January 23, 2012, 2:09 PM — Worries have been steadily growing among European IT leaders that the USA Patriot Act would give the U.S. government unfettered access to their data if stored on the cloud servers of American providersÂso much so that Obama administration officials this week held a press conference to quell international concern over the protection of data stored on U.S. soil.
Patriot Act Games
The unease over the reach of Patriot Act provisiowhich expands the discovery mechanisms law enforcement can use to access third-party datahas been amped up by the sales and marketing efforts of some European cloud providers, seeking to set apart their services as a way to keep corporate data out of the hands of the American government. The most blatant examples are two Swiss companies touting their cloud options as "a safe haven from the reaches of the U.S. Patriot Act," but it's become a popular topic at negotiating tables across the continent. "I don't see how you have a pitch meeting with one of these European cloud providers and not have subject of the Patriot Act concerns come up," says Alex Lakatos, a partner and cross-border litigation expert in the Washington, D.C. office of Mayer Brown.
Anxiety was heightened last year when a Microsoft UK managing director admitted that he could not guarantee that data stored on the company's servers, even those outside the U.S., would not be seized by the U.S. government.
"Some of it certainly is companies trying to take advantage of the Patriot Act to market against U.S. competitors," Lakatos says. "Some of it is just the general concern Europeans have about the Patriot Act." While the 9/11-inspired legislation has been misused in a variety of ways, says Lakatos, some of those perceptions don't necessarily mesh with reality.
Avoid the Patriot Act's Reach, It's Not Easy
Escaping the grasp of the Patriot Act, however, may be more difficult than the marketing suggests. "You have to fence yourself off and make sure that neither you or your cloud service provider has any operations in the United States," explains Lakatos, "otherwise you're vulnerable to U.S. jurisdiction." Few large IT customers or cloud providers fit that description in today's global business environment. And the cloud computing model is built on the argument data can and should reside anywhere around the world, freely passing between borders.