Forum Posts Feed
UpNote continues to improve
< Next Topic | Back to topic list | Previous Topic >
Pages: ‹ First < 6 7 8 9 10 11 12 13 14 > Last ›
Posted by washere
Sep 21, 2021 at 12:19 AM
satis wrote:
>
>washere wrote:
>> Based in Vietnam, with laws (tighter than china) forcing all companies
>>to let their regime have all foreign cyber data for their intel files.
>>Which they will index into files, just as any western data miner
>company
>>does easily. In fact their laws were stricter than CCP and became even
>>tougher recently.
>>
>>Also think twice if your data is secret academia/industry, sensitive
>NGO
>>(Viet regime’s cyber force do hunt activists as ai complains). Or if
>you
>>have compromising personal data etc. Their laws are even worse than
>>Beijing’s for gathering data on foreigners, in a particular way, since
>>2018.
>
>Are you claiming that any company headquarted in Vietnam would be
>required by the Vietnamese government to exfiltrate data of foreign
>users from US storage centers, including decrypting Firebase server data
>encrypted by Google? If so, can you provide any links to any of these
>stricter-than-Chinese laws that decree this? After all they claim that
>they “are using Firebase server located in the US to store the data.
>This service has been certified under major privacy and security
>standards and fully support EU General Data Protection Regulation
>(GDPR). Firebase encrypts your data in transit using HTTPS and encrypts
>your data at rest.”
>
>FYI they likewise assert that the company only “collects aggregated,
>anynomous [sic] user data regarding app usage. ... information in the
>crash log may include your device information, stack trace, your IP
>address and other data that can be helpful to debug the issue,”
For My Information?
Well I knew that last year, when i bought their Premium.
Now FYI there are 2 categories within your post (details follow):
a- Yes what i said is true, worse than Chinese Communist Party Congress Law.
And about to become worse. See links below.
b- You are making a lot of assumptions.
I will not, as i do not know.
1- Now, the 2018 Viet regime “Cyber Security” laws were big news.
Affecting human rights and accessing data of even silicon valley giants (social media) on Vietnamese (very noble repressed) people within Vietnam, to pass through their territory and the regime’s control systems.
I remember articles regarding demonstrations, pickets etc. This was regarding foreign companies to flow the data through Vietnamese systems (DNS, servers etc).
I don’t expect this journalist below to have a long career at the famous old SCMP since it is now owned by alibaba group which is under the thumb of CCP and a creeping purge has been going on for a year, this new article sums it up nicely:
https://www.scmp.com/comment/opinion/hong-kong/article/3149263/national-security-law-im-finally-getting-taste-life
One of hundreds of articles back then:
https://thediplomat.com/2019/12/vietnams-internet-control-following-in-chinas-footsteps/
2- As for local Vietnamese IT companies, they have to do that and are subject to more regulations.
Further, unlike the Chinese law, Vietnamese companies have to pass the data through Vietnam cyber systems for a specified amount of time.
How long for each company or each data (person, group, company etc), it is left open.
As long as the Cybersecurity law officials (intel agents) want to have it go through Vietnam.
The period this data remains and passes through their territory is up to them, however long they want.
That is the intel commissars in the Cybersecurity commissions. They are not checking for viruses, pal, for the benefit of westerners or Vietnamese people!
Local (Viet nationals’) companies must meet much more stipulations, this includes channeling data through Vietnam and more, read:
https://www.lexology.com/library/detail.aspx?g=4a57f816-37df-47df-8d4c-89077dd9ecf8
3- But the new draft decree will make the 2018 infamous law, even much worse:
And that is not all, the new proposed draft law is part of a much bigger package of laws:
Now you are making certain assumptions:
4- The app coders do not see users’ personal data. It is just point to point.
I do not make such an assumption because of some blurb. But you do.
5- The app does not send users’ data except to US.
hence breaking their own regime’s laws. Which is draconian to put it mildly.
I can not make such assumptions.
6- That one of the largest state-actors in Cyber Warfare, can not break the code.
I would not bet the farm on that.
7- Nor that there is a backdoor key.
I for sure would never bet on that.
8- That in such regimes (China, Vietnam, North Korea, Iran, Russia, Belarus etc) companies are the same as in the western democracies.
That is not true.
In fact these regimes work on the basis of oligarchies of regimes’ networks of “Rent” system.
Most big and/or sensitive companies are within this large interconnected web of enterprises.
Most connected by association, family, relatives, business partners, due payers etc.
I can not say this company is within that net. I can not say it is not. But that is the dominant system in those countries.
These commercial ruling networks have close ties to security apparatus in those countries.
That is how things work in those countries.
Specially when it concerns data gathering, even if not part of this net, the commissars will come around for a chat!
That is how things work in those countries.
you will not hear about such chats in the blurb you uphold as divine decrees.
9- you assume this company is not a state (intel) data phishing company.
I can not say that, i presume that is what as you presume.
Otherwise you would not be driving people with sensitive western gov data towards them?
10- You assume Vietnamese companies who say their users’ encrypted data in their systems and databases is not available to them, are telling the truth.
Whereas in fact that, another of your many assumptions, is not true yet again:
My advice to Western gov orgs’ employees with sensitive data stands:
Ask your superiors before uploading data to systems by China, Vietnam, Russia etc.
