

EU Parliament adopts resolution to set standards for cloud interoperability - cpsaltis
http://blog.mist.io/post/70473372408/eu-parliament-adopts-resolution-to-set-standards-for

======
DanI-S
I've been hoping for years that the EU will eventually mandate that a service
must be obliged to delete on request - irretrievably, not by merely flagging
it as "deleted" \- any data held about a given individual.

To me, this is a natural part of the concept of privacy. I can have momentary
privacy: the assurance that nobody is _currently_ watching through my window,
listening to my phone calls, or reading my emails as I send them. But there's
no assurance of future privacy if we don't have the right to destroy our old
data, wherever it may be held.

When people provide an entity with information, they're doing so under the
framework provided by current legislation regarding privacy and freedom of
information. If these rules are subject to change - through new anti-terror
legislation, for example - their information may become accessible in ways
that they did not expect when it was originally provided.

I don't think it's possible to maintain any real sense of privacy while this
remains the case. How can your data be considered private when it can be
opened up for inspection at a later date, under a different regime? There's
currently no way to participate in a connected economy without giving away
your future right to privacy.

Edit: and the reason I've been hoping the EU will do this is that,
realistically, nobody else will.

~~~
M2Ys4U
There's been talk for a while now about a "right to be forgotten" which is
along these lines, but it has a terrible name.

------
sailfast
Is the EU parliament really the body we want setting standards for
interoperability? Things like this typically result in unintentional
externalities that cost providers money and impose compliance burdens that are
quickly out of date.

I appreciate the sentiment regarding security and interoperability, and they
might be able to declare their intention to procure only systems that meet X
standards, but I hope they refrain from broader impositions on commercial
users and cloud providers.

NSA articles aside, I see businesses fleeing regulatory burdens faster than
the possibility of surveillance.

~~~
tincholio
You probably misread, it will be the ETSI setting the standard, not the
European parliament.

------
rainmaking
Oh goodie goo, another mandatory standard by the people who brought us the
EBICS bank standard, which is a freakishly complex reinvention of SFTP.

With EBICS, you transmit a bank command file by encrypting, encoding and
wrapping it as CDATA into an XML file and then _repeating the process_. You
have to use different kinds of wrapper files with different kinds of
intricacies for each type of file you might upload to your bank.

The whole specification is 200 pages, and all it does is transfer files.

~~~
tokenizer
I dont reallt care if facebook tracks me through iframes or if google tracks
me through analytics.

I volunteered to go to a website, that volunteered to use that service. I can
choose not to visit the source sites or the associate ones.

The problem I see with all of this "the governments - or - some government -
or - the UN - needs to protect our privacy!!!"

Against whom? Facebook? Google?

How about GOVERNMENTS. If you ask me, any sort of nefarious behaviour commited
by web companies are most likely the product of a larger, coercive form of
behaviour starting from the government.

~~~
icebraining
_I volunteered to go to a website, that volunteered to use that service. I can
choose not to visit the source sites or the associate ones._

How do you know those sites have those trackers before visiting them? The only
way to "opt-out" of the sites with such trackers is to stop using the web
entirely.

 _Against whom? Facebook? Google?

How about GOVERNMENTS._

Actually, yes. In the (European) country I live in, public organizations have
been prevented from invading privacy (e.g. setting CCTV cameras) by our
national data protection commission.

 _If you ask me, any sort of nefarious behaviour commited by web companies are
most likely the product of a larger, coercive form of behaviour starting from
the government._

How is web analytics and personal data mining a product of State spying? And
even if it is, how is it justifiable on that basis?

~~~
tokenizer
> How do you know those sites have those trackers before visiting them? The
> only way to "opt-out" of the sites with such trackers is to stop using the
> web entirely.

iframes going to facebook, scripts going to google-analytics.com/ga.js, etc
mixed with knowledge about what these elements do (facebook iframe article,
obvious in regards to analytics, etc).

> In the (European) country I live in, public organizations have been
> prevented from invading privacy (e.g. setting CCTV cameras) by our national
> data protection commission.

So public organizations are prevented from data gathering from themselves?
Well that solves that problem. I'm sure if the NSA comes out and says they'll
start enforcing protection against spying that some would even believe them!

> How is web analytics and personal data mining a product of State spying?

I'm not saying it is! I have no problem with facebook or google. I don't use
facebook, and use google only to the extent I am comfortable with. Never have
these companies used this information, some exploitable, to exploit me. They
want me to use their services.

On the inverse, could you explain to me in your own words why this legislation
is necessary?

------
tehwalrus
_Giving cloud hosts the status of Data Controllers_

This is a bold move, and much more significant than some attempt at
standardisation that probably won't work.

It will make it more expensive to hire a VM, probably, and I wonder if there
will indeed be any benefit (given that cloud providers will have to start
vetting and inspecting the source code on the VMs people are running -
potentially taking away all the benefits of programmatic instance deployment.)

------
AlexanderDhoore
"... the standards should enable easy and complete data and service
portability, and a high degree of interoperability between cloud services, in
order to increase rather than limit competitiveness."

Come on HN, let's help the EU. Anyone got any great ideas? Because I don't
even understand the question, much less what the answer would be.

Edit: notice how everyone is just "assuming" what they mean. The problem is
not well defined.

