Hi Ben, It is not so much the point wether or not i trust the RIPE NCC or $hyperscaler with the data. The point is, who may get access to this data. Especially after the revelations of Edward Snowden and Wikileaks, i do not have much trust in U.S. law enforcement and intelligence services. If you ask me what kind of situation i am thinking of that the United States may be interested in with regards to my communications with NCC, it sounds like you are asking why i care about my privacy (and the privacy of other members) when i have nothing to hide. I would like refer to this article from Bruce Schneier https://www.schneier.com/essays/archives/2006/05/the_eternal_value_of.html Bert Hubert also touched on the subject of U.S. based cloud services, in this podcast, that was (ironically) published by the RIPE NCC earlier thiis year: https://labs.ripe.net/author/alun_davies/bert-hubert-internet-privacy-and-th... The whole podcast is worth listening/watching, and also check out the show notes. The part most relevant to this discussion starts here: https://www.youtube.com/watch?v=FV5tPMvSbVQ&t=2071s Timo Hilbrink Freedom Internet On 04/11/2024 15:16, Ben Cartwright-Cox wrote:
Hey Timo
I think ultimately the question comes down to whether RIPE NCC is either a juicy enough target for the United States government to mess with, or how much members are willing to pay to continue to have the NCCs data hosted by the NCC in their own colocated racks.
I think reasonable people can argue around the subject of whether hosting with AWS (and other outsourced SaaS/IaaS providers) is actually a long term economical alternative, but ultimately I think as far as general privacy I suspect that I have a higher degree of trust in Amazon's own security posture (There are many billion dollars worth of revenue on the line for them if they screw this up) over the NCC's (not that I don't trust the NCC to run stuff securely, but the scale and degree of thoroughness required for Amazon is just different)
I think it's important to be mindful of not becoming a strange form of xenophobic to the United States when it comes to data sovereignty and services, there other countries which I would find more disturbing to host data in than the United States.
I would be curious to know what kind of situation you are thinking that the United States may be interested in with regards to your communications with NCC
On Mon, 4 Nov 2024 at 13:33, Timo Hilbrink via members-discuss <members-discuss@ripe.net> wrote:
Hi all,
As we have seen in the past several Information Services updates from Felipe, the RIPE NCC has been moving a lot of services to the cloud, this now also includes things like RIPE NCC email, calendars, chat and video conferencing. The follwoing page gives a helpful overview of these services and the relevant cloud platforms:
https://www.ripe.net/publications/documentation/cloud-technology-status/
The page states that "all services pass an internal process of strict legal, information security, technology and privacy reviews". That all sounds very reassuring, doesn't it?
However..
Even though the "Data Residency" column states "EU" for all these services, these cloud providers are a U.S. legal entity (or a foreign entity with an office in the U.S.), so the data stored on these platforms completely falls under U.S. legislation, such as the CLOUD act and numerous related acts and laws. It is completely irrelevant where this data is stored geographically.
This also means that the data stored on these platforms can be subject to U.S. law enforcement warrants and subpoenas.
As a concerned and privacy aware citizen, i find it very worrying that basically all my interactions with the RIPE NCC in some way end up in the hands of U.S. based cloud providers. But i can imagine that these concerns are much more serious for RIPE members in countries that have a less favourable relation with the U.S. (there are quite a number of those countries within the RIPE service region)
What do other members think about this, and has the RIPE NCC taken these consequences into account when they decided to move all this data and services to U.S. based hyperscalers?
Thanks for your thoughts,
Timo Hilbrink Freedom Internet ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/members-discuss.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/