[LINK] Microsoft slams local data centre edict

[Richard Chirgwin]

Jan,

The way American tech evangelists talk about other countries re the 
cloud is starting to irritate me. Last week, it was Gartner complaining 
that the Westminster System crimps cloud implementations; this week, 
it's MS obfuscating the data jurisdiction issues.

In both cases, the argument is that if someone's institutions are 
incompatible with the IT industry's preferences, then it should be the 
institutions that change, not the industry. What next?  A complaint to 
the WTO that Australia's privacy laws - and our concern that the PATRIOT 
act means our data *cannot* be absolutely protected in a US data centre 
- is constraining their ability to sell stuff here?

This kind of "IT is all" attitude is probably what lies behind Westpac's 
decision to demote IT out of the boardroom and make it one line of 
reporting to the COO.

RC

On 25/11/11 9:35 AM, Jan Whitaker wrote:
> Re Karen Dearne's article about the submissions on the PCEHR legislation
> http://www.theaustralian.com.au/australian-it/microsoft-slams-local-data-centre-edict/story-e6frgakx-1226205393994
>
> MS says in their submission:
>
> "Healthcare information stored in a PCEHR will not necessarily be better
> secured and protected simply by virtue of data being held within
> Australia's territorial boundaries, as compared to (offshore) storage
> repositories and portals operated under world's best practice security
> and privacy systems," it says in a just revealed submission on the draft
> bill.
>
> "By regulating the geography where the data is held rather than the
> level of security under which it is held implicitly establishes criteria
> for data protection that are not related to principles of technology
> security."
>
> Exactly right! There are more important things than the specific
> technology, like accountability, right of action, law, little things like that.
>
> I went to a briefing on ehealth info with an APF colleauge about 3 or
> 4 years ago. We met the person from Microsoft at the time running
> Healthvault or whatever it was called, the MS offering for storing
> personal health information at the pleasure of the individual rather
> than the government.
>
> The key question I asked him was: Will MS guarantee the information
> is stored in Australia to be under our legal jurisdiction? The answer
> was an unequivocal, yes, it will be stored in Australia. It was that simple.
>
> The position MS takes about not focusing on the security misses the
> governance problem: whose law will cover the screw ups? It's not just
> about technical security or even privacy. It is about jurisdictional
> accountability. IANAL, but the issue of server location has seemed to
> be powerful enough for other actions where jurisdiction comes into
> play. Why does Microsoft say in their submission (as quoted in the
> article) that the government could contract them to meet the local
> jurisdictional requirements? Is that accurate?
>
> Jan
>
>
>
> Melbourne, Victoria, Australia
> jwhit at janwhitaker.com
> blog: http://janwhitaker.com/jansblog/
> business: http://www.janwhitaker.com
>
> Our truest response to the irrationality of the world is to paint or
> sing or write, for only in such response do we find truth.
> ~Madeline L'Engle, writer
>
> _ __________________ _
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>