This is more politics than technology, but it’s good info for people living outside the US. You can’t trust your data to American companies no matter where they store the data.
As someone in the US who has been in audits where we had to attest to where our data was stored, also wtf.
Oh reading the article it means non-US sovereignty. Pretty sure anybody in IT at this point should know the US privacy laws are non-existent and US companies are in this position and have been for decades.
The article makes it pretty clear that this is due to a 2018 law called The Cloud Act. I’m sure the US could have tightened the thumbscrews and gotten the information illegally before then, but that’s going to be true of every country. No reason to think you can trust any government.
This is more politics than technology, but it’s good info for people living outside the US. You can’t trust your data to American companies no matter where they store the data.
As someone in the US who has been in audits where we had to attest to where our data was stored, also wtf.Oh reading the article it means non-US sovereignty. Pretty sure anybody in IT at this point should know the US privacy laws are non-existent and US companies are in this position and have been for decades.
The article makes it pretty clear that this is due to a 2018 law called The Cloud Act. I’m sure the US could have tightened the thumbscrews and gotten the information illegally before then, but that’s going to be true of every country. No reason to think you can trust any government.
Even non-American CSPs with assets in the US would required to cooperate with US regime and affiliated oligarch gangs.
this is why you should encrypt everything on cloud services at rest. S3? encrypted. SQS? encrypted. MSSQL? encrypted.
if you are a developer or SRE you need to make sure your apps are encrypted.
Sounds good until you remember that they keep trying to backdoor encryption. It’s asinine.
The only good thing the
Trump adminJD Vance has done: UK will back down over its demands on Apple for an encryption backdoorThis isn’t the first time it’s come up. In EU too.
The UK government was also getting advice from its own cybersecurity people that the backdoor idea wasn’t viable.
Vance deserves no credit for this or anything else.
How dare you suggest that having a publicly accessible, unencrypted database is not a best practice. The nerve.