8:49 - Wednesday, 23 April 2014

How Safe Is EU-based Ubuntu One Cloud Data?

#Topics: ubuntu one patriot act

At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK, gave the first admission that cloud data — regardless of where it is in the world — is not protected against the USA PATRIOT Act.

The same goes for data stored in the Ubuntu One cloud?

http://blog.ucilia.com/index.php/cloud-technology-cloud-servers-cloud-telephony-news/60-how-safe-are-eu-based-cloud-data.html

According to the US, if a company is registered in the US, all data they hold anywhere in the world is fair game. So this includes all servers used by Microsoft, Amazon and Google anywhere in the world according to the US. And in the last few days there has been another example of this:

“Google is the next major company to admit Patriot Act issues, as it admits to handing over data held in a European datacenter back to U.S. intelligence.” ZDNET, August 11, 2011

I am not a lawyer and not related to Ubuntu One/Canonical and not a lot of users here are legal experts with knowledge about this situation so an answer to your question will all be conjecture. And it also depends on how stubborn the EU is about enforcing own law and opposing the US Patriot Act.

Ubuntu One Terms of Services

This agreement is governed by the laws of England and any dispute will be heard by the courts in England. Failure by Canonical to enforce any right or provision of this agreement shall not constitute a waiver of such right or provision. If any part of this agreement is held invalid or unenforceable, that part will be construed to reflect the partie’s original intent, and the remaining portions will remain in full force and effect. The terms of this agreement do not affect your statutory rights.

Ubuntu One is based in the UK so the company is subject to the EU laws and the European Data Protection Directive. So the answer to your question should be no Ubuntu one is not affected by this if you store the data on a EU server

If you want to make sure before you start using Ubuntu One that your data will not be handed over to the US you can contact them yourself and get an official responce (from Ubuntu privacy policy):

Please submit any questions or comments about this Privacy Policy, or about our use of your personally identifiable information to our account assistance form at /help/contact/ or by postal mail at the following address: Canonical Group Ltd, 27th Floor Millbank Tower, 21-24 Millbank, London, England, SW1Q 4QP.

Any data stored on a cloud worth protecting should be encrypted. Might not stop the US from getting it and also might not stop the US from decrypting it but it should be made as problematic as possible ;-)

It is never safe to assume that anything you place in a public cloud is kept private, even if the service provider has the best of intentions. You should always err on the side of caution. Canonical might be based in the UK and therefore not affected by the US laws, but does anything prevent them from using another cloud as an extension of their own service? Because if they did that and the other cloud is US based, then it’d still be subject to US law.

If you use the cloud for personal stuff, then you must make sure to encrypt it. You must not make assumptions when it comes to privacy. And even Canonical is not immune to disloyal employees.

Yes, no matter the current laws or terms of service you need to think carefully about what you store this way. Laws and TOS can be changed quickly and easily. Companies can come under a lot of pressure to hand over information, and they will hang you out to dry as soon as look at you if it might affect their bottom line to withold or protect information. Regardless of protection laws.

As example, witness the big credit card companies illegally blocking payments to Wikileaks – it seems the law is actually only for you and me to adhere to.

UbuntuOne relys on Amazon S3 as backend, therefore the data is eventually stored in the US and can of course be subjected to Patriot Act law enforcement!

Data may not end up in the US, assuming Ubuntu One have specified the EU.

Quote from Amazon website re S3.
“Objects stored in a Region never leave the Region unless you transfer them out. For example, objects stored in the EU (Ireland) Region never leave the EU. “

see http://aws.amazon.com/s3/

Share

Advertisement

Comment