I’m surprised that they have to ask and haven’t just required this by law already — and that applies not just to Japan but to all countries. It doesn’t have to be an alliance against China motivating the move to keep critical data on servers located within the country. Or am I missing something here and this is not as straightforward as I might think?
The Yomiuri Shimbun reports:
From April at the earliest, the government will ask operators of crucial infrastructure (see below) such as power and water suppliers to store their electronic data on servers located in Japan, as part of security measures against the threat of cyberwar.
The measure is aimed at protecting information indispensable for the security of people’s lives and for industrial competitiveness, with an eye on possible cyber-attacks by China and other countries.
Read more on The Japan News.
“Or am I missing something here and this is not as straightforward as I might think?”
There is data residency (geolocation of the data) and data sovereignty issues.
US law wise & NAFTA type agreements (From US side) sort of remove/dictate no data sovereignty. Which means, the use of servers/storage which a country cannot control due to laws of the foreign country even if the server(s)/data have residency within a countries own jurisdiction.
US law trumps when an entity is US owned or even partially owned. That is, US law dictates American owners operating in foreign jurisdictions to operate/cooperate with US gov in any/all ways upon demand, which could included releasing info to US gov and or to allow access (cloud wise or if data/server resides in said country).
China has the same laws, which is what the hype is about w/ Huawei equipment and the 5-eye bans of Huawei equipment.
It’s really somewhat 2 faced & all spook stuff.
So the article. to me, is focusing on “data residency” but is speaking very little (or ignores) “data sovereignty”. BUT, they do indeed mention Huawei & ZTE, so they are indeed also talking “data sovereignty” as well in a non-clear fashion.
So bottom line:
1. “Data residency” and “data sovereignty” issues. But they appear to be swinging at China only in terms “data sovereignty” & no one else…
2. Data residency” is not the same as “data sovereignty. Can be resident and have no data sovereignty
So the question remains, are they only singling out China? Appears so.
Best guess on 1st coffee.
Thank you for taking the time to spell that all out for me. I need more coffee to understand it. Some of this is the Microsoft case kind of thing, I gather, but yes, this struck me as swinging at China and not necessarily other countries.
Yes, MS hits some of this, the big talk of the past decade are the secret/sealed national security requests (or other) which a foreign (US or Chinese) owned (or partially owned) company cannot divulge or warn the resident country about. They have to comply, or face prison right.
The article states they want data resident. Doesn’t say they want it stored on wholly owned Japanese servers/companies (sovereignty).
So a few funny things with the article which comes across, to me anyhow, as singling out China only.