Mary Hawking maryhawking at
Sat Dec 18 09:08:36 GMT 2010

Does that mean that, assuming that it is correct that if the Department of
Homeland Security asked for any data held in MS controlled clouds it would
be handed over without further ado, it is illegal, under DPA for anyone in
any sector to use Cloud technology - or at least any Cloud application in
which MS was involved - for anything containing personal data?


Mind you, if NHS Business is exporting backoffice functions such as typing
letters and making appointments to India, and now this, it would appear that
the NHS doesn't feel DPA applies to them - if someone can save a few pence
"in these times of unprecedented financial stringency"! 


Mary Hawking



From: Martin Hepworth [mailto:maxsec at] 
Sent: 17 December 2010 13:54
To: UK Cryptography Policy Discussion Group
Subject: Re: Clouds!


Big if and but, the DPA of which they should be aware.

but sometimes the USA does have a clue about information retieval..

Martin Hepworth
Oxford, UK

On 17 December 2010 11:38, Michael Simpson <mikie.simpson at> wrote:

It seems that cloud computing is the new shiny up here in sunny
scotland. Specifically use of cloud computing infrastructure to reduce
costs in the NHS. Microsoft appear to be front and centre in the
various presentations being given to the civil service and the buzz is
growing about use of their Azure service. Whilst i understand and have
used cloud services (mainly EC2 since its inception) for some specific
tasks such as rapid prototyping of web applications for demo purposes
and also for a highly scalable render farm experiment i am at a bit of
a loss to see why it should be used in lieu of the normal
"infrastructure as a service" or software as a service provided those
companies already contracted (and paid for) by the taxpayer.
-maybe for speeding up rendering of MRI images or scaling the intraweb
server automagically so that when everyone hits it at 0900 it remains
snappy, both of which could be achieved by utilising virtual machines
or distributed clients to take advantage of *many* wasted cpu cycles
that the scottish NHS already has.


 The point of this mail though is to bring to your attention the
recent revelation by Jon Honeyball in this month's "PC Pro" after he
managed to corner Bob Muglia - president of MSFT's server and tools
business and asked him about the sanctity of data stored in their EU
cloud. Jon was told that if the dept of homeland security (or
presumably any other agency that really wants to) asks for any data
held by MSFT anywhere then it will be transferred to the US datacentre
and handed over "no ifs, no buts."

caveat emptor



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ukcrypto mailing list