This is due in part to the likes of Symantec, Trend Micro, McAfee, Mandiant, Webroot and other security companies being based here, but also large cloud companies such as Google, Amazon, Microsoft, LinkedIn, Facebook, and Twitter, to name but a few. Cyber security skills are also in demand from other industries based here such as pharmaceutical and large financial service providers."

Local companies are acquiring expertise in cyber security, Honan said, adding that corporate tax reasons are not irrelevant to the move without in themselves providing a rationale for Yahoo's decision.

"The corporate tax rate does help but without the above advantages it would not by itself be a major draw. We can see that by other countries (Portugal, Montenegro, Hungary, Cyrpus, Bulgaria) with similar tax regimes not attracting the same level of international companies," he concluded. ®

Maximizing your infrastructure through virtualization

More from The Register

next story
Sit back down, Julian Assange™, you're not going anywhere just yet
Swedish court refuses to withdraw arrest warrant
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
British cops cuff 660 suspected paedophiles
Arrests people allegedly accessing child abuse images online
LightSquared backer sues FCC over spectrum shindy
Why, we might as well have been buying AIR
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.