And people wonder why US companies are moving to be stateless. It’s not just about the taxes (even if it mostly is).
Actually that’s a fairly tricky area and one with all sorts of subtleties, even if none of the parties are trying to act evil. The nature of online services and multinationals means you can have a customer in Ireland being supplied with a service by a company in the UK, with headquarters in Germany, but customer information stored in datacentres in the US and the Netherlands. Trying to figure out which data protection and data retention laws to comply with keeps lots of lawyers in business.
Even on a small scale it’s easy to get into knots. If you use offsite cloud backups, or even Dropbox, you can easily end up with data sitting in multiple jurisdictions, possibly without even knowing it.
I remember raising this very issue with a senior official in DoJ when the Data Retention Act was being drafted. He just shrugged his shoulders and told me we (industry) would just have to sort it out.
In fact even in Ireland you can get into this mess. At present I am involved in a process of clarifying a point with the ODPC where one (Irish) law says I must delete a piece of data and another one says I cannot delete it. No-one knows what to do.
Put it in a box with a cat, some poison, and a radioactive trigger mechanism that has a 50/50 chance of releasing the poison.
And a 50/50 chance of catching hell from the ODPC.
This is getting interesting…
U.S. threatened hefty fines to make Yahoo hand over user data - -> reuters.com/article/2014/09/ … 3920140912
So much for the Republicans being the party of liberty… the libertarians might want to find a different home…
A series of pieces by Barrett Brown, jailed over the Stratfor email releases in 2012.
The Digital Arms Race: NSA Preps America for Future Battle - -> spiegel.de/international/wor … 13409.html
More from Barrett Brown
NSA, GCHQ ‘hacked world’s largest SIM card maker, stole crucial keys to decrypt calls’ - -> theregister.co.uk/2015/02/19 … o_kingdom/
Your hard drives were RIDDLED with NSA SPYWARE for YEARS - -> theregister.co.uk/2015/02/17 … ion_group/
Given it is installed at source, can it evade anti-malware programs ?
Yes - it used trusted certificates to do this - the software that could easily be hacked used certificates that were valid. There’ve been a few more of these valid certs malwares, and there’s a new one that uses stolen certs: theregister.co.uk/2015/06/15 … conn_cert/
All of which threatens to bring the rather dodgy edifice of certs tumbling down…