Azure Loves Linux; What About Microsoft?

The news that Red Hat and Microsoft have reached an agreement about hosting Linux is very welcome. I am delighted for Red Hat here, and see this as a huge sign of the continuing power and growth of open source. It shows that the cloud market is one where and embrace of Linux is table stakes. It also shows that the enterprise market is one where Red Hat is a huge and powerful supplier.

All the same, let’s be clear that all the “Microsoft Loves Linux” hype I saw at SUSECon in Amsterdam yesterday and at other events earlier this year is just not true. Microsoft Azure loves Linux, there is no doubt; it is a basic requirement for them to become relevant on a cloud market dominated by AWS and Linux. They have been out in force at every commercially-oriented open source I have attended this year and have a full-scale charm offensive in place.

But the rest of the company still does not. They still seem to covertly spread open-source-related FUD about LibreOffice here in Europe. They haven’t foresworn making embedded Linux vendors pay for patent licenses of dubious necessity. The Azure business unit is certainly embracing the ecosystem the same as many before them have done so in their steps towards open source. But the Windows and Office business units show no signs of “loving” Linux and only modest signs of co-existing with open source.

It’s hard to change a company as large and profitable as Microsoft quickly. But a significant and binding gesture of goodwill would go a long way to convincing those of us with the scars of Microsoft’s decades of verbal and actual abuse of open source that they mean business.  It’s no secret what the necessary gesture is.

“We both know we have very different positions on software patents,” said Paul Cormier, Red Hat’s president for products and technologies. “We weren’t expecting each other to compromise.”
(WSJ)

Red Hat, despite asserting they don’t believe Microsoft has any patents that read on their products, included a standstill agreement in the deal. Sources tell me it is carefully phrased to comply with the GPL. If Red Hat felt they had to do that with their new partner, there’s no doubt everyone else remains at risk.

If Microsoft truly want to signal the end of hostilities, step one is to sign the Mozilla Open Software Patent License Agreement or join OIN. Until one of those happens, I remain sceptical of Microsoft’s love for Linux.

[Please see my InfoWorld article for more]

EU-US Safe Harbour For Personal Data Eliminated

The European Court of Justice (CJEU) handed down a decision declaring EU-US safe harbour for personal data invalid this morning. It has far-reaching implications for cloud services in particular and may presage increased opportunity for open source solutions from non-US suppliers. Looks like a real gift to companies like Kolab.

Here’s my first reaction on reading of the sources. Let me know what I have wrong & I’ll fix it. In the Opinion of the Advocate General (who has a broader but compatible view), he said:

¶183. I am therefore of the view that Decision 2000/520 must be declared invalid since the existence of a derogation which allows in such general and imprecise terms the principles of the safe harbour scheme to be disregarded prevents in itself that scheme from being considered to ensure an adequate level of protection of the personal data which is transferred to the United States from the European Union.

The court supported that view. That decision strikes down the “Safe Harbour” arrangement that allows companies to treat the USA as equivalent to a European state for the purposes of data protection and privacy.

How The Harbour Broke

Why did they reach that decision? The discussion by the Advocate General is more enlightening than the court, which simplified the matter. The core reason for the AG is that the USA has been found to perform indiscriminate mass surveillance against non-citizens. The key discussion is in paragraphs 198-202:

¶198. I note, in that regard, that the access which the United States intelligence authorities may have to the personal data transferred covers, in a generalised manner, all persons and all means of electronic communication and all the data transferred, including the content of the communications, without any differentiation, limitation or exception according to the objective of general interest pursued. (79)

¶199. Indeed, the access of the United States intelligence services to the data transferred covers, in a comprehensive manner, all persons using electronic communications services, without any requirement that the persons concerned represent a threat to national security. (80)

¶200. Such mass, indiscriminate surveillance is inherently disproportionate and constitutes an unwarranted interference with the rights guaranteed by Articles 7 and 8 of the Charter.

¶201. As the Parliament has correctly observed in its observations, since it is excluded for the EU legislature or the Member States to adopt legislation, contrary to the Charter, providing for mass and indiscriminate surveillance, it must follow, a fortiori, that third countries cannot under any circumstances be regarded as ensuring an adequate level of protection of personal data of citizens of the Union where their rules of law do in fact permit the mass and indiscriminate surveillance and interception of such data.

¶202. It should be emphasised, moreover, that the safe harbour scheme, as defined in Decision 2000/520, does not contain appropriate guarantees for preventing mass and generalised access to the transferred data.

