Hacker News new | past | comments | ask | show | jobs | submit login
Microsoft admits Patriot Act can access EU-based cloud data (2011) (zdnet.com)
177 points by laumars on June 9, 2013 | hide | past | favorite | 25 comments



"Microsoft cannot provide those guarantees. Neither can any other company."

The most telling and most important line in the article. Recent days have made it abundantly clear that anyone under US jurisdiction is susceptible to scrutiny and surveillance.


Most large European corporations have known this for ages, and it's still a big obstacle for cloud offerings here in Europe when dealing with sensitive (or just very bureaucratic) engagements.

I know of at least one (massive) US company that had to create a special data centre in the UK to host sensitive financial data for a (massive) bank, because US-based servers were a huge no-no due to Patriot Act. In that case, it was promised that the provider might have to comply with US requests anyway, but would have been entitled to at least notify the client in advance... and I bet there was a huge discount to sweeten the deal.


I find this article particularly disappointing (though sadly not at all surprising) given the recent ad campaign Microsoft have launched in the UK, which features the tag line: Your Privacy is Our Priority

http://www.youtube.com/watch?feature=player_embedded&v=bt51M...


Yes I've noticed that. It's abhorrent that they suggest that they take privacy seriously. Read their terms and conditions for Office 365 and Windows Live and you will see what I mean.

Unless someone has redefined the term privacy for the modern age that is..


I recently thought of MS as one of the last giants that take privacy seriously. Just goes to show you never know.


This didn't surprise me at all. It's logical: if the company is U.S. based, it's susceptible to the Patriot act.


It gets a bit scary when one consider the number of lawyers, priests, medical professionals, judges, or even complete political parties who's have their every email sent over to the US for data processing and maybe NSA for copying. Today I read an article about just such political party in Sweden. I can only hope that at least diplomats knows better, but even there I doubt that everyone is aware enough to always use secure email.


Given that multi-datacenter replication is a reality in massive systems, using the point of storage to determine jurisdiction seems like an antiquated idea. Perhaps a system based on the point of origin of data would lead to more enforceable and amicable legislation...


Physics are against rules beased on point of origin. The government of the point of storage has all the power to take the data, the one of the point of origin has none.


Let's not forget that by default, Windows 8 now stores even your personal documents in the cloud. Basically everyone around the world is being directly spied upon by the NSA. We need a strong offshore tech community with real choices ASAP.


Windows 8 on the desktop does no such thing by default. If you're talking about SkyDrive, it works just like DropBox or Google Drive. You have to move your files in to a specific folder for it to sync to the cloud. Everything else, like "My Documents" and all the other stuff is still very much local.

Having never used a Surface RT, I have no idea how it works there, but on the desktop Windows 8 does not force you to store anything in the cloud.


By default it asks you for your Microsoft account details on first boot. It is a secondary option now to use a local account and it's well hidden at the bottom of the screen. Also, to install applications from the Windows app store, you need to register your PC with Windows Live.

SkyDrive and the Windows Live accounts have access to your local machine as well.

This inversion from Windows 7 is not acceptable in my opinion.


This is just plain FUD. Windows 8 doesn't put anything but my login info on their servers unless I ask it to.


Wait, your local login credentials (password presumably hashed) are passed to an external server for storage? Why in the world would that improve the user's experience?


It doesn't happen if you use a local account but you can login to Windows 8 using your Microsoft account (from Hotmail or whatever). Of course they store those credentials on their servers.


That seems like a very odd system but a good way to snoop and see who is logging on to a particular computer at a particular location. I can't imagine how this would benefit the user experience one little bit though.

What happens if you've lost internet access? (Internet outages happen!) Can you no longer log in to Windows?


It's unified authentication and automatic synchronization between all devices.

If you have no Internet access (as per no domain access on Windows), it uses cached credentials.


That's a bit more of a reasonable explanation.

It seems convenient on the surface but I can think of many ways it's a really, really bad idea: third party snooping, the possibility of being locked out of your own computer if your Microsoft account is deleted/deactivated/password changed, possible expiration of cached credentials (and therefore inability to log in) during a protracted period of internet unavailability, etc


ALL of those are possible and have occurred to that class of account so you've hit the nail on the head there.


It thoroughly suggests and tries to make you do it at first boot though by hiding the local account option and then making you confirm it.


Huh? Are you referring to Office 365 or is there something I missed?


I think the OP is referring to the fact you can now sign into Windows using your "Microsoft Account" which is technically your ex-Windows Live account. These accounts are hosted in the US looking at the terms and conditions.

For the majority of users, they will miss the tiny text at the bottom which allows local accounts an will be put off by the big warning about how crappy local accounts are immediately afterwards.

The result is a big conversion to Windows authentication being moved to "The Cloud" and therefore under the eyes of every nefarious agency out there.


The title is a bit sensationalised. EU-based cloud data that is stored by Microsoft is accessible via Patriot Act because Microsoft is a US-based company and must comply with US laws regardless of where their data is physically stored.


The USA gets all of europe's bank transaction data above 5000€ or so :/


SWIFT?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: