Microsoft vs US.gov, Internet of Stuff, Big Data: Some of 2015's legal cloudy issues

Strolling through a data privacy minefield


Cloud, Big Data, the Internet of Things are among the hottest topics that vendors are driving in 2015, but there are five legal developments in each that are worth tracking.

1. Microsoft and US government go to court

Again, Microsoft is resisting attempts by the US government to get access to the user data it is holding outside the US. Microsoft has been storing user data geographically closer to said user, as this not only reduces lag (improving the user experience) but, in theory at least, reduces the ability of governments to get access to that data.

The revelations by Edward Snowden of wide-scale access by the US government to data under the NSA’s Prism programme - particularly to data of non-US nationals - have given rise to a new global tension in the cloud sector.

While everyone suspected the US government was accessing data, few knew the scale. This has put the spotlight on US cloud providers. If customers believe the US government can access their data because it is held by a US provider, the fear is they will move to cloud without a US angle, meaning the government is potentially damaging the growth of its own cloud industry.

Microsoft is taking a stand. The New York District Court ruled in the US government’s favour allowing it to rely upon the Stored Communications Act to get access to personal data that Microsoft had stored in Dublin. The company has yet to comply with the order running the risk that it will be held in contempt of court, leading to fines.

The latest salvo in this battle of the cloud came in December 2014, when Microsoft’s General Counsel published a list of companies and organisations who had filed “friend of the court” briefs supporting Microsoft’s position. This is an impressive list including technology companies such as Amazon, Apple, Cisco, eBay, HP, Rackspace, Salesforce and Verizon. It also includes 17 major news and media companies such as CNN, ABC, Fox News, Forbes and The Guardian.

This year is likely to be when we finally get resolution, one way or another. At stake is potentially the entire non-USA cloud business of US cloud providers.

While everyone suspected the US was accessing data, few knew the scale. The fear is customers will move to cloud without a US angle, meaning the US government is possibly damaging its own cloud industry

2. Internet of Things will cause privacy concerns

We are all used to making some form of compromise over access to information about our private lives as the cost of living in modern society. For example, we accept surveillance via proliferated CCTV, analysis of our spending habits via store loyalty cards, or the tracking of our movements and data on our smart phones. The Internet of Things expands this on a grand scale. Gartner forecasts there will be nearly five billion connected devices by the end of this year, and 25bn in 2020.

IoT massively increases the opportunity for hackers to get access to our personal data. This prompted the Chair of the US Federal Trade Commission to air her concerns at CES 2015.

The answer, not surprisingly, is for manufacturers of IoT devices to take data security into account early on and to limit data to that which is actually necessary for the use of the device.

This is not new ground. The European data protection laws have long tried to control the flow of personal data. Data security is all about the steps you take to protect the data.

What is interesting is that this is a prominent figure in the US raising privacy concerns. Expect the US and the EU to toughen their stance on privacy issues, in part because of IoT.

3. Massive data security fines get closer

Every month there seems to be another story of data leaks or hacking. Or both. Aside from damage to reputation, it is sometimes cheaper for a business to suffer a data breach than to introduce properly secure systems. But with new, increased data breach fines jumping to up to €100m (or five per cent of global turnover under the new EU Data Protection Regulation) data security is likely to jump up the priority list for budget expenditure.

There will be other changes too, for example, organisations will need to appoint a data protection officer, they will need to actually notify the authorities where there has been a data security breach notification. And of course, there is the infamous “right to be forgotten”.

Recent surveys have shown that, other than this new right to be forgotten, businesses are not aware of, or not prepared for, the new law. The new President of the European Commission, Jean-Claude Juncker, gave June 2015 as the deadline to conclude negotiations for the regulation, as well as the review of the Safe Harbour arrangement with the US.

But progress is slow, with a Euro MP recently complaining that the UK, France and Germany are holding up proceedings.

The so-called ‘right to be forgotten’ regulation is not the answer to Prism but it is an attempt to update EU data protection laws for modern uses of data. While it seems unlikely the new regulation will actually become law in 2015, we can expect it to start taking final form

The regulation is not the answer to Prism but it is an attempt to update EU data protection laws for modern uses of data particularly in relation to mobile, cloud, Big Data and the IoT. While it seems unlikely the new regulation will actually become law in 2015, we can expect it to start taking final form.

Even if the UK votes to leave the EU following the general election later this year, we will still be subject to the regulation if we are to continue trading with the remaining EU members. So, 2015 is a good year to get your data security house in order.


Other stories you might like

  • AMD refreshes Ryzen Embedded line with R2000 series
    The target? Thin clients and industrial devices – with new SoC family running up to 4 independent displays

    Embedded World AMD is bringing to market a new generation of Ryzen chips for embedded apps promising more CPU cores, enhanced built-in graphics and expanded I/O connectivity to drive kit such as IoT devices and thin clients.

    Crucially, AMD plans to make the R2000 Series available for up to 10 years, providing OEM customers with a long-lifecycle support roadmap. This is an important aspect for components in embedded systems, which may be operating in situ for longer periods than the typical three to five-year lifecycle of corporate laptops and servers.

    The Ryzen Embedded R2000 Series is AMD's second-generation of mid-range system-on-chip (SoC) processors that combine CPU cores plus Radeon graphics, and target a range of embedded systems such as industrial and robotic hardware, machine vision, IoT and thin client devices. The first, R1000, came out in 2019.

    Continue reading
  • ZTE intros 'cloud laptop' that draws just five watts of power
    The catch: It hooks up to desktop-as-a-service and runs Android – so while it looks like a laptop ...

    Chinese telecom equipment maker ZTE has announced what it claims is the first "cloud laptop" – an Android-powered device that the consumes just five watts and links to its cloud desktop-as-a-service.

    Announced this week at the partially state-owned company's 2022 Cloud Network Ecosystem Summit, the machine – model W600D – measures 325mm × 215mm × 14 mm, weighs 1.1kg and includes a 14-inch HD display, full-size keyboard, HD camera, and Bluetooth and Wi-Fi connectivity. An unspecified eight-core processors drives it, and a 40.42 watt-hour battery is claimed to last for eight hours.

    It seems the primary purpose of this thing is to access a cloud-hosted remote desktop in which you do all or most of your work. ZTE claimed its home-grown RAP protocol ensures these remote desktops will be usable even on connections of a mere 128Kbit/sec, or with latency of 300ms and packet loss of six percent. That's quite a brag.

    Continue reading
  • Oracle shrinks on-prem cloud offering in both size and cost
    Now we can squeeze required boxes into a smaller datacenter footprint, says Big Red

    Oracle has slimmed down its on-prem fully managed cloud offer to a smaller datacenter footprint for a sixth of the budget.

    Snappily dubbed OCI Dedicated Region Cloud@Customer, the service was launched in 2020 and promised to run a private cloud inside a customer's datacenter, or one run by a third party. Paid for "as-a-service," the concept promised customers the flexibility of moving workloads seamlessly between the on-prem system and Oracle's public cloud for a $6 million annual fee and a minimum commitment of three years.

    Big Red has now slashed the fee for a scaled-down version of its on-prem cloud to $1 million a year for a minimum period of four years.

    Continue reading

Biting the hand that feeds IT © 1998–2022