

US slams Australia’s on-shore cloud fixation - mindstab
http://delimiter.com.au/2012/04/13/us-slams-australias-on-shore-cloud-fixation/

======
mindstab
With all the US laws about seizing data and the warnings from industry, what
did they expect?

The government of Canada cannot legally use US cloud services either without
violating their privacy laws. It is only prudent.

Industry warned them and they went ahead and enacted those laws. Now they
whine about the predictable results?

~~~
thyrsus
Why would they not want free backups at the NSA? Pay nothing, file a FOIA
request for a restore, then wait 50 years.

Real men don't use backups, they post their stuff on a public ftp server and
let the rest of the world make copies. - Linus Torvalds

~~~
gwern
Since when have FOIA requests to the NSA ever produced anything interesting
within 50 years?

~~~
dantheman
Here you go:
[http://courses.csail.mit.edu/6.857/2012/files/H03-Cryptosyst...](http://courses.csail.mit.edu/6.857/2012/files/H03-Cryptosystem-
proposed-by-Nash.pdf)

~~~
gwern
I am well aware of that, having created a transcript (
<http://www.gwern.net/docs/1955-nash> ) of it. A cryptosystem that the NSA
rejected because it was too easily broken is obviously not in the same
category of information as what I was responding to.

------
rhplus
I would guess that the _primary_ reason Australian organizations prefer
hosting locally is performance. Australia is really far from the US and even
further from Europe. Most of Australia's population is clustered in east
coastal cities, so it makes sense to host the data and services there too.

Why would anyone choose to add 200ms+ to every network call if there's an
option to host data and services locally? Not to mention the bandwidth costs
associated with moving bits across the Pacific.

~~~
masklinn
Even without the latency (which is significant), there are two more technical
issues:

1\. Australia has pretty limited data pipes to the outside, so the more
traffic is kept in-country the cheaper it is and the less likely there will be
issues with world-traveling traffic

2\. Aus ISPs have pretty low quotas for international traffic (40-200GB range
I believe) but none for national traffic[0], which also lead those same ISPs
to build or help building massive national caches of international resources
(I believe Steam download traffic, for instance, is kept mostly or solely
national)

[0] I may be wrong, and please correct me if I am. That's what I recall from
past conversations on the subject

~~~
sanswork
I never had any different caps for international vs local data traffic.

~~~
toast76
Many of the smaller ISPs (of which there are now not many) and some of the
larger ISPs have peering agreements (with PIPE networks) which mean that this
traffic is effectively "free". It used to be quite the selling point, but
appears to be no longer be the case (possibly because it's a bit iffy as to
what is and isn't free).

------
cryptolect
Hilarious. I think the Australian government is quite right in advocating
against using US hosting where government or personal data privacy is a key
requirement. If the cloud providers want the business so much, build some
local infrastructure.

This hesitance to use US infrastructure due to US legislation such as the
Patriot Act is only going to grow. This is an opportunity for cloud providers
in regions with a good mix of infrastructure and data protection policies.

~~~
andrewfelix
> _"the Australian government is quite right in advocating against using US
> hosting"_

It's not the Australian government, it's only the Victoria Privacy
Commissioner. The article is a beat up.

~~~
Maxious
It is the Australian government:

"Agencies should note it may also be possible for foreign governments to
access information held in their jurisdiction or to access information held in
Australia by any company with a presence in their jurisdiction.

For instance, the USA PATRIOT Act 2001 contains provisions allowing the US
Government to access information in specified circumstances, (i.e. cases
involving suspected terrorism or threats to national security) irrespective of
the geographical location and, without necessarily advising the agency."

[http://agimo.govspace.gov.au/files/2012/02/Cloud-Privacy-
Bet...](http://agimo.govspace.gov.au/files/2012/02/Cloud-Privacy-Better-
Practice-Guide-FINAL.pdf)

Note also the second part of the first sentence - I have been told explicitly
that we will never be allowed to use Amazon AWS for private information
(public websites like data.gov.au already use AWS but have no private areas)
even if there were physical datacenters in Australia because their US staff
could be coerced under the Patriot Act to access that information and in that
case would be ordered to circumvent any logging/audit trails to do so.

~~~
andrewfelix
Yes your quite right. _eats a slice of humble pie_. I missed the mention of
AGIMO.

The article is still a beat up. The US government doesn't 'slam' anybody.

------
px1999
I've worked in Canberra (Aust. government) IT circles, and this comes as
absolutely no surprise - you could probably count the number of federal
government departments that store their data (even public data) on any public
cloud provider on one hand.

Yeah, there are a bunch of non-security reasons for this (latency, bandwidth
costs, variable service costs), but in my experience it's always come down to
security; and with what happened to Megaupload, the potential widespread
(mis)use of National Security Letters / FISA Surveillance, and the general
lacking of concrete privacy / security / SLA guarantees from the providers, it
really doesn't surprise me that they're saying that putting your data overseas
isn't a great idea.

