The Patriot Act and your data: Should you ask cloud providers about protection?

By Stephanie Overby , CIO |  Cloud Computing, outsourcing, Patriot Act

Worries have been steadily growing among European IT leaders that the USA Patriot Act would give the U.S. government unfettered access to their data if stored on the cloud servers of American providers—so much so that Obama administration officials this week held a press conference to quell international concern over the protection of data stored on U.S. soil.

Patriot Act Games

The unease over the reach of Patriot Act provisio—which expands the discovery mechanisms law enforcement can use to access third-party data—has been amped up by the sales and marketing efforts of some European cloud providers, seeking to set apart their services as a way to keep corporate data out of the hands of the American government. The most blatant examples are two Swiss companies touting their cloud options as "a safe haven from the reaches of the U.S. Patriot Act," but it's become a popular topic at negotiating tables across the continent. "I don't see how you have a pitch meeting with one of these European cloud providers and not have subject of the Patriot Act concerns come up," says Alex Lakatos, a partner and cross-border litigation expert in the Washington, D.C. office of Mayer Brown.

Anxiety was heightened last year when a Microsoft UK managing director admitted that he could not guarantee that data stored on the company's servers, even those outside the U.S., would not be seized by the U.S. government.

"Some of it certainly is companies trying to take advantage of the Patriot Act to market against U.S. competitors," Lakatos says. "Some of it is just the general concern Europeans have about the Patriot Act." While the 9/11-inspired legislation has been misused in a variety of ways, says Lakatos, some of those perceptions don't necessarily mesh with reality.

Avoid the Patriot Act's Reach, It's Not Easy

Escaping the grasp of the Patriot Act, however, may be more difficult than the marketing suggests. "You have to fence yourself off and make sure that neither you or your cloud service provider has any operations in the United States," explains Lakatos, "otherwise you're vulnerable to U.S. jurisdiction." Few large IT customers or cloud providers fit that description in today's global business environment. And the cloud computing model is built on the argument data can and should reside anywhere around the world, freely passing between borders.

Originally published on CIO |  Click here to read the original story.
Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Cloud ComputingWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question