Comment by jgbuddy a day ago
Thus is probably more about the EU having access to eu data than not having the US have access to EU data. Also it’s not like it’s impossible to encrypt things when you store them? This article is more political than logical or technical, it’s unfortunate that government control / intervention in the free market to this degree can be spun into something positive.
It is also about not having the US government cutting people off from their data on a whim, such as happened to the International Criminal Court.
> unfortunate that government control / intervention in the free market to this degree can be spun into something positive
I don't think most Europeans want a laissez faire-style "anything goes" market, we want corporations and people to have responsibility for what they do and the effect they have. With a little bit of nuance, some government control and intervention is needed in a healthy society, because we don't want to end up in the same situation the US currently finds itself in.
> Also it’s not like it’s impossible to encrypt things when you store them?
Apart from Signal, do you know of an actual US service where things are E2E encrypted, including metadata, that also allows several people working on the same thing at the same time?
> not having the US have access to EU data
It is a great deal about not having US access EU data.
It is also about the US not having the power to cut the EU from essential services.
> This article is more political than logical or technical
Of course this is 100% a political matter (rather than technical). This is not a bad thing. Technical stuff doesn't live in a politic-free vacuum.
> it’s unfortunate that government control / intervention in the free market to this degree can be spun into something positive.
And this stance too.
This wouldn't address building an actual E2EE service. This is a hard issue.
CryptPad [1] does this but it has strong limitations inherent to a fully E2EE system.
(disclaimer: I work for the company which develop CryptPad, but I don't myself work on it)
I wonder if someone could make a foss frontend for Google Drive/Dropbox/<insert product here> that transparently encrypts files on your device before uploading them, that would certainly make me worry less about those services.
> Thus is probably more about the EU having access to eu data than not having the US have access to EU data.
The EU governments do not have free access to data in a non-transparent way. That's the main difference between EU and American laws.
> Also it’s not like it’s impossible to encrypt things when you store them?
The GDPR lets you store any data in a third country, so long as it's impossible for that country to decrypt the data. E.g. it has to be encrypted before it's transferred.
It just severely limits what you can build, to a degree where it's probably easier to just use a cloud that can be trusted to follow the GDPR.
Its past political.
I work in energy now, and we host stuff in AWS. So far so normal.
However, with the tubthumping about invading greenland, We see that america is willing to evaporate any system that gets in the way of the sun king's world view. Sure, he says now that "we were never going to invade" but given the way you've all just given up your 1st, 4th, 10th and now 2nd amendment, we're not really that sure.
This means that when the next recession happens and the EU is busy competing, he'll ask "hey we subsidies the EU by getting them to pay for AWS, why don't we turn it off?" I mean that sounds far fetched, but so did unrelated personally controlled federal militia roving around states disappearing US citizens without trial.
tldr: you're damn right its about politics. He threatened to invade an ally, we aint hanging around to find out whats next.
Also to your point: "can't we just encrypt it?"
Its someone else's computer. The TPM is controlled by someone else. You can't really process on a machine that has a compromised urandom/TPM
Also the bigger issue is having all your access revoked over night. Thats the bigger fear.
> Thus is probably more about the EU having access to eu data than not having the US have access to EU data
It's more about not being subjected to the whims of the US. High dependency on US vendors means high leverage for the US administration (export control, sanction, etc.).
IMHO, this is the EU using current events to push for more power and control for itself over member states in many areas, including new areas like defence. Apparently member states and people are fine with that or even driving it... Turkeys voting for Christmas comes to mind.
„Cloud“ ist a lot more than blob storage where encryption can help. As soon as you use a service that sees plain text (eg a database saas) encryption doesn’t save you from the service provider (and by extension foreign government). But as the article points out, data exfiltration is one problem, the other, imo bigger, problem is dependence on a foreign nation for critical infrastructure. The US government can decide to shut down almost all European IT and there is nothing Europe can do about it right now.