“U.S. Cloud Act cannot guarantee data sovereignty” VS authorities “There is no problem”
KT, which announced cooperation with MS, said the industry “judged to go against the sovereign policy”
(Seoul = Yonhap News) Reporter Cho Sung-mi = The government is shifting its cloud policy focus to expanding ‘strategic partnerships’ with big tech and will protect domestic data and technology sovereignty from foreign governments and technologies, including the United States, in response to expanding opportunities to access the domestic market. Questions are being raised as to whether this is a viable option.
In particular, there are concerns about whether domestic data sovereignty can be protected when the use of big tech clouds becomes generalized in the presence of the ‘CLOUD Act’ passed by the US administration in 2018.
◇ Increased data value and Trump variable… Will data sovereignty be protected?
advertisement
The ‘Cloud Act’ is a bill that allows American law enforcement to access information stored on servers installed overseas by American Big Tech if they determine that there are security reasons such as the risk of terrorism or cyber crime.
In 2013, the U.S. investigative agency received a search warrant for the suspect’s Microsoft (MS) account email for the purpose of investigating drug offenders, but it all started when MS refused to submit data stored on an Irish server.
Daekyun Yoon, a professor of software at Ajou University, explained, “The core of this bill is that we must cooperate with the U.S. government when it determines that an investigation is necessary into data centers or clouds owned by U.S. companies.”
At the time this bill was announced, Samsung Securities[016360] The report analyzed, “The U.S. government’s Cloud Act can provide domestic companies with a ‘basis for data exfiltration’, thereby providing companies with a way to easily avoid regulations or pressure from foreign governments.”
When American big tech companies such as Amazon Web Services (AWS), Microsoft, and Google increase their influence in Korea following the Korean government’s policy of expanding ‘strategic partnerships’ with overseas cloud companies, the sovereignty of domestic data stored in their clouds may be shaken. This is why I am concerned that it may happen.
An official in the artificial intelligence (AI) industry who requested anonymity cited the case of KT and Microsoft, which recently announced cooperation in the AI and cloud fields, saying, “The moment data is stored in the Microsoft cloud, it is affected by the U.S. cloud law, and domestic data “The question is how much sovereignty can be preserved,” he pointed out.
He said, “In particular, if candidate Trump is elected as president of the United States, isn’t it a situation where we don’t know what will happen (for our country’s interests)?” He said, “They say they encrypt and store the data, but whether it is encrypted or stored in plain text (unencrypted information), the U.S. “Encryption and data sovereignty have nothing to do with it, because the government can open data with legal grounds,” he said.
A legal figure familiar with the information and communication technology (ICT) field said, “It seems likely that there will be controversy over whether the U.S. will be able to view data on cloud services operated in Korea by U.S. Big Tech.” He added, “The Korean government will respond by imposing restrictions or “We will have to take action,” he said.
Even if the Cloud Act affects the country, ICT authorities must take the process of requesting data cooperation through our investigative authorities in accordance with the International Criminal Justice Cooperation Treaty, and large fines and surcharges are imposed on Big Tech that does not comply with domestic laws. The position is that there is no need to worry about damage to data sovereignty due to the imposition of such charges.
Big Tech (PG)
[백수진 제작] illustration
◇ Under domestic law, data centers are subject to accident investigation… What about Big Tech?
There are also expectations that when security accidents or communication failures occur after Big Tech enters the domestic public and financial sectors, it will be difficult to investigate the cause of the accident, punish those responsible, and provide relief to consumers.
This is because problems that occur in public (public) clouds have the characteristic of being difficult to determine who is responsible technically and institutionally, and it is not simple to determine the responsibility of users who are cloud operators, users, or companies.
In order to clarify responsibility for problems that occur in public clouds, the responsibilities of cloud users and cloud service providers (CSPs) are divided into infrastructure services (IaaS), platform services (PaaS), and software services (SaaS), but all cloud accidents Some point out that it is insufficient as a standard to determine the detailed responsibility of .
The Enforcement Decree of the Cloud Computing Development and User Protection Act (Cloud Computing Act) provides the right to investigate domestic data center operators such as KT in the event of a security or failure incident.
However, the problem is that the authorities do not have the authority to investigate big tech companies such as Microsoft, which rents data centers to run cloud businesses.
Regarding this, an official from the Ministry of Science and ICT said, “According to the Cloud Computing Act, when an accident occurs, the cloud business operator has an obligation to notify institutions, companies, etc. of the accident, and if the incident includes data of users of institutions or companies, this must also be notified. “I do it,” he explained.
◇ There is also disappointment with KT-MS, which is at the forefront of ‘strategic global partnership’
KT and Microsoft announced their cooperative relationship ahead of the government’s policy of expanding ‘strategic partnerships’ with big tech.
The Ministry of Science and ICT also described the cooperative relationship between KT and Microsoft in the ‘AI Era Cloud Strategy’ announced at the 17th Information and Communication Strategy Committee as “improving the domestic cloud industry ecosystem by activating cooperation between domestic and global cloud companies in a more multi-layered manner.” It was explained as an example of “promoting external expansion.”
While there are positive evaluations that KT is seeking to survive by collaborating with Big Tech, which is investing an astronomical amount of capital in developing AI technology, there is also skepticism that “Wouldn’t KT become Microsoft’s domestic distributor?”
There is also disappointment over the fact that additional economic effects, such as tax revenue generation and human resource employment, that could be expected if Big Tech builds its own data center in Korea have been blocked.
Although it is now privatized, KT, as the entity that manages the wired infrastructure (backbone network) essential for providing universal communication services, has been able to secure a large number of real estate properties in key areas of the metropolitan area, including the center of Seoul, and has developed into data center infrastructure, which is being used in a foreign cloud-centered ecosystem. Criticism is also raised.
An official in the domestic cloud industry said, “In a situation where sovereign AI and cloud are becoming important, the industry judgment is that cooperation between the two companies can be used to further strengthen and learn Microsoft’s AI, which runs counter to the sovereign policy.” .
An official in the AI industry said, “Just because we use the big tech cloud, internalization of cloud technology will not be guaranteed. Just as there is no case in which the United States has transferred missile technology overseas, there will be no transfer of AI-related technology that will undoubtedly be strategically industrialized in the future.” “Because it won’t happen,” he said.
Rep. Lee Hoon-ki (Democratic Party of Korea), a member of the National Assembly Science, Technology, Information, Broadcasting and Communications Committee, said in the last audit of the Ministry of Science and ICT, “I see several areas of concern as the government has opened the way for big tech to enter in cloud security certification, etc.” “We need to take measures to prevent the cloud and AI industries from being encroached upon by big tech,” he pointed out.
Report via KakaoTalk okjebo
Unauthorized reproduction/redistribution, AI learning and use prohibited>
2024/10/24 11:13 Sent
