MS, US take aim at Microsoft and the US government have thrown their weight behind the idea of a one-size-fits-all approach to data protection that would sweep away the data policies of individual countries. "We have a patchwork of laws around the world that is increasingly creating a very confusing quagmire for information providers," MS …
For once I'm in complete agreement with MS - never thought I'd see the day!
Whilst sounding like a pipe-dream, a unified policy regarding ~anything~ let alone something as complex, fiddly, and politically sensitive as data retention can only be a good thing. Call me a dreamer, but the sooner all nations around the world start agreeing on single policies, the sooner petty disputes can be ironed out.
I don't blame them at all for trying this, and good luck to them! They'll need it cos I can't see it happening especially with the likes of China, Vietnam and the UK with their "different" takes on privacy ;)
Picture the scene; a large Government committee room, with a Government official (Minister, MP, Congressman, Councillor, whatever) looming over some poor "civilian" who wants to prove that (his local political candidate has broken election promises/Big Business offered him internet speeds of 20MB and are only delivering 4MB on a *very* good day/his bank has left his Username and Password with all his other account details in a skip behind his local branch - delete as appropriate)..:
"We get everything you ever transmit over any sort of electronic communication system - telephone, video or written word - and can use it any way we see fit. If you want to use it for anything, you can't have it. It may be your data, but we have to protect it from somebody, and that somebody may as well be you!"
Whatever else they do or say, you can be sure that the rights of the individual will be much less than the rights of Government and Big Business...
Umm, aren't those the same people that (a) break every conceivable agreement and (b) don't have that hot a track record on security and confidentiality? Hell, some even have come up with fancy names like ECHELON and CARNIVORE - sure, you really must go out of your way to make their life easier..
Global trade is perfectly oke and should be encouraged and made less complicated wherever, but that's not at stake here.
Any agreement on things like this, are wrong. For one they can lead to problems like "who watches the watchers". The best people can do is set an example and hope others will follow.
In practice, a single line in an EULA would do the trick: "this software/service/product uses this and that type of data protection or retention. If you don't agree or are bound by local law not to agree, don't use the software/service/product." If you still use it, it's your choice and your problem. Not the companies.
I believe people should be free and can therefore be held responsible for their own actions. No one else needs to make does decisions for them.
What happens today, when a RIPA request is served on Microsoft UK by a UK Rozzer for a Hotmail account of a USA citizen?
Do they hand the email data over?
I've seen from time to time companies challenge demands to violate their customers privacy (e.g. Belgium vs Yahoo), but I don't ever recall seeing one from Hotmail.
http://www.techcrunch.com/2009/03/02/yahoo-fined-by-belgian-court-for-refusing-to-give-up-e-mail-account-info/
Note that Yahoo probably only put up a fight because it was caught handing email for a Chinese dissident to China.
UK citizens should not use email from a country that has a UK presence, because that will come under RIPA warrant free data grabs. Chinese citizens should avoid ISPs with a Chinese presence, Iranians should avoid ISPs with an Iranian presence etc.
All very nice and all, to have world-wide policies. But then comes the real question, which the article already alludes to: *whose* idea will be implemented? The highest bidder's idea? Or will it be by consensus? We all know how well that works in the UN, eh? With first class participants having veto power. If this will be the same, we get nowhere, and fast.
No, it's never a good thing, not in the new normal anyway.
When convicted monopolists and international megopolies say unified they mean something different. A unified policy would allow M$ to ship even more jobs to sunny Vietnam or China.
It would also be naive to expect a policy like this to "open" places like China.
The Chinese would just agree to it to get concessions and then do what the CCP wanted anyway.
You need only look at the media policy during the Olympics for proof.
I'll happily syncronise data protection laws with the USA when i can go to my local magistrates court and get a warrant issued for the arrest and extradition of a CEO of a USA company for violating my reasonable expectactions of privacy.
...oh, and for that warrant to be executed in full...
Wow ...has Monsanto been around that long, you'd think with all that advanced technology for gene splicing etc. 9000 years ago, that those American indians would have been able to evict those european invaders in wooden boats. They could have just poisoned their crops with Glyphosate.
Selective breeding does not equal Genetically Modified Organism.
The proposers of this idea have only one interest - a commercial one. They don't laws because it costs them money to protect peoples' privacy, and prevents them from monetising the private data they've already gathered. Never mind that these laws exist to protect consumers from rapacious companies and fraudulent use of sensitive information.
Forget record labels - it's largely about the cloud. Currently many corporates and govt agencies are not able to comply with the law of their land and use cloud-based (read: US-owned) services at the same time. (Many still do it but that's a whole different problem...)
