Some while back I had a conversation with Martin (“Tall Martin”) Buhr about Cloud Security. At the time, he was the European head of Amazon’s Web Services, and he has recently moved on to Nimbula (“the Cloud Operating System company”) as head of sales and business development, but his words came back to me during an analyst panel at RSA Conference in SFO, where I shared the rostrum with Eric Maiwald of Gartner and Jonathan Penn of Forrester and during which we touched on regulation issues that could block the development of Cloud Computing. In Europe, the case is very clear: The European Data Protection Directive only allows personal data to be transferred to so-called “third countries” if that country provides an adequate level of protection. The most prominent third country is, of course, the United States which chooses for reasons we needn’t get into here to refuse individuals the right to control their personal data the way Europeans can.
In the age of packet switching, nobody can be sure some piece of information won’t make a hop over to New York or San Francisco on its way from, say, London to Frankfurt. That is the charm and the wonder of TCP/IP, that data will always find a workaround if some part of the net is blocked, clogged or restricted. The original scenario, of course, was a Russian attack on the U.S. military’s communications infrastructure, and the thing data packets were supposed to get around were gaping, radioactive holes in the ground where major U.S. cities (and telephone hubs) once stood.