on PRISM and US data hosting

(Originally posted on medium.com.)

For the last 6 months I’ve been working on building a startup that will offer data archiving services. Back then, it looked like a good idea to host our data (our clients data, to be precise) with someone like Amazon AWS, Google AppEngine or Microsoft Azure.

Not any more:

Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” — washingtonpost.com

NSLs enable intelligence organizations to send secret requests to web and telecom companies to gather data that is “relevant to an investigation.” They do not need a judge’s approval and come with a gag order. The FBI’s and NSA’s ability to issue NSLs was expanded under the Patriot Act, which passed in 2001 and President Barack Obama renewed in 2011 to give the U.S. government broad-reaching powers to collect data on Americans. — venturebeat.com

I know I’m deeply worried about my data stored by GMail, Amazon, Facebook and the rest. My clients will probably worry too, if I host their data in the US. Why would they want to store their digital archive in a country where government agencies have the right to secretly access it, without a proper court order?

Luckily we have some months before releasing our service to the public. In the meantime, we have to find a reliable workaround to US unreliability when it comes to data protection and privacy.