Slashdot Mirror

← Back to Stories (view on slashdot.org)

Patriot Act Clouds Picture For Tech

Posted by Soulskill on from the your-data-is-safe-except-from-us dept.

Harperdog writes "Politico has a piece on how the Patriot Act is interfering with U.S. firms trying to do business overseas in the area of cloud computing. Here's a quote: 'The Sept. 11-era law was supposed to help the intelligence community gather data on suspected terrorists. But competitors overseas are using it as a way to discourage foreign countries from signing on with U.S. cloud computing providers like Google and Microsoft: Put your data on a U.S.-based cloud, they warn, and you may just put it in the hands of the U.S. government.'"

11 of 203 comments (clear)

  1. Probably, but... by Anonymous Coward · · Score: 5, Insightful

    ...you put it anywhere on the "cloud", and it's one mis-step away from being everywhere.

  2. Yep by Anonymous Coward · · Score: 5, Insightful

    Doesn't matter if you comply with EU data protection rules, we still don't trust you.

    1. Re:Yep by Anonymous Coward · · Score: 5, Informative

      More importantly, since there are US laws which contradict the very protections that EU safe harbor rules require, we CAN'T trust US companies to abide by our data protection requirements. We are bound by law to ensure these protections, so sending the data to the US is arguably illegal. The only reason why anyone still does it is that enforcement is so lax.

    2. Re:Yep by crankyspice · · Score: 5, Informative

      Maybe if Amazon, Google and a few other major cloud storage providers take a huge hit, they'll tell the government to fix the situation.

      No, shops large enough to have influence are likewise large enough to simply setup European subsidiaries, with hardware in Europe and a cadre of European compliance officers, and it's business as usual. "You can choose a Region to optimize for latency, minimize costs, or address regulatory requirements ... Objects stored in a Region never leave the Region unless you transfer them out. For example, objects stored in the EU (Ireland) Region never leave the EU." http://aws.amazon.com/s3/ (emphasis added)

      --
      geek. lawyer.
    3. Re:Yep by canadian_right · · Score: 5, Informative

      It is illegal in BC, Canada to store any personal information on any server physically residing in the USA. This law is an acknowledgement that the USA Patriot act can lead to Canadian information, protected by Canadian laws, being revealed without judicial oversight.

      We don't care if it is a cloud or not, it can't be stored in the USA.

      --
      Anarchists never rule
  3. Goes both ways by Pozican · · Score: 5, Insightful

    American companies are scared their data might land in china and copied. This is only news in that the US is turning into the same crazy police state that we've thought was limited to china and north korea.

  4. Who can blame them? by Calibax · · Score: 5, Insightful

    Four thoughts:

    They may well be right in thinking their data will be more accessible to the US government.

    If I were an overseas competitor, I'd certainly use this as a reason to not to use a US provider. In a heartbeat.

    The law of unintended consequences bites the US yet again.

    This wouldn't be an issue if the US government hadn't acted the way it has over the last 10 years. The US government has so little trust overseas that people have no trouble thinking the worst of it. Karma is a bitch.

    1. Re:Who can blame them? by kozubik · · Score: 5, Interesting

      Not all providers are based in a single nation.

      Amazon, for instance, has AWS locations around the world, although that probably doesn't help you much given their track record.

      But rsync.net (I am the founder) has storage locations in Zurich and Hong Kong, in addition to the US. These sites are protected, just like the US sites, by the Warrant Canary:

      http://www.rsync.net/resources/notices/canary.txt

      So while I agree that everyone in the world should be wary of USA PATRIOT, it's not a given that non-US consumers have to avoid US providers across the board.

  5. It is common sense, not the patriot act. by gessel · · Score: 5, Informative

    If you put your data in the cloud, you put it in the hands of not just the US government, but every government the cloud company does business with. And also in the hands of every underpaid employee in the company; and while some companies may claim otherwise, their claims are unverifiable and unenforceable. "Cloud" services have their place - it is for data that is intrinsically public and ephemeral. Nobody should ever trust any cloud service with data that is proprietary or private or irreplaceable.

    Most obviously, the "free" services are predicated on exploiting the value of their users as product to customers that are not the users. The model makes sense in some cases, for example a forum, where the shared public content is willing coproduced by users of the forum, exchanging their content creation efforts for use of the forum itself, the forum exploiting that content to attract eyeballs to advertisers that pay the bills.

    While there are strong logical reasons why cloud services are intrinsically untrustable (ultimately, he who owns the hardware, owns the data), a simple thought experiment proves the folly: how hard is it to bribe an employee of a cloud service to give you inappropriate access to someone's data? Do you think you couldn't find one employee in one company somewhere? While one may be able to find companies that are currently resistant to easy attacks, cloud companies come and go like the .coms that they are are, and with inevitable waning economic optimism, so too wanes employee loyalty. In the eventual asset transactions that follow, acquiring companies of even trusted entities are unknowns and customers have no recourse and no authority.

    At best, the loss of yet another fleeting cloud service means only the loss of the associated data and whatever codependent business line the cloud service customer bet on the serial risk of the success of the cloud company itself.

    The premise of handing your proprietary data to another person for remote, invisible processing and care is fundamentally flawed. Your interests are not aligned and their interests will evolve and ultimately diverge or fail.

    Foreign companies (and US as well) are well advised to be wary of cloud services.

  6. Re:We're MUCH safer then the other guy... TRUST us by forkfail · · Score: 5, Informative

    Except that said US court orders can be executed by a secret court with no oversight. Pretty much like China's.

    --
    Check your premises.
  7. Very real issue by dave562 · · Score: 5, Informative

    We deal with this on a daily basis. Our clients (large Fortune 500 corporations) are requesting that we do not store data in the US. I personally think it has more to do with the fact that they are up to shady financial maneuvers than terrorism, but the end result is the same. It is just another nail in the economic coffin of the United States. The oft claimed, "It is too expensive/risky to do business in the States" rears its ugly head again.

    The article talks about "cloud" providers, which we are not. We are more of a SaaS shop, but the regulatory challenges are the same. It all comes down to the client wanting to feel like their data is safe, and that they will have some expectation of privacy. With the United States government declaring the right to come in and seize data (the life blood of any company in this day and age) without any form of real due process, corporations are deciding that they do not want to subject themselves to that unnecessary liability.