For example: Privacy laws demand the protection of the privacy of customers (and their data) on the one hand, yet the Patriot Act allows unfettered access by US law enforcement agencies on the other. There are many other ways under US law that personal data must be handed over, and there are other data protection, data ownership and data governance "law" that can't be adhered to once your data leaves your legal jurisdiction.
Until that "issue" is cleared away, it presents a barrier to the excellent idea of countries pouring money into the US for things cloudy.
@GM Fanboy (AC 18:44) GMO corn, as you well know, is somewhat different to hybrid varieties that american indians came up with. They weren't manipulating individual genes to ensure that they could be weedsprayed but survive, or guaranteed sterility. So less of that shit please, and get back to your job at Monsanto.
We do have some precedence here. UN. When has USA ever listened to UN?
USA will go along with, and promote, international cooperation until it gets told to do something. The US will then give the world a one-finger salute.
But the whole idea is bullocks anyway. Running, or using, a regional server, for email to comply with some local law is hardly a significant cost in running a regional office.
There is a detectable difference between selective breeding (Corn, Wheat, carrots, potatoes, pigs, hens and the like) as practiced since the beginning of agriculture and modern methods of GMO (like adding fish genes to flowers or whatever) Call me a luddite but I prefer the first type for my food - proven to be a bit more stable.
On subject however, IMO it is a very bad idea to let Major corps determine data security policies for today that may not fit the data environment of tomorrow. Just 'cos it helps "efficiency" doesn't mean it's a good idea. Companies/Governments don't willingly hold back developments that affect their business or market share, do they?
"If that's the case, it's very difficult to locate a data center in one country and provide that service to consumers in another country."
You mean, you might have to obey the laws of the countries where you operate? And if you split your operation across two countries (provision and selling) you have to obey BOTH? That's APPALLING!
Humanity calling Business: If that hurts for you, don't do that then. No-one is forcing you to stay in business. On the other hand, quite a lot of people are prepared to force you to obey the laws of the country that they live in. In *most* cases, the local population's ancestors will have shed blood to gain and retain their independence and are less than impressed with some besuited dickhead whining about inefficiency. (Sheesh, I'd have thought an American would know this. Don't they teach them about 1776 anymore? If not, can we have our colony back?)
Err..."Twat off" covers it I think.
The USA is one of the most protectionist and anti-free trade countries in the world (yes, you read that right). The USA expects the world to bend over and take it from them, but they refuse to do likewise (the UK's totally one-sided extradition treaty anyone?).
So, quite frankly, either they agree 100% to reciprocate equally in all matters (which means agreeing to extradition of their citizens without a hearing or proof of evidence to a trail in a foreign power, for example); or they can ram it up their fundament.
As for MS...I don't want them having my personal data. Hell, I get twitchy about the amount of crap my own government holds about me. And as for websites...most believe I live in Afghanistan because, quite frankly, they do not need to know where I live (and if they can't work it out from the IP addy, they're a bunch of retards) nor do they need to know anything else about me usually.
This is really not a new issue: international airlines, ships etc have had this for centuries and have a nice simple solution: you register your aicraft/ship/company in a country and are subject to those laws. Fly from Heathrow to Chicago on an American Airlines plane, it's under US law because it's a US aircraft: you'll need to be 21 to get alcohol on board, not 18. Same route with BA, it's 18 because it's a UK plane. The really bad countries get blacklisted, so aircraft registered there can't operate here (parts of Africa with really dodgy safety inspection records, for example).
Apply the same here: The Reg is a UK website and company, so it should be subject to UK law, even if I happen to be viewing it while on holiday in Chile or China. Hotmail would be US registered, so if the UK plod wanted to snoop around my Hotmail Inbox, they should have to get a US warrant for it (or a UK court order ordering me to turn it over, since I'm in the UK).
The alternative is just silly: is my personal website, on a server in California, subject to Vietnamese laws if someone in Vietnam views it? The bits of software I have for download are in English not in French, which would violate the laws in Quebec - I'm not in Quebec, my server isn't either, but the software might be used there: do I have to comply with their laws just in case someone wants to use it there? Of course not.
A bit of info for the trolls:
http://en.wikipedia.org/wiki/Colchicine#Botanical_use
http://en.wikipedia.org/wiki/Mutagen
http://en.wikipedia.org/wiki/Ionizing_radiation#Biological_effects
Selective breeding my ass... We've been firing Seriously Bad Stuff at innocent plant DNA with all the precision of a musket volley for well nigh a century to get the cereals we have today. But it's OH SO EVIL that Monsanto has introduced a pinpoint change with great precision and foreknowledge of the consequences. Deary, deary me...
http://imgs.xkcd.com/store/imgs/science_square_0.png
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
