Feeds

UK.gov! frets! over! Yahoo! exodus! to! RIPA-free! Dublin!

Theresa May warns Purple One of security worry

Security for virtualized datacentres

Yahoo! was reportedly called into the Home Office on Thursday where Teresa May expressed UK government security concerns about its plans to move its main base in Europe to Ireland.

The internet giant has harboured privacy concerns for some time, according to The Guardian. These concerns can only have been exacerbated by recent revelations from the Edward Snowden files that GCHQ was tapping the images of millions of people using Yahoo! webcams, regardless of whether they were suspects in any criminal activity. Much of the footage was sexually explicit. Yahoo! denounced this as a "whole new level of violation of our users' privacy".

Protecting users' privacy in such cases involves using encryption rather than pulling up roots and moving a firm's base of operations. Yahoo! has been much slower than either Google or Microsoft to roll out encryption for its webmail users, and when it did roll it out, its belated initial crypto efforts were full of security weaknesses.

The Guardian reports that Charles Farr, head of the office for security and counter-terrorism within the Home Office and a former intel agent, lobbied May to talk to Yahoo! because of concerns from Scotland Yard's counter-terrorism command that the move to Ireland could stymie inquiries.

"There are concerns in the Home Office about how RIPA [Regulation of Investigatory Powers Act] will apply to Yahoo once it has moved its headquarters to Dublin," a Whitehall source told The Guardian. "The home secretary asked to see officials from Yahoo because in Dublin they don't have equivalent laws to RIPA. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue."

The paper adds that Yahoo!'s move to Dublin was announced last month. Yahoo! pointed us towards a press release from March 2013 about its plans to hire 200 new people in its Dublin operations centre in arguing that it was simply following a long-standing business plan that was in motion long before the Edward Snowden revelations began last June.

In a statement supplied to El Reg Yahoo confirmed it was moving its main base of operations to Ireland. It sidestepped our request to confirm whether or not this been the topic of recent discussions with the UK Home Office.

In line with the expansion of our Irish operations announced last year, we have made the decision to streamline our operations further and therefore, as of March 21, the services for all our European users will be provided by Yahoo! EMEA in Ireland.

Yahoo! is committed to expanding its operations internationally. To that end, Yahoo strives to make its business operations efficient and flexible. The recent notification of change to the provision of products is part of that drive. We can confirm that we have no plans to close any of our European operations and are committed to driving growth for Yahoo! in EMEA.

Brian Honan, an infosec consultant who founded and heads up the Republic of Ireland's Computer Security Incident Response Team, explained that moving to Ireland will "put Yahoo’s data out of direct reach of the UK government" without changing anything much about how US authorities might be able to access Yahoo! users' data.

"Ireland does not have a version of RIPA, but it is subject to the EU Data Retention Directive which requires all telcos and internet service providers to retain metadata on users phone calls, location (for mobile phones), and emails," Honan explained. "Law enforcement and Defence Forces officials can request access to that data. So moving to Ireland will put Yahoo!’s data out of direct reach of the UK government as they would then have to request that data via courts etc in both jurisdictions."

"However, as Yahoo is a US company it will still be subject to US laws such as the Patriot Act and FISA [Foreign Intelligence Surveillance Act] which they will have to comply with."

Yahoo! is following the same patch as many other internet giants in basing their main European internet operations in the Emerald Isle. The reasons have as much to do with access to a skilled pool of English-speaking technologists as with tax breaks, according to Honan.

"Ireland also provides Yahoo with a lot of other advantages such as a young English speaking and well educated workforce. We are also part of the Euro Zone, which makes trading with companies in other parts of the Euro zone much easier for companies as there are no concerns regarding currency fluctuations. Ireland has invested a lot in the past in the ICT infrastructure and there are many high quality data centres and offices available with excellent international ICT capabilities."

Ireland is also rapidly becoming a centre of excellence for cyber security. This is due in part to the likes of Symantec, Trend Micro, McAfee, Mandiant, Webroot and other security companies being based here, but also large cloud companies such as Google, Amazon, Microsoft, LinkedIn, Facebook, and Twitter, to name but a few. Cyber security skills are also in demand from other industries based here such as pharmaceutical and large financial service providers."

Local companies are acquiring expertise in cyber security, Honan said, adding that corporate tax reasons are not irrelevant to the move without in themselves providing a rationale for Yahoo's decision.

"The corporate tax rate does help but without the above advantages it would not by itself be a major draw. We can see that by other countries (Portugal, Montenegro, Hungary, Cyrpus, Bulgaria) with similar tax regimes not attracting the same level of international companies," he concluded. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.