2 Replies Latest reply on Jun 8, 2017 12:45 AM by Anonymous

    Need to have servers selectable by the user that are domiciled outside of the US.

    Anonymous

      Most recent legal changes provide virtually no privacy and legal protections to foreign entities and individuals that may be using Google cloud services.  It is unfortunate but many international companies will not agree to hosting services where such services are domiciled or routed to the US. Other services enable users to select the server jurisdictions where their data will be hosted.  Would recommend Google doing the same.

      @

        • Re: Need to have servers selectable by the user that are domiciled outside of the US.
          Anonymous

          To clarify, my comments above pertain to servers that are domiciled in the US.  It is a shame that US laws enable government agencies etc. to treat people very differently based on their nationality however I guess it seems to be the current trend.  An international backlash is developing and would recommend that google be mindful of it.  In my experience, the location of data servers and the associated legal and political environment has become a top of mind risk assessment for sophisticated corporates...

            • Re: Need to have servers selectable by the user that are domiciled outside of the US.
              Anonymous

              I suspect that being itself domiciled in the USA, if US govt. wants to, they will apply the relevant thumb-screws and compel Google Corp. to release data wherever it might "live".

               

              The ideal is that they end up storing information into encrypted file formats that they have no plausible insight into - that's likely to require something like client-side certificates and PKI infrastructure - but if corporates care about their data privacy that much, then that seems like something they could expend the requisite engineering time/budget implementing once Google implements such "hooks". Even then, if they care enough, "nation state actors" can probably (assuming the underlying implementation isn't already "backdoored") brute force your encryption, given enough time/resources.

               

              Of course, the real answer is "make your own cloud, on your own servers, in your own datacentres in jurisdictions you can trust" - ideally on software and hardware platforms that you can also trust...!