~~~
AndrewDucker
That's kind of how I feel.

How would you ensure service portability between Google App Engine (runs
software, no access to the OS), AWS (Linux VMs) and Azure (Windows VMs)?

~~~
anpalton
They are not seeking to ensure portability between different kinds of services
(and Azure has Linux VMs by the way)

But portability between, AWS, Google Compute, Azure, Rackspace, Softlayer,
Nephoscale, Linode, Digital Ocean, etc would be quite beneficial.

------
spindritf
Oh great, the useless bunch who brought you the cookie law will now take on
cloud interoperability. And UN, another highly effective institution, will
take on spying. I feel safer already.

Does anyone here really believes that any of this is going to make a
measurable, positive difference in a regular Internet user's life? That
somehow more government meddling is a cure for government meddling? Weren't
European spy agencies cooperating with the Americans?

It's yet another power grab of the "no crisis should go to waste" kind.

~~~
herge
They are also the same group that brought us usb charging for all phones (or
at least throw around enough threats like this one for manufactures to start
using usb cords for charging for the more pedant among you).

~~~
sp332
I thought the phone manufacturers were behind that push? Also, how did Apple
get out of that?

~~~
herge
Hah, phone manufacturers, agreeing on a standard instead of gouging people by
selling expensive chargers!

I think that there was a draft EU directive to standardize on mini-usb, but it
was scrapped after manufacturers voluntarily complied. Apple argued that their
usb cable to lightning/doc connecter (which can charge from any usb
charger/port/etc.) was required for analog speaker docs and the like, and the
EU let it pass.

~~~
sp332
Wait, are you saying they voluntarily complied or not?

Anyway I found some info:
[http://www.engadget.com/topics/mobile/2009/02/15/eu-
commissi...](http://www.engadget.com/topics/mobile/2009/02/15/eu-commissioner-
pushing-for-standard-connector-for-all-cellphone/) Looks like the European
Commissioner scared them, then [http://www.engadget.com/2010/12/29/european-
standardization-...](http://www.engadget.com/2010/12/29/european-
standardization-bodies-formalize-micro-usb-cellphone-ch/) the phone
manufacturers agreed to the standard, followed by the CEN-CENELEC and ETSI
officially mandating the standard, followed by (most) phones actually coming
out with micro-USB.

------
herge
How about just starting with standards for downloading one's own data from
cloud operators?

Maybe legislate an easy way to download all my emails from gmail and upload
them to outlook.com. Wouldn't that be very useful?

~~~
garblegarble
Not to be reductive but isn't IMAP the protocol to use for that? Although I
don't fancy the idea of legislating that e-mail providers must use IMAP (and
if I picked a mail provider without it I'm assuming they'd have a compelling
security feature or something...)

~~~
belorn
Some webmail services, notable hotmail, do not offer an IMAP interface. That
service is exclusively a premium option, which is required if you ever want to
transfer your emails away from their service. I actually done such transfer
once, which felt eerily like paying a ransom.

Thankfully, gmail do not keep your emails hostages like that, and users can
transfer their property away into a private servers if they ever get tired of
the constant spying-for-profit.

~~~
garblegarble
My understanding is that Outlook.com (which I think is their rebranding of
hotmail?) supports IMAP at no additional cost starting this year (although
take that with a grain of salt, I'm pretty sure I remember hearing about that
but I don't use the service myself)

------
rsync
We've got your cloud interoperability right here:

    
    
       ssh user@rsync.net s3cmd get s3://rsynctest/mscdex.exe
    
       ssh user@rsync.net s3cmd ls s3://rsynctest
    

Done and done.

Ask about discounts for HN readers.

------
ape4
The good stuff could be interop. The bad stuff would be silly extra
regulations providers have to undergo.

------
pagade
Any idea how long it would take before the first draft is out?

