Welcome Guest.   Make a donation to an author on the site May 19, 2013, 11:28:24 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.

You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Check out and download the GOE 2007 Freeware Challenge productivity tools.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
+  DonationCoder.com Forum
|-+  Main Area and Open Discussion
| |-+  General Software Discussion
| | |-+  Microsoft on Australian Health Record Data Security
Pages: [1]   Go Down
« previous next »
  Reply  |  New Topic  |  Print  
Author Topic: Microsoft on Australian Health Record Data Security  (Read 629 times)
Renegade
Charter Member
***
Posts: 8,568



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« on: November 24, 2011, 02:42:37 PM »
This is just bizarre:

http://www.theaustralian....ry-e6frg6nf-1226205148994

Quote
"By regulating the geography where the data is held rather than the level of security under which it is held implicitly establishes criteria for data protection that are not related to principles of technology security.

While the data security part is right - location is irrelevant - the physical security and legal/jurisdictional security is another. Like who in their right mind would put national data in the US with legislation like the PATRIOT Act that affords nobody any protection from anything the government wants to do? That's just nutty.

Or any other place? Why would you put sensitive (national) data in the trust of foreign nationals and out of the physical reach of the Australian government?

Seems a tad wonky to me.

Logged
Slow Down Music - Super Simple - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
40hz
Supporting Member
**
Posts: 8,348


/away

plarker much see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #1 on: November 24, 2011, 03:19:16 PM »
How nice of USA-based Microsoft, acting as a purely disinterested outside party, to put their tuppence in on some Australian draft legislation. What a bunch of swell guys!  Wink Grin
Logged
f0dder
Charter Honorary Member
***
Posts: 8,753



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: November 24, 2011, 03:44:38 PM »
Hm, paywall.

MS is right in that the physical location doesn't necessary make the data safer, though... especially for the same reasons you mention yourself.

There's three things to consider:
1) national laws where the servers are hosted
2) registered nationality of company hosting your data (Amerikan companies have to hand out data to NSA/FBI/whateverTLA on request, regardless of where their servers are hosted, because of TPA).
3) encryption, encryption, encryption, encryption.

With all that in mind, I'd still wish all government would do the fscking only sensible thing: build their own clouds, using open source technology, and not having it hosted by a third party.
Logged
- carpe noctem


[ may-june 2013 ad experiment; click here to learn more about donationcoder.com ]

Renegade
Charter Member
***
Posts: 8,568



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: November 24, 2011, 04:17:52 PM »
Quote from: f0dder on November 24, 2011, 03:44:38 PM
With all that in mind, I'd still wish all government would do the fscking only sensible thing: build their own clouds, using open source technology, and not having it hosted by a third party.

Amen to that!

Given how intrusive legislation in the US is, and how all protections have been removed, I can't see anyone that's sane allowing sensitive information to be hosted there.

But about this:

Quote
2) registered nationality of company hosting your data (Amerikan companies have to hand out data to NSA/FBI/whateverTLA on request, regardless of where their servers are hosted, because of TPA).

If MS had an Australian subsidiary, wouldn't it not be subject to US prying eyes?
Logged
Slow Down Music - Super Simple - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
f0dder
Charter Honorary Member
***
Posts: 8,753



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: November 24, 2011, 04:28:17 PM »
Quote from: Renegade on November 24, 2011, 04:17:52 PM
Quote
2) registered nationality of company hosting your data (Amerikan companies have to hand out data to NSA/FBI/whateverTLA on request, regardless of where their servers are hosted, because of TPA).
If MS had an Australian subsidiary, wouldn't it not be subject to US prying eyes?
IANAL, but I wouldn't bet on it. And it's one of the reasons I wouldn't even consider letting a Danish company handle a governmental cloud.

We had this company doing a lot of govt business, including a lot of police systems, the central person register, et cetera. They got bought up by CSC. Which country is CSC originally from? Yep, you're right.

There's not a lot of public talk about the Carnivore boxes located at every ISP edge location with direct feeds not just to the Danish intelligence service, but also the NSA. They did a pretty fscking ingenious move - enforced data logging (very publicly known), pretty useless crap (source+destination IP and port, IP protocol time, timestamp, and a full packet capture of every however-many packets) - useless, fscking expensive for the ISPs to implement and maintain.. and a DOYCdamn red herring.
Logged
- carpe noctem
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
« previous next »
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.036s | Server load: 0.61 ]