We have entered a brave new era - the era of performative hyperscaling!

This won't stop the US government from using the US CLOUD act to demand anything that it wants, for any reason. It cannot stop that.

But it can make it look like they're doing something about it.

Not anything effective, of course. The only effective change would be to move Amazon as a company to another country, so that they are free from the obligations of US law.

Still, as they say: "We must do something! This is something. Therefore we must do it."

It truly is a brave new world... (Same as the old world.)

Anyone who stores sensitive data in any cloud without locally encrypting it first so only the encrypted version is in the cloud deserves to have their data pilfered.

Storing is one thing, processing is another. Are companies using somebody else's computer solely for storage or are they doing processing there? If they are it has to be decrypted and, even if that's done on the fly, the key needs to be available. If the key is passed to the AWS site it can, if AWS are compelled to do so, be tapped off to enable them to decrypt the data.

Why would anyone process private data on someone else's computer and expect it to stay private?

"Why would anyone process private data on someone else's computer and expect it to stay private?"

You can ask the many, many companies, such as the Tea app, that question.

Because the people taking (and forcing) the decision do not tend to be the ones with sufficient knowledge and insight to make them.

It's a fact that most tech companies have been using literally for decades to build their monopolies and then work the more sane and usable solutions out of the door.

You've not been doing this very long, have you?

Just like using Gmail for email?

That's also the quiet part that US services like Akamai en Cloudflare don't like mentoning - they need web data unencrypted as there's otherwise no way for their services to even work so they have the ability to stick their nose in everything that passes.

In general , as soon as the potential exists, it WILL be used. It's not quite the largest intercept potential in the world but given the totality of US law (augmented by the fact that the Orange one and friends have subverted any control out of existence) it is likely to be used. If not actively, then certainly on standby.

There's no trusting any US operation. Not because they're neccessarily willingly collaborating, but because it's very easy to force them to without any remaining legal recourse for company and/or victims.

Perhaps Amazon will also put on French mime artists outside the data centre impressing passing tourists and stopping fishing expeditions from US law enforcement in its tracks.

Surely all of Amazon's mime artists are busy manning the phones on their customer service desk?

That explains their chat services :).

"The only effective change would be to move Amazon as a company to another country, so that they are free from the obligations of US law."

Doesn't help. If any part of your org does business in the USA or you have any kind of presence there - or have done in the past, the US government claims jurisdiction

Their tentacles are more tenacious than Rolf Harris in a BBC elevator

This already exists in China. It is run by a local Chinese company and lacks connectivity to the global AWS management network. A CLOUD Act demand is impossible under these circumstances since AWS since lacks the necessary access. Creating partitions in AWS is well understood, it's the legal structure that can be difficult but as China proved it can be done.

Well findout how seperate it all is the next time a problem in East US region takes down 50% of the internet.

If the Government orders Amazon to switch it off when it invades Greenland, what happens?

The EU and UK need to be self-hosting at this point. Noi excuses,

These American cloud companies are Trojan horses. There are no sufficient safeguards other than to kick them out of Europe completely.

Or when he invades Canada, and there are consequencies under the Trading with the Enemy Act 1939?

S 2(1)(a) defines the "enemy" as "any State, or Sovereign of a State, at war with His Majesty". King Charles is King of Canada, so if they are at war with Canada, then my reading of the Act is that they are at war with King Charles.

https://www.legislation.gov.uk/ukpga/Geo6/2-3/89

Sorry for the title, but that's about it. The physical location of servers is not really relevant to data "sovereignty".

Is there at least one person who lives in the USA and has (or can easily get) admin credentials for this so-called Euro cloud? Yes? Then it's not secure. It really is that simple.

As I've said before:

"Can you be compelled, either with or without a court order, to provide data held on your systems to a non-EU government or representative thereof"

If the answer is anything other than a categorical "No", then there is no sovereignty - like Microsoft before them, Amazon can't answer "No" to this question so any changes they are making are utterly irrelevant.

As if that matters. Their answer will completely depend upon "will my answer cost me money?" If saying yes will cost them income and saying no will increase income, then they will look you in the eye and say no. When it later comes out that lies were told, that's tomorrow's problem.

Yeah right, they can make as much of a song and dance about this as they want but the fact is the parent company is in the US, they are subject to US laws and they would have to provide data/access if compelled to by the US no matter how many subsidiaries they put in between them and their customer's systems.

The devil is in the detail.

"Subsidiaries" may be a loose translation from German or possibly German law puts subsidiaries further at arm's length that we might understand in the UK and, I suppose, the US. What I've said a number of times is that a franchise arrangement could fit the bill. The franchisee would have to be a locally constituted, owned and staffed company with the sort of arm's length arrangements described in TFA with no US citizens or AWS employees with hands on access, no strings on the use of the rented IP except at the termination date of the the franchise and no dependence on Amazon's infrastructure. It would be doable but a very thorough examination of all the legal and technical aspects would be needed before it could be trusted.

Agree in principle.

I'm assuming that franchise laws vary country to country. Knowing lawyers love for loopholes, would it not be cleaner to have a per country/zone organisation that is exclusively licensed to "do the job", and which is an entirely separate entity [to ] - thereby avoiding any franchise legal loopholes leading "back to mother". So, exactly the same effects granted to a franchisee without the binding framework.

If either model would work, it'd then just be a case of trusting there are no backdoors - accidents do happen!

And more importantly, who owns the franchise? It would need to be someone like OVH or Hetzner that are not American-owned. And at that point, you may as well go to them directly.

"I've said a number of times is that a franchise arrangement could fit the bill"

Nope. The USA will find a path to smash that wall or alter their laws to simply make it so

Simply ask yourself if you would base your usage on a Russian or Chinese supplier offering the same guarantees

It appears even the Chinese option is now the less odious one. Well done, Trump..

Wrong, bucko. That's just the "orange man bad" thinking of a limited mind. If you were fine with Biden having access to your information but not Trump, you're a fool and my statement is apolitical. You should not be fine with any foreign nations having access, regardless of who is running their show. I've said for years, regardless of who controls Washington, that a secure Europe MUST include home-grown compute.

But, given a choice between the US and China having access, China wishes to become the world's dominant power with all nations working towards the greater glory of the Han Chinese. The US is already the dominant world power, and doesn't want England to drag the US into another world war because of what that Hun Fritz said about Our Charlie.

I don't expect my post to be popular here. The truth rarely is. The sad thing is, the downvotes will be related to my saying Orange Man Not Bad, and will completely ignore my assertation that the only way to be secure is to grow your own.

Sovereign cloud, more a political‑legal concept that cannot be delivered by the technical architecture.

Not by technical architecture alone but both aspects are needed.

> Not by technical architecture alone but both aspects are needed.

They could start with taking out the backdoors ;)

Then you can only employ non-smokers.

No, wait ..

:)

How do you figure? Do you think it is impossible to build your own equipment and install your own fiber? Someone else did it without even knowing it's possible, and you have the advantage of knowing it can be done. But, it means (gasp!!!) spending money!

...is the "A".

Not necessarily. A name can be licenced to a franchisee along with other aspects. It's the least of the problems. The real criteria are the legal and technical ones that permit independence for the duration of the contract - a contract thatcan't be arbitrarily cut short.

You can't really force independence if there is as much as a shred of connection with the US, and in this case it already starts with the brand.

I've spent over 10 years working on projects that had to be absolutely US-free, and trust me, it's very hard. You start with investigating where your funding and capital comes from and how it's interconnected.

Why do you think there's so much US private equity buying up EU industry? Worse, they do it with leveraged capital which means the moment the US dollar gets slammed into a more realistic valuation we're left with gaping holes everywhere. The way Trump is destroying the US economy with his tariffs, that is likely to happen sooner rather than later.

European tech leaders are concerned about US laws having jurisdiction over European operations of US companies. For example, under the CLOUD Act, US authorities can compel access to information held by American cloud providers irrespective of where in the world that data is housed.

they weren't that bothered when it started

comprehension of the world is changing and now at pace.

.. unless you are the UK government, who just 2 weeks ago gave Palantir (the worst of the worst) a £240 million millitary deal:

Palantir lands biggest ever UK defense deal

The £240 million contract with the Ministry of Defence has renewed a debate about Britain’s dependence on American technology.

[1]https://www.politico.eu/article/palantir-lands-biggest-ever-uk-defense-deal/

Presumably, this is part of the even bigger deal, proudly announced in September by the out of touch morons in charge:

Press release

New strategic partnership to unlock billions and boost military AI and innovation

The UK will be at the leading edge of defence innovation as the government signs a new partnership with Palantir to unlock billions in investment and deliver on the Government’s Plan for Change.

[2]https://www.gov.uk/government/news/new-strategic-partnership-to-unlock-billions-and-boost-military-ai-and-innovation

[1] https://www.politico.eu/article/palantir-lands-biggest-ever-uk-defense-deal/

[2] https://www.gov.uk/government/news/new-strategic-partnership-to-unlock-billions-and-boost-military-ai-and-innovation

Yup. That's the difference between a leading and a bleeding edge. This is bleeding.

"abide by European law"

For now. I think things will change fast.

"it would fight the US government in court"

Ha. "National Security!" means there will not be any court.

And if you are Airbus sized, why are you even considering public cloud for anything but your public website?

As per my comments above, it would be possible to have a European company subject solely to European law but TFA doesn't seem very reassuring about that.

As to the Airbus aspect, if you follow the link back to the earlier article you wil find that Catherine Jestin, is not only "executive vice president of digital at Airbus" she is also "chairwoman at GAIA-X" and GAIA-X is a "European Commission-backed initiative was conceived in 2019". There's no mention anywhere as to whether Airbus use public cloud or not.

"chairwoman at GAIA-X"

Thank you, there was something very blurry in the back of my head.

But take Airbus to mean any largish company, that outsources its operation and knowledge. I do not think it is midterm econmical or longterm viable. It can be/look economical in the short term.

"it would be possible to have a European company subject solely to European law"

It would have to be entirely clean sheet, without any US citizens on the payroll and with absolutely nothing tracing to the USA (including business operations)

That's a much harder task than you'd think. The USA Government decided a while back that it has jurisdiction worldwide on everything everywhere and if existing laws don't quite allow it then they'll change those laws, making the changes retrospective

The frog has been boiling for several decades at this point

With Venezuela they have also returned to the extraordinary rendition in the list of crimes they can commit to get their way anyway.

Can we put a tariff on US officials crossing the border inbound? And tax foreign owned golf courses, double if the owner has US connections?

See title.

This is the same stupidity as people who used to put things on web servers and say only they could access it because only they had login credentials.

Ignoring the fact the hosting company always had root SSH access to every machine.

Metaphorically, not literal, but the point still stands.

Amazon/AWS have a presence in the US. That's enough for Uncle Sam to lean on.

Anyone who believes these sovereignty promises is a naive fool. This is merely "sovereignty washing" by the big Tech scalers.

sovereignty washing

Shame I only have one upvote..