EU-anchored Cloud Technological solution for the legal and political problem Primarily for (semi-)governments and academia Valer Mischenko (NLnet Foundation, Amsterdam)
Shiny side cost reduction scalability accessibility location independency reliability elasticity CONVENIENCE +++ Dark side privacy is not guaranteed deletion of data is unthinkable (potential) abuse of data vendor lock-in (private APIs) audit is not possible (closed APIs) intransparent security intrusion of third parties / data capture unobservable legal uncertainty in case of 'issues' NO CONTROL
Europe has problems with Cloud Report of Directorate-General for Internal Polices of the EP Fighting cybercrime and protecting privacy in the cloud : The challenges of privacy and data protection in a cloud context are clearly underestimated, if not ignored American FISAA:... has very strong implications on EU data sovereignty and the protection of its citizens rights Data Protection offences should be recognized as a type of Cybercrime
Usability of cloud Freedom of choice Social and legal responsibility Consumer Corporate Government and academia How to help the most disadvantaged?
How to approach? Data-Logistic Company: exclusively within the EU bound exclusively to the EU laws data transport, storage and processing transparent: open code and procedures Fair Cloud foundation Min 51% shares with the foundation on the top unsellable profit to the foundation for mission assurance & technology improvement EU Data Logistic Ltd
Market proposition Guarantee! Subject only to the EU laws Guarantee! The company does not change course and continues to do what it promised Processing of data strictly separated from storage The company does not know what data is stored, only the (temporary) location of the data EU Data Logistic Ltd
Market place Volume: ~10 bln public services in the EU in 2013 Growth: with duble figures per year (18,5% in 2013) Revenue sources: data-logistic services enabling client side processing encryption
Use of open technological paradigms Encryption Unhosted HTML5 + NoScript transparent no lock-in open where possible
Encryption With end-to-end encryption some sharing functionality to be reviewed Sharing and encryption still possible, but difficult for 'normal' user should really be simple Difficult to revoke access to data if keys were already issued Possibly other problems that we can not overlook now Even if encryption problems are resolved, European cloud is indispensable as other attacks possible besides those on data content Therefore you better keep your data within one legal zone!
There were legal ambiguities Is a purely European cloud legally possible? I.e. where only the EU legislation applies? Is it possible for the EU governments to use such purely European service provider in their procurement process? Is it possible for the EU governments to exclude non-eu suppliers from the procurement process on the basis of non-compliance with the EU-laws? Research results of the University of Tilburg : Yes! Yes! Yes!
Results of the University of Tilburg research: 3 x Yes under conditions that: All cloud computing services are being provided within the EU The service providers and subcontractors have EU nationality Operate only within the EU In this case, the governments comply with the (European) conditions for procurement The way to building a genuine European cloud is free now
EU future in the Cloud? One week ago on Dutch television, Judith Sargentini, member of the European Pariament: We, Europeans, can only guarantee our sovereignty with EuropaCloud. Meaning an ecosystem of rules, services and providers which embodies what we Europeans find important: data protection, privacy, freedom of expression, transparency, decentralized storage and energy efficiency. We can use these values as a unique selling point.
EU future in the Cloud? The very last sentence of the report Fighting cybercrime and protecting privacy in the cloud : A target could be that by 2020, 50% of EU public services should be running on Cloud infrastructure solely under EU jurisdictional control.
This is an invitation to NRENs: What's needed: Let's build the EU-anchored Cloud Participate in setting up the Fair Cloud Foundation Development of a data logistics platform EU-wide set up and testing Commercially available storage and processing power What you get: Usage of trully European cloud Funds from the Fair Cloud Foundation Sale of excessive storage and processing Fame :-)