Comment by josephh
6 hours ago
But then who can? No global cloud providers, including Hetzner and OVH, are free from CLOUD act because they have US presence[1].
6 hours ago
But then who can? No global cloud providers, including Hetzner and OVH, are free from CLOUD act because they have US presence[1].
OVHCloud US is a different company from the rest of the world.
https://blog.ovhcloud.com/cloud-data-act/
The separation is even in the URLs, all the locales are using paths, except the US, which lives under us.ovhcloud.com. All locales use a customer console hosted at ovh.com, except the US, which has it under us.ovhcloud.com.
You can't just spin up an LLC and call it a separate company. OVHCloud is still OVHCloud US' subsidiary company.
From the FAQ page I linked:
> In accordance with our Privacy Policy, OVHcloud will comply with lawful requests from public authorities. Under the CLOUD Act, that could include data stored outside of the United States. OVHcloud will consider the availability of legal mechanisms to quash or modify requests as permitted by the CLOUD Act.
> OVHCloud is still OVHCloud US' subsidiary company.
It’s the other way around.
> From the FAQ page I linked:
Which is for the US company.
>You can't just spin up an LLC and call it a separate company.
You can actually. Becton Dickson did it and shafted loads of their employees by saying they no longer have pensions with them.
https://www.alibabacloud.com/en?_p_lc=1
Exoscale is a European cloud provider with no exposure to the CLOUD Act.
(I work there.)
Who? You can use Hetzner and OVH proper instead of US subsidiaries. Using AWS/Azure/GC in Europe these days is pretty risky for more than one reason.
I think we'll see a lot of companies moving away from public cloud providers in the future, but I don't think it'll be because of any privacy-related concerns.
It rarely makes economic sense to deploy workloads onto the public cloud unless you have critical uptime requirements or need massive elasticity.
FISA and the Stored Communications Act as modified by the CLOUD Act don't distinguish between (i) parent company overseas + US subsidiary and (ii) parent company in US + foreign subsidiary. In both instances the US asserts personal jurisdiction, extending to wherever the data is stored geographically.
The US has no authority whatsoever over a foreign parent company. The US subsidiary also has no access to "foreign" data.
5 replies →
Possibly only their US subsidiaries though?
I'm guessing: Russia?
[dead]