Posted by: Ron Miller
Cloud computing, Data Protection, Patriot Act, Privacy
The Patriot Act was intended to give US government and law enforcement authorities broad investigative powers under the guise of preventing such an attack from recurring. Whatever you think of this law, the law of unintended consequences certainly applies here because as a result of these broad enforcement powers, many individuals and companies outside the US no longer want to store their data on US soil.
And this has cast a pall on certain types of commerce, especially cloud computing — a concept to be fair, that wasn’t even really thought about back in 2001 when the legislation was drafted.
Of course, to the extent the US Congress understands any technology, cloud computing certainly was more mature when the 4-year reauthorization was passed earlier this year.
Regardless, companies and individuals outside the US remain distrustful of storing any data inside the US where it is subject to US laws.
And Europe, which has strict privacy and data protection laws, has not taken kindly to this law. John Newton, who is chief technology officer at Alfresco and an American expatriate living in England says Europeans tend to distrust US law enforcement under the best of circumstances and the Patriot Act didn’t help matters.
“Europeans tend to be suspicious of US regulatory and law enforcement since many aspects of American and European legal and law enforcement practices are incompatible and inconsistent in more areas than just Cloud Computing,” he said. “The Patriot Act just exacerbates this problem,” he added.
And in my experience hearing from Europeans about cloud computing, this has held true. In fact, as far back as 2008, I remember attending the Evening in the Cloud at the Enterprise 2.0 Conference in Boston. The event included representatives from Google, Amazon.com and Salesforce.com explaining the advantages of the cloud at a time when it was a new concept to many. At the open microphone part of the night I recall at least one person from Europe stating that as long as data was stored on servers inside the US, there was no way he was considering using these services — because of fear of the broad power given US authorities by the Patriot Act.
Last year at CeBIT in Hannover, Germany, I heard a similar story at events throughout the conference, and in spite of my annoyance at still hearing questions about security and adhering to EU privacy laws holding back cloud computing, people and companies in Europe are put off from doing business with US cloud companies because of the privacy implications inherent in the USA Patriot Act.
And it’s not just Europeans, Canadians aren’t too fond of the law either. Cheryl McKinnon, a Canadian citizen and a consultant who works with the Canadian government around content and document issues, says with so much shared business and cultural tradition between the US and Canada, it’s easy to forget there are major differences around privacy and data protection between the two countries.
In fact, Canada has its own sweeping privacy law that according to McKinnon “requires that all businesses (and government agencies) must ensure that the personal information gathered from customers, citizens or employees are handled in a way that protects privacy” — and that means they can’t do business with any business with US-based servers due in large part to the Patriot Act.
Lubor Ptacek, who is VP of strategic marketing at Canadian company Open Text says the Patriot Act has prevented many people outside the US from using cloud services. “The [Patriot Act] grants the US government sweeping search authority that is scaring away many well-intended users and businesses.” He adds, “While the ‘safety over privacy’ principle may be acceptable in the United States, most Canadian businesses have a much lower level of tolerance for government intervention in private enterprise and we get the same sentiment from our customers in Europe.”
So 10 years after it was passed, this law designed to protect the public from an external terrorist attack, has also cast a long shadow on cloud computing commerce that continues to this day.
Although cloud computing services are clearly thriving, to make them truly useful in today’s connected world information needs to be able flow freely across borders, and this law remains a huge obstacle to such a vision.