Comment by timeon
4 hours ago
Who? You can use Hetzner and OVH proper instead of US subsidiaries. Using AWS/Azure/GC in Europe these days is pretty risky for more than one reason.
4 hours ago
Who? You can use Hetzner and OVH proper instead of US subsidiaries. Using AWS/Azure/GC in Europe these days is pretty risky for more than one reason.
I think we'll see a lot of companies moving away from public cloud providers in the future, but I don't think it'll be because of any privacy-related concerns.
It rarely makes economic sense to deploy workloads onto the public cloud unless you have critical uptime requirements or need massive elasticity.
FISA and the Stored Communications Act as modified by the CLOUD Act don't distinguish between (i) parent company overseas + US subsidiary and (ii) parent company in US + foreign subsidiary. In both instances the US asserts personal jurisdiction, extending to wherever the data is stored geographically.
The US has no authority whatsoever over a foreign parent company. The US subsidiary also has no access to "foreign" data.
The US by and large can (and does) assert authority outside of its jurisdiction, from which another country can choose to capitulate.
Most of the time countries do, because they are all swapping data on their citizens between themselves to skirt various laws.
In the case where the US really wants something, and the country won't yield, they'll fund contras or destabilize the government (if small enough to be bullied) or impose sanctions so drastic it's effectively a soft act of war.
This is all to say that, the US has nearly unlimited authority while it stands as the world's defacto superpower.
4 replies →