davidbgk
/
larlet-fr-david-cache
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Versions 0 Activité
A place to cache linked articles (think custom and personal wayback machine)
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
397 Révisions
1 Branche
Aborescence: 8117a1624c
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '8117a1624c'
${ noResults }
larlet-fr-david-cache/cache/2d7603b0da4eff5a720982e2d95.../index.md

index.md 13KB
Brut Vue normale Historique

Add cache data
il y a 4 ans
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210 
  1. title: The End of Safe Harbor and a Scary Path Forward

  2. url: http://lucumr.pocoo.org/2015/10/6/end-of-safe-harbor/

  3. hash_url: 2d7603b0da4eff5a720982e2d957a803

  4. 

  5. <p>In the Austrian internets <a class="reference external" href="http://www.politico.eu/wp-content/uploads/2015/10/schrems-judgment.pdf">the news about the end of the safe harbor act</a>

  6. has been universally welcomed it seems.  Especially from non technical

  7. folks that see this as a big win for their privacy.  Surprisingly many

  8. technical people also welcomed this ruling.  And hey, if Snowden says

  9. that's a good ruling, who will argue against.</p>

  10. <p>I'm very torn about this issue because from a purely technical point of

  11. view it is very tricky to follow the ruling and by keeping to the current

  12. state of our data center environments in the light of some other rulings.</p>

  13. <p>I'm as disappointed as everybody else that government agencies are

  14. operating above what seems reasonable from a privacy point of view, but we

  15. should be careful about what how this field develops.  Fundamentally

  16. sharing information on the internet and the right to privacy stand in

  17. conflict to each other and the topic is a lot more complex than to just

  18. demand more privacy without considering what this means on a technical

  19. level.</p>

  20. <div class="section" id="what-was-safe-harbor">

  21. <h2>What Was Safe Harbor?</h2>

  22. <p>The US-EU Safe Harbor laws declared US soil as a safe location for user

  23. data to fulfill the European Privacy Directive.  In a nutshell: this was

  24. the only reason any modern internet service could keep their primary user

  25. data in the United States on services like Amazon EC2 or Heroku.</p>

  26. <p>In essence Safe Harbor was a self assessment that an American company

  27. could sign to make itself subject to the European Data Protection

  28. Directive.  At least in principle.  Practically very few US companies

  29. cared about privacy which is probably a big reason why we ended up in this

  30. situation right now.  The second one is the NSA surveillance but I want to

  31. cover this in particular separately a bit later.</p>

  32. </div>

  33. <div class="section" id="what-changed">

  34. <h2>What Changed?</h2>

  35. <p>Maximillian Schrems, an Austrian citizen, has started an investigation

  36. into Facebook and it's data deletion policies a while ago and been

  37. engaging with the Irish authorities on that matter ever since.  The Irish

  38. rejected the complaint because they referred to the Safe Harbor act.  What

  39. changed now is that the European Court of Justice ruled the following:</p>

  40. <blockquote>

  41. <p>In today’s judgment, the Court of Justice holds that the existence of

  42. a Commission decision finding that a third country ensures an adequate

  43. level of protection of the personal data transferred cannot eliminate

  44. or even reduce the powers available to the national supervisory

  45. authorities under the Charter of Fundamental Rights of the European

  46. Union and the directive.</p>

  47. <p>[…]</p>

  48. <p><strong>For all those reasons, the Court declares the Safe Harbour Decision

  49. invalid</strong>. This judgment has the consequence that the Irish supervisory

