Posted on

Two Perspectives; One Solution = Subutai. OptDyn CTO/Founder Alex Karasulu on the CLOUD Act.

OptDyn CTO/Founder Alex Karasulu

What is the problem with the CLOUD Act, and how Subutai is the answer …

Before the CLOUD Act

Before the CLOUD Act the US government could ONLY get its hands on the data US companies kept on servers inside US borders. If a US company hosted data outside, say in the EU, the US government was unable to access this information using a warrant or subpoena. Accessing data from servers in other countries required treaties and understandings with these governments.

After the CLOUD Act

The CLOUD Act allows ALL the data hosted on servers inside and outside of the US by American corporations to be accessible to US authorities via warrant or subpoena. Additionally this information, associated with US and non-US citizens can be shared with other governments without congressional approval which bypasses national privacy laws in the US and of other nations.

What does this mean for Cloud Computing?

It’s ironic that they used a title for the act whose acronym (almost) spells out CLOUD: the CLarifying Overseas Use of Data Act. Whether or not the data being hosted by US companies outside of the US is stored technically in a cloud does not matter. The data could just be sitting on a disk drive of a server in a foreign state. However the reason for trying to force the CLOUD acronym is clear, the act impacts the cloud industry more than any other since their cloud resources are used predominantly to host applications and data overseas.

This is really bad news for cloud providers with centralized control and administration of their cloud. This should scare companies using their services in the US and outside even more than ever. Let’s take each case separately with the largest fake cloud provider “AcmeZoo, Inc.” which has regions all over the world. Up until now AcmeZoo was able to get business abroad because of laws preventing the US government from accessing data in regions outside of the US. The government of Brazil might have even considered hosting applications in AcmeZoo’s São Paulo region. They might have even seen it as OK, to pass privacy laws that have Brazilian companies hosting the information of Brazilian citizens in AcmeZoo data centers as long as they were in Brazil. With the CLOUD Act all this changes. It no longer matters where that data is stored, AcmeZoo being a US based company is required to hand the data of Brazilian citizens over to US authorities which can basically share it with any other nation now.

What does this mean for P2P Cloud Computing and Subutai?

This is great news for Subutai and couldn’t have happened at a better time. Subutai is the solution that everyone now certainly needs after the CLOUD Act has passed.

Subutai is a Peer-to-Peer (P2P) Cloud platform. It lets anyone buy or sell resources from anyone else to create private cloud environments across edge computers or data center servers. It is completely in the control of the cloud owner. The owner provides governance rules to specify who and from where they are willing to purchase resources and at what cost. There are several parameters that can be used to control your private cloud as it perpetually looks for resources to maintain your desired state for it.

Can’t US authorities get cloud data from OptDyn, a US based company?

Short answer NO.

OptDyn is a US-based company and is the creator of Subutai. OptDyn runs the Subutai Bazaar which is a marketplace with a reputation system and tracker for peer resources. It provides services to help clouds find resources satisfying governance rules around reputation and parameters such as uptime etc.

If the US government required this information it could get it without a subpoena. The best they can do with a warrant is get the names of people and the environments they run. They cannot access data in your P2P cloud environments. First of all OptDyn does not own those servers, others do in the ecosystem. Furthermore you keep your keys to your cloud. It cannot be accessed through OptDyn without doing those operations with your keys when interacting with the Bazaar. These keys are kept and managed in your browser using the Subutai E2E Security plugins.

When using Subutai, you can protect yourself from the CLOUD Act by running on peers owned and operated on servers owned by non-US companies. Subutai has all the governance rules to allow you to restrict exactly where you cloud will run. This is why it was created in the first place as a first class Infrastructure as a Service Cloud and IoT platform.

If you’re a Brazilian Government Agency you should stop using AcmeZoo, Inc. for cloud services from their São Paulo region. Your data is no longer safe there and can be traded to other governments thanks to the CLOUD Act. You can use Subutai with local Brazilian hosting providers under Brazilian law and jurisdiction instead to get an even more resilient government cloud or also leverage your own data centers in combination. This will guarantee that your data will never get into the hands of others you don’t want it in.

We invite you to get started today with Subutai and Conquer the Cloud.

# # #

Read OptDyn CEO Jon “maddog” Hall’s post, “CLOUD – obscuring your privacy”

Advertisement