Further, the AG found (and the Court agreed) that, while there are mechanisms to ensure that the declaration of safe harbour itself is valid (¶19), there is no authority ensuring that any necessary exceptions to privacy once the data is shared in the USA are appropriate and proportionate:

¶208. It should therefore be found that within the safe harbour scheme provided for by Decision 2000/520 there is no independent authority capable of verifying that the implementation of the derogations from the safe harbour principles is limited to what is strictly necessary. Yet we have seen that such control by an independent authority is, from the point of view of EU law, an essential component of the protection of individuals with regard to the processing of personal data.

He also found that there is no way for European citizens to intervene in the abuse of their personal data by the US authorities as there is for them in Europe.

¶212. Furthermore, the Commission has itself pointed out that there are no opportunities for citizens of the Union to obtain access to or rectification or erasure of data, or administrative or judicial redress with regard to collection and further processing of their personal data taking place under the United States surveillance programmes.
¶213. It should be observed, last, that the United States rules on the protection of privacy may be applied differently to United States citizens and to foreign citizens.

They found that the European Commission should itself have reviewed and suspended the safe harbour, particularly in the light of the (largely undisputed) revelations by Edward Snowden of indiscriminate mass surveillance of foreign nationals by the NSA. The court also found that the lack of any competent authority to supervise the safe harbour arrangements and hear binding appeals made 2000/520 invalid anyway.

Questions directly arising

  • Can any EU company now legally engage a US supplier for cloud or web application services, given relationships with US authorities are beyond contractual remedy?
  • If they do, is consent from every data subject necessary?
  • Given US courts claim jurisdiction over any subsidiary of a US corporation regardless of location even without routine data transfer to the USA, can any EU business use the services of a US company even when the work is conducted entirely in Europe?
  • If they do, is consent from every data subject necessary?
  • If the EC made a fresh determination to replace 2000/520, would that heal everything given the existence of NSA surveillance is unlikely to disappear?
  • Can any remedy be made until the US gives EU citizens standing to challenge use of their personal data in the USA in its courts?
  • If it does, will the EC need to regularly re-evaluate its determinations?

The Storm That Broke The Harbour

The journey to that decision is itself important. The original question asked by the High Court of Ireland concerned whether the Data Protection Commission for Ireland was entitled to make any rulings at all about the efficacy of safe harbour given the European Commission had already made a Union-wide declaration, “in the light of factual developments in the meantime since that Commission Decision was first published.”

This took place during the final appeal phase of a claim in Ireland by Maximillian Schrems of Austria that the sharing of his personal data by Facebook Ireland with its parent company Facebook Inc was in breach of European data protection despite Facebook’s compliance with the safe harbour arrangements. The Irish Data Protection Commissioner had dismissed the claim, but Schrems won judicial review of the decision on the basis that the revelations of Edward Snowden revealed the safe harbour was not in fact adequate for data protection.

The Irish High Court itself found important facts. First, it established that Snowden’s revelations should be considered factual:

¶36. According to the High Court, it is clear from the extensive exhibits accompanying the affidavits filed in the main proceedings that the accuracy of much of Edward Snowden’s revelations is not in dispute. The High Court therefore concluded that, once personal data is transferred to the United States, the NSA and other United States security agencies such as the Federal Bureau of Investigation (FBI) are able to access it in the course of a mass and indiscriminate surveillance and interception of such data.

Were the only issue the law of Ireland, there would have been no need for clarification:

¶37. The High Court notes that in Irish law the importance of the constitutional rights to privacy and to inviolability of the dwelling requires that any interference with those rights be in accordance with the law and proportionate. The mass and undifferentiated accessing of personal data does not satisfy the requirement of proportionality and must therefore be considered contrary to the Constitution of Ireland.

But the Irish Commissioner had asserted that, since the European Commission had already asserted the existence of a safe harbour, he could not intervene on behalf of Schrems.

¶50. The Commissioner considered that the very existence of a Commission decision recognising that the United States ensures an adequate level of protection under the safe harbour scheme prevented him from investigating the complaint.

