[zonbron]

Citaat:

Oorspronkelijk geplaatst door Nr.10

Alle data van Megaupload werd aangeslagen.
Waar houden dropbox en google drive hun data?
Onder welke wetgeving valt die data?

Een moeilijk onderwerp waarover zonder twijfel heel wat te vertellen valt.
Op de eerste plaats moet U zich afvragen of U die service daadwerkelijk nodig hebt. Ook omvat cloud-computing heel wat toepassingen.

Zo zou U zich ook moeten afvragen, indien het over gevoelige data gaat, wie U betrouwt om deze op te slagen. Bedrijven in de VS bvb vallen onder strenge wetgeving (Patriot Act ea.) en zo bestaan er ook bedrijven die maar al te graag samenwerken met de overheid en zelfs zonder 'court order' belangrijke gegevens van hun gebruikers mededelen, een simpele aanvraag voldoet. Ze doen dat niet steeds, maar toch gebeurt dat regelmatig en de uiteindelijke beslissing ligt bij hunzelf, Microsoft en Google zijn inderdaad schoolvoorbeelden van zulke bedrijven.

Meer weten over dit onderwerp : todaysengineer - Policy in the Cloud: Part II — Issues Engaging Policy-Makers




Genomen uit voorvernoemde site :

Physical Location and Access Issues

Jurisdictional issues affecting the Cloud are paramount. A number of countries have adopted laws governing where certain types of electronic information may be located, such as the European Union, which prohibits consumer data from being transferred to countries outside the EU without consent unless the data host can meet specific “safe harbor” requirements, a European law enacted in reaction to the extraterritorial application of the U.S. Patriot Act.

In the United States, many states, such as California, have laws which restrict contracting of various state-funded services to vendors located out-of-state, which is hampering the ability of state IT planners to utilize Cloud services. These restrictions are motivated by a variety of policy interests, from ensuring citizen access to data to protecting jobs to promoting in-state businesses with tax payer dollars.

There are also a number of federal laws and associated regulations that can limit Cloud service options. For example, the U.S. Health Insurance Portability and Accountability Act (HIPPA) opened the doors to electronic health records but sets strict access and audit requirements on organizations handling personal health data in order to ensure patient access.

U.S. trade law is another area that poses location challenges for companies that sell Cloud-related goods and services to the U.S. government. The Trade Agreements Act of 1979 (TAA) prohibits government contractors from manufacturing products or setting up shop in countries that don’t have trade agreements with United States. In a Cloud context, the law creates unanswered questions about whether the data hosting facility would have to be in a TAA-approved country and/or whether a contracting company located in a TAA-approved country could subcontract data center management to a company in another overseas location. To illustrate the policy dilemma, Afghanistan, Yemen and Somalia are TAA-designated countries, but India is not.

In October, the Government Accountability Office forced the General Services Administration to reopen a $2.5 federal Cloud computing contract based on a challenge by Technosource Information Systems of Annapolis, Md., and TrueTandem of Reston, Va., to GSA’s requirement that bidders locate their data centers in TAA-designated countries. The GAO essentially concluded that the TAA only requires that bidding companies be incorporated in TAA-designated countries. Although forced to rebid the contract, GSA defended the geographic restriction to TAA-designated countries as a compromise between information security and free trade, arguing that the government has a need to know where its data resides and transits, as well as a need to assure access to the data. Those rationales resonate with many policy-makers and others, who are likely to seek clarification through the legislative process and/or in the courts.

The trade issue becomes particularly significant since other free trade commitments under regional and international trade agreements may also create a legal basis for challenges to geographic location requirements negotiated into federal procurement contracts.

The uncertainty about many of these regulatory requirements, combined with access concerns has prompted several enterprise Cloud vendors to modify their offerings so that they can assure clients that their data is geographically accessible and where it is physically located at all times.

Cloud computing can also raise issues in the context of U.S. controls over the export or reexport of software and technology regulated under the International Traffic in Arms Regulations (ITAR) and Office of Foreign Assets Control (OFAC) rules and regulations. Generally, U.S. Export Administration Regulations (EAR) make no distinction between export of physical items and electronic transmission of software or technology when defining what constitutes an “export.” Movement of software across U.S. borders in the Cloud, especially software containing restricted encryption source code, can trigger these U.S. export controls, creating legal obligations and potential liability for Cloud service providers and their customers.

...





Global Competition and the Cloud

Cloud Computing presents tremendous business opportunities for U.S. companies to sell IT products and services globally. Forrester Research has projected the global market for cloud services will grow to nearly $250 Billion by 2020. As U.S. companies position themselves to compete for a share of that market, U.S. laws can hinder their efforts or put them at a competitive disadvantage.

One such example is the U.S. Patriot Act, the law passed post-9/11 that was designed to help support the war on terror in part by giving U.S. intelligence agencies enhanced powers to gather data on suspected terrorists. The U.S. has used the Patriot Act powers in various ways, such as compelling foreign airlines to provide passenger information. Now, non-U.S. Cloud competitors are using the Patriot Act to discourage foreign countries from signing on with U.S.-based cloud providers like Google and Microsoft. The sales pitch asserts that use of U.S.-based cloud services makes your confidential business data accessible to U.S. intelligence agencies under the Patriot Act.

Conclusion

Cloud Computing, like all new technologies that are widely adopted, is socially disruptive. It not only is changing how we live and work, it is also creating legal ambiguities and raising policy questions that require a rebalancing of public interests. Over time, these issues will be resolved in the courts and by our legislatures with the passage of new laws. The speed and effectiveness of the solutions depends, to a significant degree, on how well informed the policy-makers are about the new technology and how it works. This simple fact suggests that technical professionals have an important role to play in actively engaging the policy-process as advisors and advocates at all levels of government.