back to article On its way: A Google-free, NSA-free IT infrastructure for Europe

This really wasn’t in the script. All conquering, “disruptive” Silicon Valley companies were more powerful than any nation state, we were told, and governments and nations would submit to their norms. But now the dam that Max Schrems cracked last week has burst open as European companies seek to nail down local alternatives to …


  1. Dan 55 Silver badge

    Telecos. Oh.

    Given, say, the epic failure of telecos to address the rise of yankee imperialist running OTT services via the GSMA (see Joyn and Firefox OS as examples), I wouldn't get my hopes up just yet about them managing to coordinate IMAP, certificate, and secure DNS services between themselves.

  2. tkioz

    It was only a matter of time, American businesses will scream bloody murder but they only have themselves and their government to blame for ruining their reputation.

    1. kmac499

      I'm sure they will, citing all sorts of anti trust and freedom of speech guff no doubt.

      Maybe we could suggest that they could always host stuff in Europe, but then of course they might have to pay tax in europe on profits created here..

      1. Peter2 Silver badge

        The problem is that even if Microsoft has stuff stored in Europe the US courts can demand that their Ireland Branch produces the data without due process in Europe in violation of international agreements like Safe Harbour. Given that Microsoft has a court order to do precisely this, it's not a hypothetical issue.

        US companies could even be required by the US courts not to disclose having been made subject to an order, which makes it impossible to challenge said order or even monitor for misuse, which means that no agreement an American owned company can make is worth anything.

        1. sysconfig

          "The problem is that even if Microsoft has stuff stored in Europe the US courts can demand that their Ireland Branch produces the data without due process in Europe in violation of international agreements like Safe Harbour. Given that Microsoft has a court order to do precisely this, it's not a hypothetical issue."

          They're still debating/resisting that though, or did I miss any recent news?

          If M$ Ireland are indeed forced to hand over the data to the US slurpsters, then it only goes to show that the US haven't understood the gravity of the situation yet; it would worsen the situation by quite a margin (for US companies trying to do business over here)

          1. a_yank_lurker Silver badge

            I wonder how fast America's Native Criminal Class aka Congress (hat tip Mark Twain) would change the law if say Apple, MS, and few other big buys reorganized themselves as say Irish companies.

          2. Anonymous Coward
            Anonymous Coward

            It is still being fought and it is a fight the US government cannot afford to win since if they do, US businesses (who after all control all of the US legislation that goes through) will loose USD billions.

            Microsoft know that which is why they are fighting it tooth and nail. It has nothing to do with any previous history of data sharing.

        2. John Smith 19 Gold badge

          "US companies could" "be required by the US courts not to disclose"

          Could ?

          Could ?


          Multiple times.

          THE PATRIOT Act trumps pretty much anything.

        3. SImon Hobson Silver badge

          > The problem is that even if Microsoft has stuff stored in Europe the US courts can demand that their Ireland Branch produces the data without due process ...

          And in this case, you need to look a bit deeper.

          AIUI, Microsoft recognised this train crash was coming along - some time in advance. They have structured things so that the datacentre in Ireland is operated by an EU based company and with access restrictions that prevent the US company staff from directly accessing the data. AT least, that's how I've been reading things.

          So regardless fo the outcome of the legal case, Microsoft US cannot hand over the data as they simply can't access it. The bosses there can "instruct" the management over in the EU to hand it over, but of course will get a blunt "no, that would be illegal" response. In effect, the very worst that MS US can do is start firing managers of the EU business unit - but if they try that then they'll quickly find out about "unfair dismissal" laws as well !

          So if MS lose the case, the TLA still don't get the data, but the US makes itself look even more foolish. I suppose it also means that the EU managers refusing to break the law will also have to forego ever setting foot within US jurisdiction for the rest of their lives as well since I guess the same idiot judge would probably file a warrant for contempt of court against them.

          Really, the US government, TLAs, and courts need to find a way to back down on this before it blow up big time in their face.

          It's a very different situation from a US based company directly owning/operating, and having access to a datacentre that just happens to be located in the EU.

          1. Anonymous Coward
            Anonymous Coward

            Yes, +1 for a good analysis.

          2. dan1980

            "Really, the US government, TLAs, and courts need to find a way to back down on this before it blow up big time in their face."

            But The US is awesome. Bowing the EU would would admitting the US is not awesome. And that would be bad. Because they are awesome.

            1. This post has been deleted by its author

    2. Mephistro Silver badge

      Re: Telecos. Oh.