As a result, the CJEU had first to decide whether a national data protection authority was pre-empted by the European Commission. If it was not, it then had to decide whether, in the vase of the US safe harbour, a national authority should in fact override the EC safe harbour. as explained above, the latter decision was indeed taken;

… a decision … such as Commission Decision 2000/520/EC … on the adequacy of the protection provided by the safe harbour privacy principles … does not prevent a supervisory authority of a Member State … from examining the claim of a person concerning the protection of his rights and freedoms in regard to the processing of personal data relating to him

That has to also raise questions within Europe. Given GCHQ also allegedly engages in mass surveillance, are transfers between, say, Germany and the UK, also safe transfers? Having established that national authorities retain sovereignty, surely some could now start questioning transfers across the Union as well as those outside it?

DLC 1: Hotel arrogance, the no-win laptop and more

Meshed Insights Ltd

Digital Life Clippings from week 1

  1. Marriott will ban shareable WiFi if the FCC don’t let them block itNYT – Their arrogance in attempting to protect their high-margin abuse of customers’ vulnerability knows no bounds; threatening the FCC is jaw-dropping.
    To carry out their threat to ban shareable WiFi, they would need to ban not only MiFis but also Windows, Mac and Linux laptops as well as almost all smartphones. They may think they have a right to break my internet if I won’t use their broken internet, but the “hospitality” they will need to show their “guests” will be deeply harmful.
    The bug is not that people want to use their own internet connections; it’s that Marriott think people should have to pay extra for a facility that’s become as fundamental to travellers as hot water or electric light. [Coverage]
  2. HP’s low-cost Windows laptop is…

View original post 275 more words

Digital Life Clippings – New Year’s News

I’ll keep reposting these here for a while longer…

Meshed Insights Ltd

  1. Indian government blocks programming web sites, including archive.org and Github gists – TechCrunch – As if to illustrate why it’s bad to allow anyone the power to block web sites arbitrarily, the Indian government has blocked entire slices of web infrastructure because one of their functionaries found something about ISIS somewhere on it. More on the blog.
  2. Marriott wants to block your devices so you have to pay for their wifiBoing Boing – Marriott clearly does not want anyone from the technology industry to stay at their hotels or to use them for events. Best to respect their wishes and avoid them like the plague.
  3. End-user adoption of open source is a lousy metricRRW – Open source is primarily a collaboration technique, leveraging the permission-in-advance arising from software freedom to unlock innovation in many unrelated deployers. For many reasons, enterprise end-user deployment of unmodified…

View original post 143 more words

Digital Life Clippings – Christmas Break Edition

Meshed Insights Ltd

  1. Police called to remove pre-teens just in case they pirated Hunger Games movie with cellphonesArs Technica – Given the storyline of the movie, this is ironic. Cineworld thinks copyrights are so precious it’s worth infringing common sense and individual rights to protect them. They think paying customers are criminals until proven otherwise, even kids. Don’t let any kids you care about watch movies at a cinema with this attitude, it’s not safe.
  2. The most wasteful patent aggression strategy ever has failedArs Technica – Another skirmish in the ongoing dirty war by the legacy technology & media industry against Google bites the dust.
  3. NSA dumps incriminating documents on Christmas EveBoing Boing – Anyone who doubts the effectiveness of Freedom of Information requests should see how government agencies squirm responding to them.
  4. Inadvertent Algorithmic CrueltyMeyerWeb – Facebook’s Year In Review is a product of…

View original post 65 more words

Top Clippings For December 18th

Let me know if you like this…

Meshed Insights Ltd

  1. Samsung shuts down ChatOnCNet – If only there was a way for their customers to uninstall their impotent self-defence against Google.
  2. EU software procurement breaches rules more than ever beforeOFE PDF – Because they really do prefer to feed what they perceive as corporate power brokers rather than work to create European value with European money.
  3. EU allocates half million euros for testing open sourceFSFE – It’s a rounding error on the budget, but at least it’s something. Let’s see who gets it.
  4. Apache finally publishes a code of conductBlog, Code – Fine work, but no really defence against those gaming the system.

View original post

On Terrorism

Some politicians seem to act as if “terrorism” means a terrible crime committed by someone who doesn’t fit the speaker’s own racial & religious profile. Just because something induces terror in some or many people, that doesn’t make it terrorism. That diminishes the concept as well as grouping routine crime – for which society has millennia of experience and solutions – into the same bucket as a more subtle and serious phenomenon that preys on the meshed society.

Terrorism isn’t just performing a terrifying act. It’s provoking society’s immune system into attacking itself, making its defence systems attack the values and people they are supposed to be defending. Terrorism is an autoimmune disorder of democracy. You don’t fight terrorism by attacking the virus; you fight it by strengthening the immune system.

%d bloggers like this: