I’d like to imagine that Aus politicians might start serious planning for viable on-shore alternatives to the incumbent US tech platforms but I haven’t seen anything to give me hope that it’s a realistic likelihood 😕
-
I’d like to imagine that Aus politicians might start serious planning for viable on-shore alternatives to the incumbent US tech platforms but I haven’t seen anything to give me hope that it’s a realistic likelihood
US orders diplomats to fight #DataSovereignty initiatives
“The cable said the Trump administration was pushing for "a more assertive international data policy" and that diplomats should "counter unnecessarily burdensome regulations, such as data localization mandates."”
-
I’d like to imagine that Aus politicians might start serious planning for viable on-shore alternatives to the incumbent US tech platforms but I haven’t seen anything to give me hope that it’s a realistic likelihood
US orders diplomats to fight #DataSovereignty initiatives
“The cable said the Trump administration was pushing for "a more assertive international data policy" and that diplomats should "counter unnecessarily burdensome regulations, such as data localization mandates."”
@itgrrl you are very correct. It’s not like we don’t have local skills we are bursting with devs.
-
I’d like to imagine that Aus politicians might start serious planning for viable on-shore alternatives to the incumbent US tech platforms but I haven’t seen anything to give me hope that it’s a realistic likelihood
US orders diplomats to fight #DataSovereignty initiatives
“The cable said the Trump administration was pushing for "a more assertive international data policy" and that diplomats should "counter unnecessarily burdensome regulations, such as data localization mandates."”
@itgrrl Do you think we could collaborate and get a Land of the Long White CloudServices?
-
I’d like to imagine that Aus politicians might start serious planning for viable on-shore alternatives to the incumbent US tech platforms but I haven’t seen anything to give me hope that it’s a realistic likelihood
US orders diplomats to fight #DataSovereignty initiatives
“The cable said the Trump administration was pushing for "a more assertive international data policy" and that diplomats should "counter unnecessarily burdensome regulations, such as data localization mandates."”
@itgrrl You'd think AUKUS minus US would try to tag along with whatever the EU does.
-
@itgrrl Do you think we could collaborate and get a Land of the Long White CloudServices?
@vonExplaino I expect that would depend on potential economies of scale (small as they are in global terms) vs added complexity & overheads of running a two-country platform, plus an ongoing actual or perceived alignment of values between Aotearoa & Aus – if the goal is complete data sovereignty then probably not, but if the primary goal is relative data sovereignty compared to having everything run by US-based tech giants, then… maybe? ¯_(ツ)_/¯
in Aus (I’m not across NZ legislation), the Privacy Act 1988 (Cth) already has an Australian Privacy Principle (APP
which addresses cross-border disclosure of information that applies to most government agencies & also large private sector orgs (“APP entities”) and requires that the Aus org must ensure (ish) that the overseas orgs can & will comply with the other applicable APPs – but there are exemptions & a significant amount of wiggle-room that means that APP entities routinely use AWS / Azure / GCP / whatever with a fig leaf of compliance with the Act and potentially a lack of real ability to ensure that the overseas orgs are genuinely compliant with the requirements of the Act in many cases, it does encourage APP entities to at least use the on-shore DCs of those providers, but the infra is / can be managed by staff based overseas & is potentially at risk of the US gov instructing the US provider to turn over data regardless of the consent (& perhaps knowledge) of the APP entity
and smaller private sector orgs (with <AUD$3M annual turnover) are exempt so lots of the “rats & mice” services use them without any requirement to comply with the APPs
-
@itgrrl You'd think AUKUS minus US would try to tag along with whatever the EU does.
@chrisp in that particular context I expect that FVEY^ almost certainly enters the chat (& probably says “absolutely not”)…
️ but I also imagine that in light of ⚹gestures wildly at everything⚹ all of the non-US FVEY nations will already have been considering everything they’ve ever shared with the US, having kittens, & “tweaking” their SOPs to whatever extent they can to mitigate some of the risks
^ and probably other binding international agreements that I’m not across -
@vonExplaino I expect that would depend on potential economies of scale (small as they are in global terms) vs added complexity & overheads of running a two-country platform, plus an ongoing actual or perceived alignment of values between Aotearoa & Aus – if the goal is complete data sovereignty then probably not, but if the primary goal is relative data sovereignty compared to having everything run by US-based tech giants, then… maybe? ¯_(ツ)_/¯
in Aus (I’m not across NZ legislation), the Privacy Act 1988 (Cth) already has an Australian Privacy Principle (APP
which addresses cross-border disclosure of information that applies to most government agencies & also large private sector orgs (“APP entities”) and requires that the Aus org must ensure (ish) that the overseas orgs can & will comply with the other applicable APPs – but there are exemptions & a significant amount of wiggle-room that means that APP entities routinely use AWS / Azure / GCP / whatever with a fig leaf of compliance with the Act and potentially a lack of real ability to ensure that the overseas orgs are genuinely compliant with the requirements of the Act in many cases, it does encourage APP entities to at least use the on-shore DCs of those providers, but the infra is / can be managed by staff based overseas & is potentially at risk of the US gov instructing the US provider to turn over data regardless of the consent (& perhaps knowledge) of the APP entity
and smaller private sector orgs (with <AUD$3M annual turnover) are exempt so lots of the “rats & mice” services use them without any requirement to comply with the APPs
@itgrrl I see. Yeah, the local economy of scale I had assumed might not be enough to make this viable. I work in one of those entities and the amount of work we put into data sovereignty that then becomes "Oh, if we want your data, we'll just take it no matter where / how it's stored with us". Privacy theater.
That's not getting into the niche services that host wherever but are sole providers so unless people build their own services... bleh.
-
@chrisp in that particular context I expect that FVEY^ almost certainly enters the chat (& probably says “absolutely not”)…
️ but I also imagine that in light of ⚹gestures wildly at everything⚹ all of the non-US FVEY nations will already have been considering everything they’ve ever shared with the US, having kittens, & “tweaking” their SOPs to whatever extent they can to mitigate some of the risks
^ and probably other binding international agreements that I’m not across@itgrrl The year Five Eyes became Four Eyes
-
@itgrrl The year Five Eyes became Four Eyes
@chrisp I think that’s very unlikely but I guess we can’t rule anything out at this point
-
R relay@relay.infosec.exchange shared this topic
