CIO - Worries have been steadily growing among European IT leaders that the USA Patriot Act would give the U.S. government unfettered access to their data if stored on the cloud servers of American providersAAso much so that Obama administration officials this week held a press conference to quell international concern over the protection of data stored on U.S. soil.
Patriot Act Games
The unease over the reach of Patriot Act provisioAwhich expands the discovery mechanisms law enforcement can use to access third-party dataAhas been amped up by the sales and marketing efforts of some European cloud providers, seeking to set apart their services as a way to keep corporate data out of the hands of the American government. The most blatant examples are two Swiss companies touting their cloud options as "a safe haven from the reaches of the U.S. Patriot Act," but it's become a popular topic at negotiating tables across the continent. "I don't see how you have a pitch meeting with one of these European cloud providers and not have subject of the Patriot Act concerns come up," says Alex Lakatos, a partner and cross-border litigation expert in the Washington, D.C. office of Mayer Brown.
Anxiety was heightened last year when a Microsoft UK managing director admitted that he could not guarantee that data stored on the company's servers, even those outside the U.S., would not be seized by the U.S. government.
"Some of it certainly is companies trying to take advantage of the Patriot Act to market against U.S. competitors," Lakatos says. "Some of it is just the general concern Europeans have about the Patriot Act." While the 9/11-inspired legislation has been misused in a variety of ways, says Lakatos, some of those perceptions don't necessarily mesh with reality.
Avoid the Patriot Act's Reach, It's Not Easy
Escaping the grasp of the Patriot Act, however, may be more difficult than the marketing suggests. "You have to fence yourself off and make sure that neither you or your cloud service provider has any operations in the United States," explains Lakatos, "otherwise you're vulnerable to U.S. jurisdiction." Few large IT customers or cloud providers fit that description in today's global business environment. And the cloud computing model is built on the argument data can and should reside anywhere around the world, freely passing between borders.
If a European company maintains an American presence, it's likely amenable to U. S. jurisdiction, says Lakatos; likewise, a European customer storing data on European cloud servers of a company with operations in the U.S. may also be subject to Patriot Act discovery tools. "If an E.U. company has no U.S. presence and neither does its E.U. cloud companyAwhich may happen from time to timeAAits data may be beyond the direct reach of the Patriot Act," Lakatos says. "But even then, the same data may be accessible to the U.S. [government] via an MLAT [mutual legal assistance treaty] request." (MLATs enable gathering and sharing of data between countries for law enforcement purposes.)
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
