Norway's Jottacloud offers data sheltered from US snooping

Norway's Jottacloud offers data sheltered from US snooping

Summary: NSA snooping and the Patriot Act have raised thoughts about storing cloud data with non-American companies and outside the USA. Norway's Jottacloud is pitching for that business…

TOPICS: Cloud, Privacy, Security, EU

Recent revelations about snooping by America's National Security Agency added to long-running concerns about the use of the Patriot Act have led many companies and individuals to think about switching away from US-based cloud providers such as Amazon, Dropbox, Google and Microsoft. Norway's Jottacloud is trying to attract some of this business by offering a Privacy Guarantee for its cloud service.

In a blog post, it says: "Jottacloud is a Norwegian company with Norwegian owners, and we operate under Norwegian privacy laws. We store all your files in Norway. As a result, our users are protected against US legislation, which arguably infringe the freedom and liberties of both US and non-US citizens."

Jottacloud's Privacy Guarantee
Jottacloud's Privacy Guarantee

How useful this is remains open to discussion.

First, data is not guaranteed to be secure unless it's encrypted, preferably before it is uploaded. This protects you from random snooping, but your data is still vulnerable if your local government can force you to reveal the keys.

Second, data traffic to Norway usually goes via other countries, perhaps Sweden or the UK. Data can still be accessed in transit, and if it's encrypted, the NSA may still have access to valuable metadata.

Third, nobody should assume that security organizations such as the NSA, CIA and KGB will act lawfully. It would be more realistic to assume that, if they want your data badly enough, they will do whatever it takes to get it.

Jottacloud offers 5GB of free storage, and unlimited storage for $6 per device per month. It currently has about 220,000 users, so it isn't a threat to US giants, but other services can be expected to try the same approach.

In so far as Jottacloud raises the bar -- makes life harder for snoopers and state-sponsored hackers -- then it should increase data privacy. However, it may also make it somewhat more difficult for users to access their own data. It remains to be seen whether Jottacloud and similar companies can maintain the same quality of service as American rivals such as Amazon, Dropbox, Google and Microsoft.

Either way, the geographical location of databases is definitely on the agenda. This may also prompt more companies -- not just enterprises -- to run their own in-house clouds.

Topics: Cloud, Privacy, Security, EU

Jack Schofield

About Jack Schofield

Jack Schofield spent the 1970s editing photography magazines before becoming editor of an early UK computer magazine, Practical Computing. In 1983, he started writing a weekly computer column for the Guardian, and joined the staff to launch the newspaper's weekly computer supplement in 1985. This section launched the Guardian’s first website and, in 2001, its first real blog. When the printed section was dropped after 25 years and a couple of reincarnations, he felt it was a time for a change....

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Maybe

    all the US based Clouds need to move their home office and servers to Norway.
    • Not enough

      they would have to move ALL servers out of America, then they would need to close all offices in a
      America and they'd need to dissolve the US holding company and re-incorporate themselves in another country.

      Not really practical.
      • True

        100% agree. Small time vendors like this one in Norway will have an advantage over the US based companies so long as they don't have Patriot type Act.

        Data owner would still need to assess the risk of that location introducing such a law. One would think a place like Norway would be low risk, unless the EU implemented something for them.
  • Location, Location, Location

    The NSA and Megaupload fiascos show the location of the servers is important. The provider or sub-contractor must obey the local laws about privacy and related matters. This is a competitive advantage and could lead to either wholesale revisions of US law or the migration of services to other locations.
    • Vendor Almost Understands

      The problem is the Patriot Act and others of such ilk that prevents the vendor from disclosing to the data owner when their information has been accessed because it prevents the vendor and data owner from meeting thier obligations to local privacy laws which do not recognise those foriegn Patriot type acts.

      The risk of 3rd parties (even gov) use unlawful means of accessing data is irrelevant, as data owner and vendor are usually only obliged to make a resonable effort for security e.g. encryption, authentication etc. These unlawful means are conceptually no different to what the crims are trying to do.

      So vendor's location is important only because of the risk that vendor's legislated obligations may conflict with the legilsated obligations of the data owner's.

      For Australian data owners, we'd need an additional garuntee that as data owners we would always be notified when & what data is accessed by a 3rd party, lawfully or not, so we can inform our affected clients.
  • This is where Jolla comes in...

    Jolla, the reincarnation of Nokia, will offer a new Linux-based mobile Operating system and, since the devices are not even for sale in the US, do not have any ties to US athorities.
    Of course they will offer cloud services as well.
    This is of cours only a beginning - but it is a beginning, and that live for Microsoft, Apple and Google will become harder due to prism is obviously sure - I mean, can anyone imaging a company that would still store relevant documents in e.g. Office365 or GoogleDocs now?