Feeds

UK.gov! frets! over! Yahoo! exodus! to! RIPA-free! Dublin!

Theresa May warns Purple One of security worry

Next gen security for virtualised datacentres

Yahoo! was reportedly called into the Home Office on Thursday where Teresa May expressed UK government security concerns about its plans to move its main base in Europe to Ireland.

The internet giant has harboured privacy concerns for some time, according to The Guardian. These concerns can only have been exacerbated by recent revelations from the Edward Snowden files that GCHQ was tapping the images of millions of people using Yahoo! webcams, regardless of whether they were suspects in any criminal activity. Much of the footage was sexually explicit. Yahoo! denounced this as a "whole new level of violation of our users' privacy".

Protecting users' privacy in such cases involves using encryption rather than pulling up roots and moving a firm's base of operations. Yahoo! has been much slower than either Google or Microsoft to roll out encryption for its webmail users, and when it did roll it out, its belated initial crypto efforts were full of security weaknesses.

The Guardian reports that Charles Farr, head of the office for security and counter-terrorism within the Home Office and a former intel agent, lobbied May to talk to Yahoo! because of concerns from Scotland Yard's counter-terrorism command that the move to Ireland could stymie inquiries.

"There are concerns in the Home Office about how RIPA [Regulation of Investigatory Powers Act] will apply to Yahoo once it has moved its headquarters to Dublin," a Whitehall source told The Guardian. "The home secretary asked to see officials from Yahoo because in Dublin they don't have equivalent laws to RIPA. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue."

The paper adds that Yahoo!'s move to Dublin was announced last month. Yahoo! pointed us towards a press release from March 2013 about its plans to hire 200 new people in its Dublin operations centre in arguing that it was simply following a long-standing business plan that was in motion long before the Edward Snowden revelations began last June.

In a statement supplied to El Reg Yahoo confirmed it was moving its main base of operations to Ireland. It sidestepped our request to confirm whether or not this been the topic of recent discussions with the UK Home Office.

In line with the expansion of our Irish operations announced last year, we have made the decision to streamline our operations further and therefore, as of March 21, the services for all our European users will be provided by Yahoo! EMEA in Ireland.

Yahoo! is committed to expanding its operations internationally. To that end, Yahoo strives to make its business operations efficient and flexible. The recent notification of change to the provision of products is part of that drive. We can confirm that we have no plans to close any of our European operations and are committed to driving growth for Yahoo! in EMEA.

Brian Honan, an infosec consultant who founded and heads up the Republic of Ireland's Computer Security Incident Response Team, explained that moving to Ireland will "put Yahoo’s data out of direct reach of the UK government" without changing anything much about how US authorities might be able to access Yahoo! users' data.

"Ireland does not have a version of RIPA, but it is subject to the EU Data Retention Directive which requires all telcos and internet service providers to retain metadata on users phone calls, location (for mobile phones), and emails," Honan explained. "Law enforcement and Defence Forces officials can request access to that data. So moving to Ireland will put Yahoo!’s data out of direct reach of the UK government as they would then have to request that data via courts etc in both jurisdictions."

"However, as Yahoo is a US company it will still be subject to US laws such as the Patriot Act and FISA [Foreign Intelligence Surveillance Act] which they will have to comply with."

Yahoo! is following the same patch as many other internet giants in basing their main European internet operations in the Emerald Isle. The reasons have as much to do with access to a skilled pool of English-speaking technologists as with tax breaks, according to Honan.

"Ireland also provides Yahoo with a lot of other advantages such as a young English speaking and well educated workforce. We are also part of the Euro Zone, which makes trading with companies in other parts of the Euro zone much easier for companies as there are no concerns regarding currency fluctuations. Ireland has invested a lot in the past in the ICT infrastructure and there are many high quality data centres and offices available with excellent international ICT capabilities."

Ireland is also rapidly becoming a centre of excellence for cyber security. This is due in part to the likes of Symantec, Trend Micro, McAfee, Mandiant, Webroot and other security companies being based here, but also large cloud companies such as Google, Amazon, Microsoft, LinkedIn, Facebook, and Twitter, to name but a few. Cyber security skills are also in demand from other industries based here such as pharmaceutical and large financial service providers."

Local companies are acquiring expertise in cyber security, Honan said, adding that corporate tax reasons are not irrelevant to the move without in themselves providing a rationale for Yahoo's decision.

"The corporate tax rate does help but without the above advantages it would not by itself be a major draw. We can see that by other countries (Portugal, Montenegro, Hungary, Cyrpus, Bulgaria) with similar tax regimes not attracting the same level of international companies," he concluded. ®

Next gen security for virtualised datacentres

More from The Register

next story
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?