[LINK] Microsoft slams local data centre edict

Richard Chirgwin rchirgwin at ozemail.com.au
Sun Nov 27 13:43:01 AEDT 2011

Phil -

1 - I've been a tech journalist and editor for nearly 25 years, so my 
name must be easy to discover. I've never had an approach from Cocoon; 
which makes me wonder if the lack of interest reflects the media savvy.

2 - In any case, it does not circumvent the PATRIOT Act; "It's 
encrypted? Hand over the keys, then".


On 27/11/11 12:08 PM, Philip Argy wrote:
> With Cocoon Data's Secure Objects technology, the access control list
> for a file/directory/server etc can be kept in Australia and the
> encrypted file stored anywhere on the planet.  Because the
> encryption/decryption keys and the access rights are totally
> controlled from here, and have to be referenced each time a file is
> sought to be opened, the paranoia about the location of the server on
> which the information is stored becomes irrelevant.  The encryption
> mechanism can be as strong as you wish - 5,000+ bit keys if you're so
> inclined!  What's important is where access control is - not where the
> data is.
> But of course this is just innovative Aussie technology that no-one
> here is interested in ...
> Philip
> -----Original Message-----
> From: link-bounces at mailman.anu.edu.au
> [mailto:link-bounces at mailman.anu.edu.au] On Behalf Of Jan Whitaker
> Sent: Friday, November 25, 2011 9:36 AM
> To: link
> Subject: Re: [LINK] Microsoft slams local data centre edict
> Re Karen Dearne's article about the submissions on the PCEHR
> legislation
> http://www.theaustralian.com.au/australian-it/microsoft-slams-local-da
> ta-centre-edict/story-e6frgakx-1226205393994
> MS says in their submission:
> "Healthcare information stored in a PCEHR will not necessarily be
> better secured and protected simply by virtue of data being held
> within Australia's territorial boundaries, as compared to (offshore)
> storage repositories and portals operated under world's best practice
> security and privacy systems," it says in a just revealed submission
> on the draft bill.
> "By regulating the geography where the data is held rather than the
> level of security under which it is held implicitly establishes
> criteria for data protection that are not related to principles of
> technology security."
> Exactly right! There are more important things than the specific
> technology, like accountability, right of action, law, little things
> like that.
> I went to a briefing on ehealth info with an APF colleauge about 3 or
> 4 years ago. We met the person from Microsoft at the time running
> Healthvault or whatever it was called, the MS offering for storing
> personal health information at the pleasure of the individual rather
> than the government.
> The key question I asked him was: Will MS guarantee the information is
> stored in Australia to be under our legal jurisdiction? The answer was
> an unequivocal, yes, it will be stored in Australia. It was that
> simple.
> The position MS takes about not focusing on the security misses the
> governance problem: whose law will cover the screw ups? It's not just
> about technical security or even privacy. It is about jurisdictional
> accountability. IANAL, but the issue of server location has seemed to
> be powerful enough for other actions where jurisdiction comes into
> play. Why does Microsoft say in their submission (as quoted in the
> article) that the government could contract them to meet the local
> jurisdictional requirements? Is that accurate?
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list