  50. authority is required to examine Mr Schrems’ complaint with all due

  51. diligence and, at the conclusion of its investigation, is to decide

  52. whether, pursuant to the directive, transfer of the data of Facebook’s

  53. European subscribers to the United States should be suspended on the

  54. ground that that country does not afford an adequate level of

  55. protection of personal data.</p>

  56. </blockquote>

  57. <p>The detailed ramifications of this are a bit unclear, but if you were

  58. relying on Safe Harbor so far, you probably have to move servers now.</p>

  59. </div>

  60. <div class="section" id="why-was-safe-harbor-useful">

  61. <h2>Why Was Safe Harbor Useful?</h2>

  62. <p>So if you take the internet three years ago (before the Ukrainian

  63. situation happened) the most common of legally running an international

  64. internet platform as a smallish startup was to put the servers somewhere

  65. in the US and fill out the safe harbor self assessment every 12 months.</p>

  66. <p>To understand why that was a common setup you need to consider why it was

  67. chosen in the first place.  The European Data Protection Directive came

  68. into effect quite a long time ago.  It's dated for the end of 1995 and

  69. required user data to be either stored in EFTA states or optionally in

  70. another country if it can be ensured that the same laws are upheld.  This

  71. is what safe harbor did.  In absence of this, all data from European

  72. citizens must be stored on European soil.</p>

  73. <p>After the Ukrainian upraising and after Crimea fell to the Russian

  74. Federation a few things changed.  International sanctions were put up

  75. against Russia and Russia decided to adopt the same provision as the

  76. European Union: Russian citizen's data has to be stored on Russian

  77. servers.  This time however without an option to get exceptions to this

  78. rule.</p>

  79. <p>It's true that the US do not yet have a provision that requires US citizen

  80. data to be stored in the States, but this is something that has been

  81. discussed in the past and it's a requirement for working with the

  82. government already.  However with both Russia and Europe we now have two

  83. large international players that set the precedent and it can only get

  84. worse from here.</p>

  85. </div>

  86. <div class="section" id="privacy-vs-data-control">

  87. <h2>Privacy vs Data Control</h2>

  88. <p>The core of the issue currently is that data is considered power and

  89. privacy is a secondary issue there.  While upholding privacy is an

  90. important and necessary goal, we need to be careful to not forget that

  91. the European countries are not any better.  While it's nice to blame the

  92. NSA for world wide surveillance programs, we Europeans have our own

  93. governmental agencies that act with very little supervision and especially

  94. in the UK operate on the same invasiveness as in the US.</p>

  95. <p>A European cloud provider will have to comply with local law enforcement

  96. just as much as an American cloud provider will have to be with federal US

  97. one.  The main difference just being the institutions involved.</p>

  98. <p>The motivation for the Russian government is most likely related to law

  99. enforcement over privacy.  I'm almost sure they care more about keeping

  100. certain power over companies doing business in Russia to protect

  101. themselves against international sanctions than their citizens privacy.</p>

  102. </div>

  103. <div class="section" id="data-locality-and-personal-data">

  104. <h2>Data Locality and Personal Data</h2>

  105. <p>So what exactly is the problem with storing European citizens data in

  106. Europe, data of Americans in the states and the data of Russians somewhere

  107. in the Russian Federation?  Unsurprisingly this is a very hard problem to

  108. solve if you want to allow people from those different countries to

  109. interact with each other.</p>

  110. <p>Let's take a hypothetical startup here that wants to build some sort of

  111. Facebook for climbers.  They have a very niche audience but they attract

  112. users from all over the world.  Users of the platform can make

  113. international friendships, upload their climbing trips, exchange messages

  114. with each other and also purchase subscriptions for "pro" features like

  115. extra storage.</p>

  116. <p>So let's say we want to identify Russians, Americans and Europeans to keep

  117. the data local to each of their jurisdictions.  The easy part is to set up

  118. some servers in all of those countries and make them talk to each other.

  119. The harder part is to figure out which user belongs to which jurisdiction.

  120. One way would be to make users upload their passport upon account creation

  121. and determine their main data center by their citizenship.  This obviously

  122. would not cover dual citizens.  A Russian-American might fall into two

  123. shards on a legal basis but they would only opt into one of them.  So

  124. let's ignore those outliers.  Let's also ignore what happens if the

  125. citizenship of a user changes because that process is quite involved and

  126. usually takes a few years and does not happen all that commonly.</p>

  127. <p>Now that we know where users are supposed to be stored, the question is

  128. how users are supposed to interact with each other.  While distributed

  129. databases exist, they are not magic.  Sending information from country to

  130. country takes a lot of time so operations that affect two users from

  131. different regions will involve quite a bit of delay.  It also requires

  132. that the data temporarily crosses into another region.  So if an American

  133. user sends data to a Russian user, that information will have to be

  134. processed somewhere.</p>

  135. <p>The problem however is if the information is not temporarily in flux.  For

  136. instance sending a message from Russia to America could be seen as falling

  137. as being a duplicated message that is both intended for the American and

  138. Russian jurisdiction.  Tricker it gets with information that cannot be

  139. directly correlated to a user.  For instance what your friends are.

  140. Social relationships can only be modelled efficiently if the data is

  141. sufficiently local.  We do not have magic in computing and we are bound to

  142. the laws of physics.  If your friends are on the other side of the world

  143. (which nowadays the most likely are) it becomes impossible to handle.</p>

  144. <p>Credit card processing also falls in to this.  Just because you are

  145. British does not mean your credit card is.  Many people live in other

  146. countries and have many different bank accounts.  The data inherently

  147. flows from system to system to clear the transaction.  Our world is very

  148. connected nowadays and the concept of legal data locality is very much at

  149. odds with the realities of our world.</p>

  150. <p>The big cloud services are out, because they are predominantly placed in

  151. the US.  Like it or not, Silicon Valley is many, many years ahead of what

  152. European companies can do.  While there are some tiny cloud service

  153. providers in Europe, they barely go further than providing you with

  154. elastically priced hardware.  For European startups this is a significant

  155. disadvantage over their American counterparts when they can no longer use

  156. American servers.</p>

  157. </div>

  158. <div class="section" id="privacy-not-data-locality">

  159. <h2>Privacy not Data Locality</h2>

  160. <p>The case has been made that this discussion is not supposed to be about

  161. data locality but about privacy.  That is correct for sure, but

  162. unfortunately data centers fall into the jurisdiction of where they are

  163. placed.  Unless we come up with a rule where data centers are placed on

  164. international soil where they computers within them are out of

  165. government's reach, a lot of this privacy discussion is dishonest.</p>

  166. <p>What if the bad player are the corporates and now the governments?  Well

  167. in that case that was the whole point of safe harbor to begin with: to

  168. enforce stricter privacy standards on foreign corporations for European

  169. citizens.</p>

  170. </div>

  171. <div class="section" id="how-to-comply">

  172. <h2>How to Comply?</h2>

  173. <p>Now the question is how to comply with what this is going into.  These new

  174. rules are more than implementable for Facebook size corporations, but it

  175. is incredibly hard to do for small startups.  It's also not quite clear

  176. what can and what cannot be done with data now.  At which point data is

  177. considered personal and at which point it is not, is something that

  178. differs from country to country and is in some situations even not

  179. entirely clear.  For instance according to the UK DPA user relationships

  180. are personal information if they have "biographical significance".</p>

  181. </div>

  182. <div class="section" id="a-disconnected-world">

  183. <h2>A Disconnected World</h2>

  184. <p>What worries me is that we are taking a huge step back from an

  185. interconnected world where people can share information with each other,

  186. to more and more incompatible decentralization.  Computer games

  187. traditionally have already enforced shards where people from different

  188. countries could not play together because of legal reasons.  For instance

  189. many of my Russian friends could never play a computer game with me,

  190. because they are forced to play in their own little online world.</p>

  191. <p>Solutions will be found, and this ruling will probably have no significance

  192. for the average user.  Most likely companies will ignore the ruling

  193. entirely anyways because nobody is going to prosecute anyone unless they

  194. are Facebook size.  However that decisions of this magnitude are made

  195. without considering the technical feasibility is problematic.</p>

  196. </div>

  197. <div class="section" id="the-workaround">

  198. <h2>The Workaround</h2>

  199. <p>For all intents and purposes nothing will really change for large

  200. companies like Facebook anyways.  They will have their lawyers argue that

  201. their system cannot be implemented in a way to comply with forcing data to

  202. live in Europe and as such will refer to Article 26 of the Data Protection

  203. Directive which states that personal data to an untrusted third country on

  204. either a user given consent to this or there being a technical necessity

  205. for fulfilling the contract between user and service provider.  The TOS

  206. will change, the lawyers will argue and in the end the only one who will

  207. really have to pick up the shards are small scale companies which are

  208. already overwhelmed by all the prior rules.</p>

  209. <p>Today does not seem to be a good day for small cloud service providers.</p>

  210. </div>