Last week, Microsoft announced their collaboration with Deutsche Telekom, which was providing customers Microsoft cloud services under strict German jurisdiction, is shutting down. Microsoft is replacing it with a service that no longer is directly operated by Microsoft. The new service(s) reportedly will comply with local and regional regulations, including the Cloud Computing Compliance Controls Catalogue (C5) certification in Germany.
Handelsblatt.com called the Telekom cloud solution “over-priced, under-performing and unpopular with customers”, and their sources tell them “Microsoft Cloud Deutschland” has lost Microsoft over 100 million euro. Handelsblatt.com stated that the security issues were the main problem.
In theory, the data stored in the German data centers were run under German law which strongly prohibits access to the stored data by anyone. Not even the German government is allowed to see the stored data, according to German laws. Of course, no other government is allowed access either.
The problem is with U.S. laws as applied to U.S. companies and the fact that data stored anywhere in the world is really international. While laws in various countries may claim rights over data stored within each country, the German laws are inadequate when applied to joint ventures by corporations in different countries.
Under U.S. laws, any U.S. company MUST give copies of customers’ data when requested by U.S. government agencies. All U.S. corporations must do so, even if the data they control is actually stored in another country where providing such data to anyone is illegal. Microsoft was between a rock and a hard place: providing users’ private data to the U.S. government upon request is mandatory under U.S. law (wherever the data is stored) but is illegal under German law for data stored in Germany.
If Microsoft complied with a U.S. government request, Germany could sue the company. In turn, if Microsoft refused to provide the data to the U.S. government, the U.S. government could sue Microsoft.
I have heard of win-win solutions but this is a lose-lose problem. Since the Cloud Act has been signed by US President Donald Trump, Microsoft has stopped fighting data requests from the US government, even if that data resides in Europe.
In addition to the legal entanglements, Microsoft’s customers in Europe protested and many of them moved their data to European companies that store data only in European data centers where the laws are more strict.
Any company that is hosting data at Telekom will now either have to accept foreign government access to their data or move to a private cloud solution, such as Nextcloud. The Microsoft/Deutsche Telekom joint venture lost many customers as a result of Donald Trump’s Cloud Act. These European customers apparently were not willing to have their data illegally visible to the U.S. government.
You can read more at: http://bit.ly/2Q1EdHn.
Moral of the story:
If you want your data to be safe and secure from prying eyes, even governmental prying eyes, don’t use the services of any company that is incorporated in a country where the government demands access upon request. Such countries will include China, Russia, Great Britain, Turkey, most of the Arab countries, Canada, and the United States of America. Instead, save your backup data in a company that is incorporated in a privacy-protecting country and also has its services in the same country or in other privacy-protecting countries.
For email, I’d suggest TutaNota.com or ProtonMail.com. TutaNota is incorporated in Germany while ProtonMail is incorporated in Switzerland. Both nations are well-known for protecting personal privacy. This means all user data is protected by strict German or Swiss privacy laws. A lesser-known option is Posteo , also based in Germany. I don’t have any experience with Posteo but it does seem to enjoy a good reputation.
For file storage services, there are more choices. Avoid Google Drive, Dropbox, and all other U.S.-based services. I don’t have a list of all the safe and secure file storage services that are free of governmental spying, but here are some of the better-known services:
pCloud is based in Switzerland, a country with strict privacy laws. All files stored in pCloud are encrypted before being saved on pCloud’s servers. Even the pCloud employees cannot read your files.
Tresorit is based in Switzerland, a country with strict privacy laws. All files stored in Tresorit are encrypted before being saved on Tresorit’s servers. Even the Tresorit employees cannot read your files.
Mega.nz, based in New Zealand, a country with strict privacy laws. All files are encrypted before being saved on Mega’s servers. Even the Mega employees cannot read your files.
There are others.
Another option is to host your data in your own (or your corporation’s own) servers while running NextCloud or some similar encrypted file storage software.
Disclaimer: I use NextCloud and like it. However, there are numerous competitors to NextCloud and most of them offer better security than the products from Microsoft.
Comment: if you really, positively want to use a U.S.-based file storage service in the cloud, make sure you encrypt all data on your own computer before sending anything to the file storage service. That will lock out hackers, government spies, and even the employees of the file storage service from being able to read your data. In theory, that will protect your data but not everything else. The various spies will still be able to learn how much data you have saved in the cloud and, with most services, will be able to see your file names and the size of each encrypted file. That isn’t true privacy.