Not because some guy on internet says their blurb (against their own harsh regime’s laws!) is enough assurance.
Posted by washere
Sep 21, 2021 at 12:28 AM
in case the link in point 2 of my post above a couple of minutes ago does not open to you and is only for their registered members to read here it is:
Vietnam: Data Localization Requirements
Baker McKenzie
Vietnam August 16 2021
Data localization requirements in Vietnam are found in three legislations. Firstly, the Law on Cybersecurity 2018, Article 26.3 on ensuring information safety provides that “[Enterprises] providing services on telecommunication networks or the internet and value-added services in cyberspace in Vietnam must store such data [here] for a period specified by the government. Foreign enterprises under this scope must also establish a branch or a representative office in Vietnam.”
The scope of the above provision is broad and includes every provider of any service over cyberspace who processes personal data. There are no exceptions to this rule.
Secondly, Article 26 of the draft cybersecurity decree stipulates that only foreign providers of prescribed services (domain name service, e-commerce, online payment, social network and social communication) may be required to store data and set up a branch/representative office in Vietnam.
Additionally, that obligation only arises if the service has been used to violate the Law on Cybersecurity; such violation(s) has been notified to the service provider by the authority; and the service provider has not complied with such instructions.
In contrast to the Law on Cybersecurity’s preemptive approach, the cybersecurity decree takes a reactive one. Not all offshore service providers have the localization obligation, only those who have been notified of a breach and fail to comply do. Furthermore, while the Law on Cybersecurity imposes the localization obligation on all online service providers, under the cybersecurity decree, only foreign providers of listed services may have such an obligation.
Under Vietnamese law, should there be conflicting provisions, the law prevails, so it is interesting to see how the final version of the decree resolves this matter.
The last legislation relating to data localization is the draft personal data protection decree (PDPD). Under Article 21.1, an enterprise may only transfer data abroad if it meets all of the stipulated requirements, including storing the original data in Vietnam. However, should the exceptions in paragraph 3 apply, the enterprise is exempted from such requirements.
It is unclear whether only one or all four requirements under paragraph 3 must be satisfied for the enterprise to enjoy the exemption, and even so, whether the enterprise is relieved from all or just one of such obligations.
One can draw four remarks from this analysis. Firstly, although the cybersecurity decree, the Law on Cybersecurity and the PDPD all concern “personal data,” their approaches are significantly different. Secondly “storing of data” may be construed to include the storage in processing centers in Vietnam or the storage in third-party storage service providers’ systems. Last but not least, in Vietnam, with respect to certain business activities and especially novel ones, the law may be interpreted to permit only acts that are “approved,” “explicitly permitted,” or “licensed.”
In recent years, the government has attempted to follow global best practices in regulating data. One critical aspect of these new legislative attempts is Vietnam’s data localization requirements. The Law on Digital Transactions 2005 defines “data” as information in the form of symbols, scripts, numbers, images, sounds, or of other similar forms.
https://vir.com.vn/making-sense-of-requirements-in-dat
Content is provided for educational and informational purposes only and is not intended and should not be construed as legal advice. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee similar outcomes. For more information, please visit: http://www.bakermckenzie.com/en/disclaimers.
Baker McKenzie - Tran Manh Hung
Posted by satis
Sep 21, 2021 at 04:37 AM
On one hand you say you won’t make assumptions, yet you clearly have, or at least you leave yourself open to dark conspiracies about app/data backdoors.
*Data localization laws* do not require data for **users** outside those localities to be exfiltrated to those countries. They are laws requiring data for users in Vietnam to be hosted in Vietnam.
There is no law you have pointed to that shows that Vietnam, or China for that matter, can order encrypted data retained on US servers (managed by Google as a service) to be copied over to any other country.
Read Google’s privacy policy for Firebase backend-as-a-service, which is what UpNote is built on:
https://firebase.google.com/support/privacy
Posted by washere
Sep 21, 2021 at 12:03 PM
My 10 distinct areas of concern were evaded.
Not honest interaction.
Case closed.
As for anyone with sensitive data, since 2018, it’s crystal clear:
Data localization requirements in Vietnam are found in three legislations. Firstly, the Law on Cybersecurity 2018, Article 26.3 on ensuring information safety provides that “[Enterprises] providing services on telecommunication networks or the internet and value-added services in cyberspace in Vietnam must store such data [here] for a period specified by the government.
+
About to be made much more stringent:
I do recommend people with sensitive data, including those governmental organizations in democracies or academia/secrets consult their superiors. I think that’s just common sense.
Caveat emptor.
Posted by satis
Sep 21, 2021 at 01:30 PM
washere wrote:
> My 10 distinct areas of concern were evaded.
>Not honest interaction.
Be careful when you assert someone of dishonesty. You made bald unsupported assertions combined with tangential links, mixed with dark conspiracisms, and you even undercut your own arguments by showing that the country’s regulations related solely to data of its citizens inside that country, and have nothing to do with data held outside that country for use by non-Vietnamese. If you made 53 unsupported bald assertions that doesn’t mean that anyone who disagrees needs respond point by point.
If you think the case is closed then good for you. I think others here can read the links for themselves to make their own determinations, as well as weigh the claims of someone who jumps to ad hominem.