There's no reason that US-based companies can't host infrastructure in
Australia and certify that it's compliant with the DSD's ISM (which is part of
where all of this is coming from), which itself says that it doesn't preclude
the use of foreign owned service operators, but that they should ensure that
information is hosted in and doesn't leave Australian borders. Which, in the
context of what's above, makes 100% sense.

~~~
DrStalker
All the government departments I've worked with that made use of cloud
infrastructure had agreements with the providers to have there own dedicated
servers, giving then a private cloud to work with.

------
coopdog
A lot of people are saying this is due to latency, but it's really not.

Is it any surprise that any country wouldn't want their data stored on US
servers? Canada does the same. The USA just wants to eat it's cake and have it
too.

That being said, the Australian Government (particularly Department of
Defence) also doesn't allow government data on any cloud server, even those
hosted inside Australia. These US cloud providers are just trying to drum up
business by claiming a bias to loosen regulations, but there is no bias, just
good old security policy. Tight security policy, true, but it's their data and
they can direct their own employees how they want it handled.

Eventually though the walls will come down unless the functionality offered by
the cloud can be duplicated on government servers, but I do think more needs
to be done for security guarantees in the cloud to mature first. I have no
qualms putting my own data on some 2 week old startups servers, but more
serious info probably needs a little bit more consideration about where it can
go.

~~~
DrStalker
Some hosting decision are latency/throughput based; when working on hosting
full HD streaming video we couldn't get a reliable stream from anywhere
outside Australia (for Australian viewers)

This video content was all publicly accessible, so there was no risk of it
being seized.

------
andrewfelix
I've read the _'2012 National Trade Estimate Report on Foreign Trade
Barriers'_. And trust me it is not the juicy salacious slamming of Australia
that this article makes it out to be.

Read it for yourself, it's very tame:
<http://www.ustr.gov/sites/default/files/Australia_0.pdf>

For those who don't want to read the article there is essentially one
Victorian(Australia State) dept. that is "sending negative messages about
cloud computing services to potential Australian customers in both the public
and private sectors"

And that's pretty much it. The article is a beat up.

------
Joakal
'Microsoft’s UK head admitted today that no cloud data is safe from the
Patriot Act — and Microsoft will hand it over to U.S. authorities.' (2011):
[https://www.zdnet.com/blog/igeneration/microsoft-admits-
patr...](https://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-
can-access-eu-based-cloud-data/11225)

------
chris_wot
What, does the US Government host their critical and private data offshore?
I'd be very surprised if they did!

~~~
masklinn
The US practicing what they preach? Hah.

------
frankydp
This was an attempt, by the US, to frame the discussion with a "no your a dumb
head" argument. This statement will and has backfired both on the technical
side and the political side. First argument being that, as stated by others,
it is primarily a technical decision for hosting not a political/privacy
decision. Secondly, fear is justified if you observe the exact feared outcome
occurring, which we have in the last year.

------
Duff
It is pretty funny that they do this, as most US government jurisdictions
mandate that you store many types of data within the continental US. Even poor
Alaska doesn't get a break!

------
TomatoTomato
Didn't the US just sieze a bunch of foreign owned data from MegaUpload?
Carpathia Hosting leased over a 1000 servers in the US and Canada to
MegaUpload. There's no reason why they couldn't have seized a Rackspace server
or an Amazon EC2/S3 server had they used that instead. If the government wants
your data, if it's within their borders, they will get it.

------
idspispopd
It's a recognised business standard to not store data outside the realm of
control. It protects trade secrets, intellectual property and upcoming
business plans.

Hiring a 3rd party cloud provider fits under this policy, in the same way that
companies don't need to set up their own ISP for transmitting data securely.

However if the government where the 3rd party is located can arbitrarily
request access to the data. (Such as your Google Docs) then the policy
prevents the company from using that service. This is a consequence of the
US's own wiretapping laws and there will be no international change just
because of a bit of "bad press".

------
shalmanese
Also, once every few years, a cable gets cut and all international traffic
slows to a crawl as every other cable becomes saturated. If you're doing
something mission critical, it's nice not to have to worry about that
contingency.

------
lr
Pot, meet kettle.

------
hastur
The US Trade Representative is infamous, among other things, for leading the
way on ACTA.

If he says something, you can safely assume the exact opposite is right.

------
loverobots
And Australia slams [insert countries] for not buying Australian goods.

If most of the traffic is from Australia, it makes sense to keep it within
Australia. Then we have what others have mentions: Patriot Act and the likes.

~~~
octotoad
> And Australia slams [insert countries] for not buying Australian goods.

And then encourages people to buy products and services that are Australian
made.

"Ok, so...I should purchase products and services from local businesses to
support our own industries, but...other countries should do the opposite and
buy stuff from us? Riiight..."

------
JulianMorrison
Scumbag US government.

Gets caught with hand in cookie jar.

Demands cookies remain in jar.

