I think your overall point is accurate and would go further to add that there is an ironic safety in storing my data with "hostile" nations (or corporations associated with them) over nations that are "friendly" and readily exchanging data with my own.
The US is in fact far more likely to imprison/traumatize one of its citizens over one of its many obscure technicalities (whether actually violated or not) than say NK is to attempt to use data to somehow pressure that US citizen.
Trying to decipher the underlying perspective of the article, I also find mirth in the apparent angst of all the secret agents and their sponsors; they have no idea what corporation will screw up their cover. Joseph Conrad would be proud of our progress even if it is marginal.
I find it hard to believe that data is safer being stored outside the United States - it's probably more susceptible outside the US to be spied on than inside.
For me, it's not about shifting data out of naivety that companies/users aren't being spied on everywhere.
Instead it's about shifting data into a legal domain in which you hope to hold someone to account for intrusive spying.
A non-US entity has zero chance of ever holding the government and agencies of the USA to account. And we're also aware that US companies can be forced by the US government or agencies to access data held (by them) overseas.
But we do have some chance (fractionally above zero, I'm not deluding myself) of holding our own governments and companies within our legal domain to account.
None of it is a substitute to encryption, but this isn't solved through tech alone.
It's not that, and it's not okay. It's just less impactful if a foreign government has your data vs the one that can actually apply meaningful consequences if they don't like what they see.
I totally agree with you that it should be considered good practice to host one's data outside one own country, so that we're preserved for any deviant paranoia government may happen to have (and other government would probably care less of individual data if you're not from their country).
All countries are not equals, though. China and US are known to have no regard for privacy, and are prone to violent actions - so I'd rather chose an other country. Of course, we can't expect any country to behave good, simply because we have no mean to know it. But we can expect countries with no aggressive reputation and with low budget to be less dangerous.
Adding to my previous comment: If I lived in the US, I'd be far more afraid of how American companies and government entities use my data. It's a far more real and immediate threat.
It isn't really surprising when those foreign powers are actively hostile not only to your country, but to fundamental moral principles you hold dear.
To be clear, it's definitely not at all better in any meaningful sense for Google/the US government to have your data. But sometimes it's about the principle of the thing.
The safeguards for foreigners are much less than those for US citizens. For example, the NSA doesn't need to go through FISA court to spy on non-citizens. So if you store your data on a non-US server, you're probably just making it easier for them to get to it, not harder.
Not to mention, most countries will pretty much cooperate with the US when it comes to intelligence. The only ones that might not are countries like Russia or China that have their own military-industrial complexes, which are just as eager to get at your data and a lot less scrupulous about using it.
Exactly. A lot of the fallout from this seems to be revolving around the idea of getting a service in 'not the USA'. Never mind the fact that:
a) The US has been shown to actively compromise targets in their ally's jurisdictions and then share that information. We can assume allies are doing similar.
b) Countries not allied to the US are not necessarily your friends either.
Odd times, when the data havens proposed by Neal Stephenson in his sci-fi books start to look more and more important... to the citizens of (supposedly) the most freedom-loving country in the world.
It's not safe/unsafe 0-1 game. Unless you have some information not available to the public you would be crazy to think it's good idea to store anything sensitive in US comparing to some European countries (if you have a choice) as of today at least. If anything there aren't many countries out there with comparable resources dedicated to spying and no countries have that extensive history of using military and intelligence information for economic gains.
I have no problem with countries demanding that their citizen's data be stored within their borders and subject to their laws alone. As a Canadian, I take it as a given that any data of mine or about me that's stored on American soil is to be considered as-good-as-public, thanks to their alleged willingness to go so far as to steal sensitive data and share it with competing American interests. [0]
Will you always be able to access your data stored on North Korean soil?
Sure, if it's properly encrypted, the North Korean government may not be able to access it, but nothing's stopping them from cutting you off and holding your data hostage.
I used to work for a company that made software for casinos. Many of them were on tribal land, and refused to use any cloud services because they didn't want any of their data on American soil. All their software was on-prem, all their data was on-prem. If Uncle Sam came a-knockin' with warrants and court orders, they'd tell him to take it up with the tribal elders.
"In a nutshell, the US government claims it should not matter where the data is stored. What matters is whether the company can access that data in the US."
Ugh, not that I like the idea, I kind of think they are correct.
This could also be a positive. If you lived in a country where you had sensitive data at risk you could store this data in a country you felt comfortable with.
I agree with this as an American as well. Obviously worries about the NSA getting your data are moot if the data was American to begin with, but there are a lot of other concerns, too. I wouldn't feel comfortable with my medical data being stored just anywhere, and I think it's entirely reasonable that the U.S. government should be able to put some restrictions on where it's stored.
It may be possible to come up with a list of reasonably similar and friendly countries where such restrictions are dropped, because they agree to similar protections, and form a kind of common data-storage zone. For example, I am probably okay with reputable Canadian or German companies being contracted to store sensitive data. We could have a treaty formalizing what that zone is and what common protections will be applied. But the TPP is not by any reasonable stretch of the imagination that zone. The TPP includes countries where being homosexual is a serious crime, for example. Is it really wise for the U.S. government to agree to be bound by treaty not to take measures to keep its citizens' medical data, student records, employment records, etc. out of those countries' hands?
Right, which is exactly why it's dangerous to allow foreign (that is, US) companies to control your citizens' data, particularly if that data is not safeguarded against those foreign governments (e.g. due to "national security" laws).
The US is in fact far more likely to imprison/traumatize one of its citizens over one of its many obscure technicalities (whether actually violated or not) than say NK is to attempt to use data to somehow pressure that US citizen.
Trying to decipher the underlying perspective of the article, I also find mirth in the apparent angst of all the secret agents and their sponsors; they have no idea what corporation will screw up their cover. Joseph Conrad would be proud of our progress even if it is marginal.
reply