After PRISM, Europe has to move to its own clouds, says Estonia's president

After PRISM, Europe has to move to its own clouds, says Estonia's president

Summary: The EU needs to be more self-reliant after the recent revelations about the NSA, according to Toomas Hendrik Ilves - but that shouldn't mean European countries cutting themselves off.

Estonian president Toomas Hendrik Ilves and EC digital chief Neelie Kroes at a meeting earlier this month
Estonian president Toomas Hendrik Ilves and EC digital chief Neelie Kroes at a meeting earlier this month. Image: Jelena Rudi/Office of the president of Estonia

Estonian president Toomas Hendrik Ilves, who chairs the steering board of the new European Cloud Partnership, is convinced that Europe should have its own clouds rather than rely on those from US service providers.

"Recent months have proven it again: it is very important for Europe to create its own data clouds, operating under EU law and completely safe for users. Right now, 95 percent of the cloud services used in Europe are provided by US companies. EU data protection legislation also needs to be modernised and we should understand that big private firms are able to gather more information than any state," Ilves said at a press conference held after a board meeting in Tallinn earlier this month.

According to the president, the international spying scandal shows that Europe has to "do its own thing, its own cloud, its own services, here at a European level, and it is especially important for small countries to do that on a European level, because otherwise the economies of scale will leave us behind".

In his speech, the president criticised US technology companies, saying that they have proven not to be trustworthy.

"As we have found out, if you use Apple, Google Mail, those do not provide privacy and security, or don't guarantee it, whereas with a Europe-based system or with European standards on these issues, we can offer the citizens of Europe something which right now doesn't exist."

Ilves believes that the PRISM scandal has brought an understanding of the need for security to Europe and it should be used to create fresh regulations and new, secure services.

"I think it is an opportunity for us and we must use this opportunity instead of beating our breast, saying 'oh, how terrible that United States is following everything we do'."

In her speech at the same press conference, the European digital agenda commissioner Neelie Kroes also pointed put the need for Europe to have its own secure clouds.

"If I were an American cloud provider, I would be quite frustrated with my government right now," she said, adding that if the new EU data privacy regulations hurt US companies, then "so be it".

The CEO of Microsoft in the Baltic states, Estonian Rain Laane, doesn't believe that US cloud service providers will be upstaged in European market.

"It just has to do with legal nuances. They have the Patriot Act in the USA, which stipulates a lot and which isn't always compatible with the laws of European countries. I believe that a solution which allows the use of other service providers' [including those from the US] technology platforms will be found. The right legal solution has to be found and I believe that our president along with the leaders of other countries will find it."

In his interview with the Estonian newspaper Postimees last week, Ilves said that although he doesn't find the situation where friends spy on friends normal, Europe should still "tame its indignation a bit" because since the beginning of July it's emerged that many countries in Europe including Germany, the UK and France have carried out similar activities to the US.

And it's not only governments which people should be worried about.

In his speech at the press conference and also in the interview for Postimees, the president pointed out that a lot of the privacy approaches that have been taken in EU are too focused just on governments instead of global internet companies. "They are only looking at Big Brother, but the real problem is Little Sister — your Little Sister who knows everything about you and blabs about it everywhere," he said.

Ilves warned security fears shouldn't encourage the smaller countries of the EU towards the idea of ring-fencing.

"OK, our data is not secure, we will not allow our data to go out of our country. Now if you're a big country, if you're Germany for example, well, there are plenty of services which are available to you, but if you're a small country like Finland, Estonia, Denmark, then you have problems. For example — Estonia is not a country which can cut itself off with the Great Wall of Estonia'. But that is the threat I think we face today in Europe - that the countries will feel the need to adopt national legislation that will in fact hinder the development of internet and the cloud services."

Ilves was asked to chair the steering board of the European Cloud Partnership by the EC last November. The function of the committee is to promote the use of cross-border digital public services in European business and the public sector.

At a meeting in November in Brussels last year, the steering board established two key goals for the project. First, the establishment of a common European cloud data processing framework. Second, promoting the transition of public sector IT into the cloud (and, consequently, promoting the use of the services in the private sector, particularly among small and medium-sized enterprises).

The steering board also includes Leo Apotheker (former CEO of HP), Christian Fredrikson (CEO of F-Secure), Hans Vestberg (Ericsson's CEO), Werner Vogels (VP at Amazon), Thierry Breton (CEO of Atos), and Bernard Charles (CEO of Dassault Systèmes).

Topics: Cloud, EU

Kalev Aasmae

About Kalev Aasmae

Kalev Aasmäe is a technology and economics journalist, who also writes for the oldest and largest quality newspaper in Estonia, Postimees.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • It's not as if the companies have much of a choice in the matter.

    "In his speech, the president criticised US technology companies, saying that they have proven not to be trustworthy."

    Well - it's not as if the companies have much of a choice in the matter.
    • Actually, they do

      They could take the matter to the Supreme Court. I'd say it is far from given that they are under obligation to break foreign law if the US Government says so.
      • They need not be breaking any laws.

        They need not be breaking any laws. In fact, from what I gather about PRISM, the NSA isn't merely knocking on the doors of businesses like Microsoft. They're also installing wire taps further upstream, at the level of the ISPs.

        And foreign law does not generally apply to the USA - we're not a part of the EU, and therefore their laws generally do not apply to us. NATO and the UN have more influence over us, as we're a member organization, and we have extensive treaties via them. But we're not a member of the EU.

        But no - France cannot determine what the NSA can do in the United States merely by passing laws, and neither can the EU. The only foreign laws that are applicable to the USA are our treaties with other nations and organizations. The ultimate law of our land is our constitution.

        So yes, they could take the issue to the courts, and ultimately to the Supreme Court. But no, the laws of France or whoever else do not apply to the NSA.
  • You are overlooking something critical

    You are missing the critical points:

    a)Microsoft, Google, Facebook et al. do not operate solely in the United States. They have servers abroad, and for these servers, operated by local subsidiaries, foreign law applies.

    When they move data from these servers to United States servers so that they can give the NSA access to it, these companies ARE breaking EU data protection law, as such movement is prohibited without explicit consent.

    b)The NSA likewise doesn't just operate within the United States. When they operate abroad, they operate under local jurisdiction.

    So you are wrong. The laws of France or whoever else DO apply to the NSA for operations conducted from within that country.

    Likewise, the laws of France, Germany etc. apply to the French, German etc. subsidiary of Microsoft etc.