      At least they're trying!

    3. Thought About IT

      With GCHQ acting as a subcontractor of the NSA, won't the Yanks get our data anyway?

      1. Anonymous Coward
        Anonymous Coward


        And Microsoft has been cooperating with the NSA from time immemorial - the other guys just copied them.

        Clever move by Microsoft to suddenly raise a loud objection in a lawsuit as if up till now they had never given NSA anything prior to this. It is truly misleading.

        1. Gordon 10 Silver badge

          Re: Yes

          To be fair to MS its a different agency asking for the data - one without a War On Terror mandate and less sweeping legislation supporting it, and one without a capability to have black bag jobs performed on request.

          If you were a yank (or a yank business) and the spooks rocked up at your door you would most likely comply out of fear, whereas if it were the Plod you'd tell them to f*ck right off and come back with a warrant - which is precisely what MS are doing. (for warrant read follow an existing process).

        2. Anonymous Coward
          Anonymous Coward

          Re: Microsoft has been cooperating

          It was interesting how their antitrust thing just disappeared.

          Then they bought Skype. Which previously had a reputation for being hard to monitor.

          Then they gave Nokia a huge bung to drop Symbian. (An OS not covered by the patriot act.)

          Obviously just a coincidence.

    4. big_D Silver badge

      With Safe Harbor and the current case against Microsoft having to hand over data from a European subsidiary to the US Justice Department, the US Government seems to be doing everything in its power to sabotage the US Internet industry, at least internationally.

    5. Anonymous Coward
      Anonymous Coward

      It was only a matter of time...

      See "The History of the Decline and Fall of the US Empire".

      1. hplasm Silver badge

        Re: It was only a matter of time...

        "See "The History of the Decline and Fall of the US Empire"."

        It peaked in 1969 and has gone downhill since.

    6. James 100

      Re: Telecos. Oh.

      The beauty of the Internet is that we don't need much coordination of that. We have secure DNS facilities, we just need to enable them ourselves. I did on my domains ages ago - TheReg, of course, is a decade behind as usual: no IPv6, no DNSSEC, no SSL:

      IMAP's a bit of a red herring here - it's normally used over SSL anyway, the weakness is actually in the SMTP delivery of mail between systems, where TLS is optional. That's one security facility TheReg *does* actually have enabled ... but only because they outsource their mail to Google.

      If we have decent crypto on each end, the bits in the middle don't actually matter any more. If I email, tapping the backbone or submarine cables will get GCHQ and co nothing but encrypted gibberish - they'd have to rely on something like PRISM to get the mail from inside Google itself to know what the message said.

    7. Anonymous Coward
      Anonymous Coward

      Re: Telecos. Oh.

      I have worked for 15 years for Telcos.

      I just don't think they have the expertise. They have long outsourced almost everything...

      1. Gordon 10 Silver badge

        Re: Telecos. Oh.

        Not to mention that they were totally penetrated by the spooks shortly after the telegraph was invented.

    8. a_yank_lurker Silver badge

      Or shut and demand US law mirrors European privacy law

  3. Anonymous Coward
    Anonymous Coward

    We all seem

    To be missing that GCHQ is just as bad as the NSA when it comes to data hoarding and from the sounds of it the French want in on the game too, and they'll all share your information as required. I've also said for a while that "if you think the US Intelligence services are above using the information they acquire to bolster the nations economic position I have some magic beans I'd like to sell you"

    Isn't there a bigger question around politicians selling their ignorant populations down the river for a "little bit more security"?

    Britain has had a pretty shady history with surveillance and still does~~~

    And as if to hammer home the point

    1. Dadmin
      Paris Hilton

      Re: We all seem

      Very well said. When you read US Empire, don't forget where we learned that from, UK Empire. Sure, we're all friendly to the third-world NOW, but hey look at Putin; he's doing Empire building old school and isn't that a big enough problem yet? I guess not. Look you idiots, Ed Snowden did the right thing to expose what GCHQ/NSA already know, and the US "cloud" industry is fully culpable and capable of handling the fallout from this massive US spying. Unfortunately it's 2015 and I can't begin to tell you how enormously pathetic it is that any first-world country does not already have it's own Internet infrastructure that can be decoupled from the rest of the world. You bitch about spying, just cut off the US/China/USSR/WHOEVERTHEFUCK and do biz elsewhere, like at home, until whatever ill you perceive is rectified. You act like Facebook is the only game in town. Get off that crap and talk to real people in the real world. Facebook is just a colossal waste of time, why does anyone need to be on it? Grow some local flavour and stop trying to treat the Internet as some fucking US-owned freeway. It's TCP/IP, go make some content and stop all this "safe harbour" bullshit. Any company worth it's salt will be able to compete on a global scale, and abiding by local laws, or don't appear on their Internet. No one is forcing you to go to Facebook/Google/MicroSoft/Apple/etc, you made that mistake yourself. Live with it, or work around it. Unless you really are stupid, then keep sending clear text messages and leaving your stupid wifi open and that will ease your passing.

      1. Gordon 10 Silver badge

        Re: We all seem

        Sir - I wish I could award you both an up vote and a down vote for that magnificent rant. Total class.

    2. DanielN

      Re: We all seem

      Indeed. Every country's intelligence services do anything they think they can get away with, and act with greater impunity the farther from home. If I wanted to hide information from the NSA, I'd do it in Arlington, Virginia, right across the river from Washington, D.C.

      Let us not forget about respect for civil liberties either. The only way to be convicted of failing to spy in the U.S. involves bringing the entire affair in front of a grand jury made up of random citizens. Yes, a secret intelligence court can issue a double-hush mega-secret search warrant. But if you tell them whoops, sorry, you simply cannot find the requested information, the path to criminal conviction runs through a grand jury, followed by a second trial jury. It's a constitutional requirement. Spooky McFBI has a hard time getting convictions of brazen spies, let alone honest men who had enough of political games pretending to be national defense.

      If you want to be afraid of secret courts making their own laws, go to the authoritarian and inquisitorial courts of Europe. The judge, or a small panel of judges, decides what to investigate, how to investigate it, and whether to keep public records. Their standard operating procedures would be considered nearly an act of war in the U.S. Even the British courts are viewed with a jaundiced eye by Americans. That's a nice database your employer has, be a shame if a pedophilia ASBO were to happen to you. Do you seriously think companies like VW are honest, loyal white knights come to rescue you from the evil barbarian Americans? They will cheerfully sell you out for pocket change.

      1. tom dial Silver badge

        Re: We all seem

        (re: DanielN)

        I'm not sure I agree fully, but the points are essentially correct. Understated is the fact that although one ultimately must be tried, in open court, and either convicted or not by a jury of ordinary citizens, law enforcement agencies and prosecutors can easily cause a lot of trouble and expense even when the final verdict is "not guilty". In addition to that, prosecutors, by overcharging, often can avoid the messiness of a trial and the risk of a not guilty jury verdict and get the defendant to plead guilty to one of the lesser charges. The fact is, however, that this happens far less often in cases involving national security than on the local level with more ordinary crimes like murder, assault, robbery, theft, fraud, and drug peddling. National security, pedophila, or pornography, the most likely to involve electronic data collection, are quite uncommon.

        Still, I suspect all these are roughly as common as here pretty much anyplace there are police and prosecutors.

  4. SuccessCase

    I doubt European telco's can do particularly well with Cloud services except via what amounts to protectionism via the courts (which in itself, in this case, isn't a bad thing). But even then I suspect they will get nowhere and because we will see is some big effort on the part of the US cloud providers, Amazon, Google, Apple, MS Azure, Salesforce, Rackspace etc to provide secure cloud facilities in Europe who will each establish a European cloud operation subject to European law with the relevant protections the law demands (if they don't already have such or are not working on such already). Just as they have done, but for different reasons, in China. And that will be a good thing.

    On a separate note here, logically, it should be perfectly possible for a datacenter/cloud service to meet European law from anywhere in the world. The law shouldn't limit the delivery of service to a particular geography. There is, of course, the very real practical issue of verification and trust (how do you verify the NSA haven't obtained access) but that shouldn't be insurmountable. If protectionist practice is bad, logically there should be no geographic requirement.

    1. <shakes head>

      patriot act

      sorry but that does not work, as the patriot act is in effect on every US corp, they have to breach EU data laws if asked to. therefore any US corp cannot guarantee the required levels of security and privacy. they could have a separate EU company that they own all the shares of that has servers in the EU and that would work, but they would never be allowed to export that data back to the mothership.

      1. Peter 39

        Re: patriot act

        I don't think that would be sufficient. After all, isn't that exactly the situation with Microsoft? There's a separate EU company (HQ in Ireland, I would guess) and it's wholly owned by Microsoft. Yet the U.S. is trying to force disclosure of the data in the EU datacentre.

        I think that the EU company would have to be fully independent for the separation to work.

        1. Anonymous Coward
          Anonymous Coward

          Re: patriot act

          "trying" - not succeeding. See the other comments. This is all posturing and a battle that the US cannot afford to win. The real battle is over the currently negotiating EU/US trade agreement.

          If Microsoft loose the "battle", they will immediately loose billions of dollars of EU and other territory revenue. Many EU governments for example have heavily invested in Office 365 and Azure. This would have to be canned if the US were to force the issue.

          MS have also hedged their bets by restructuring world-wide so that they can spin off segments in a hurry if absolutely necessary.

      2. Anonymous Coward
        Anonymous Coward

        Re: patriot act

        It is nowhere near that simple. And as stated above, Microsoft in particular have already restructured themselves in different territories to prepare for such an issue. However, as previously stated, the US government cannot afford to win such a battle. It is all posturing. The main battle is that of the current EU/US trade negotiations.

    2. big_D Silver badge

      Deutsche Telekom has a large number of data centers and provides a wide variety of cloud services and cloud computing.

      There are also some large independent cloud providers in Europe as well.

      1. Anonymous Coward
        Anonymous Coward

        Deutsche Telekom's hosting isn't exactly cheap though. :(

  5. Madeye


    If we take at face value that European versions of existing US based services will need to be created to address the European market, where does this leave the matter of patents? Some services are only realistitcally created in certain ways. If a US company holds the patent on this method, how can a European company create a similar service? Does this require a re-evaluation of the patent issue or do we accept that such a service will not be available in Europe?

    1. big_D Silver badge

      Re: Patents?

      As it is mostly software, no problems, you can't patent software...

      Or the cloud companies could start selling their technology to European companies to run independent cloud services in Europe, with a no competition clause for US territories.

    2. Laura Kerr

      Re: Patents?

      A fair point, but I'd guess that if it's considered sufficiently important, the European response to the lawsuit will be that given in Arkell v Pressdram.

      1. Justin Clift

        Re: Patents?

        Yeah, the Arkell v Pressdram response would be appropriate. :)

    3. Gordon 10 Silver badge

      Re: Patents?

      Its worth noting that the European position on software patents whilst fubar is several orders of magnitude less fubar'd than that stinking mess in America. Therefore most of them wouldn't apply as the concepts they cover simply aren't patentable in Europe.

      The Epo states that they don't issue software patents full stop but there a few things they have allowed that are yellow, waddle and quack.

  6. phil dude
    Paris Hilton


    I don't trust the European goverments to be any better than the US - especially when there isn't even a constitution to argue about.

    The reality is those in "power" (might be government, could be your local mobsters) will always want to be able to control the flow of information, and to know "what are the private thoughts of the troublemakers".

    Not sure if I have an opinion on this, other than use PGP/OTR etc.. where I can.

    I just wish I had a one-time CC number, so I did not have to share that!!!

    See Icon - we are all f*cked.


  7. J J Carter Silver badge

    Usual suspects, I see

    What a lot of fuss over nothing by lefties! Must have something to hide!

  8. Tom Chiverton 1


    "Carrier grade intermediaries will host the private key,"

    All together now... man in the middle.

    Is there some issue with running SMTP and IMAP over TLS ? It's not exactly hard...

    1. Anonymous Coward
      Anonymous Coward

      Re: Umm

      > Is there some issue with running SMTP and IMAP over TLS ? It's not exactly hard...

      Yes. That encrypts the payload during transit, not while it's sitting on the server, waiting for a bored and unprofessional sysadmin to vi your emails, or worse.

    2. Anonymous Coward
      Anonymous Coward

      Re: Umm

      Who's your certificate signed by?

  9. Anonymous Coward
    Anonymous Coward

    Wishful thinking

    With cloud ransom-ware, privacy as a token phase and undermining of property rights all as the current standard of software sales it's about time we had something to shake things up.

    I hope that more competitors will mean greater end user choice.

  10. This post has been deleted by its author

  11. The HLM

    Good news for European startups

    It is about time european startup's get more exposure and operate within a secure european framework.

    There is a reason I only trust my most confidential data to a company based in Europe and not in the US.... Not that it contains anything of interest for them, but it is my privaye data and I like to keep it that way. I can access it anywhere as the complete communication is encrypted.

  12. Anonymous Coward
    Anonymous Coward

    Well, this is a half measure. It'll get Europe off of Gmail if it works well enough, but if it does, it'll be a huge target. The security/encryption gaps WILL be exploited.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019