{"id":11187,"date":"2011-04-26T16:05:31","date_gmt":"2011-04-26T16:05:31","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=11187"},"modified":"2011-04-26T16:05:31","modified_gmt":"2011-04-26T16:05:31","slug":"a-factual-analysis-of-cloud-computing-vs-the-usa-patriot-act","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=11187","title":{"rendered":"A Factual Analysis of Cloud Computing VS The USA Patriot Act"},"content":{"rendered":"<p><em>Note: This article applies to public cloud computing.&#160; Private clouds where you own the equipment and software in your computer room\/data centre are not affected.<\/em><\/p>\n<p>Regular readers will know that I used to work in the hosting business and that something I warn people to be aware of is the USA Patriot Act \u2013 a legacy of George W. Bush\u2019s war on terror (some might argue it was a war on freedom) and that lives on under the \u201cmoderate\u201d Democratic government a decade later.<\/p>\n<p>The <a href=\"http:\/\/www.zdnet.com\/blog\/igeneration\/case-study-how-the-usa-patriot-act-can-be-used-to-access-eu-data\/8805\" target=\"_blank\">ZDnet article<\/a>, <em>\u201cCase study: How the USA PATRIOT Act can be used to access EU data\u201d,<\/em> by Zack Whittaker is an excellent analysis of the problems that the Patriot Act causes for non-American organisations with cloud services provided by USA owned companies, no matter where their subsidiaries or data centres are located.<\/p>\n<p>I\u2019ve been able to attend a number of cloud computing events since the trend kicked off.&#160; Those who have invested themselves in the likes of Amazon, Azure, or Google, will vehemently deny that the Patriot Act applies.&#160; Some of them will toss their toys out.&#160; They kind of remind me when Irish PM Bertie Ahern told us critics to go commit suicide when we questioned the health of the economy (he resigned a few months later when he finally saw the financial tsunami that was coming).&#160; Their lack of willingness to discuss or listen should make you wonder.<\/p>\n<p>Last year I asked an Amazon evangelist about the Patriot Act and how it would apply to data stored in Amazon\u2019s European data centres.&#160; The rather cocky answer was that it wouldn\u2019t because the Amazon company in Ireland was an Irish registered company.&#160; Indeed it is, but it is also owned by a USA owned corporation that must comply with the Patriot Act.<\/p>\n<p>A few years ago at the Microsoft BPOS launch, I asked a MSFT speaker about the Patriot Act (I am a bold boy!).&#160; He had to admit that there was an issue even if the data stayed in the Dublin data centre.&#160; But straight away, MSFT sales and marketing were out talking about geo-location and how that was the solution to data protection issues.&#160; Some of us knew that to be BS, and others went and developed their HR SaaS, or whatever, applications on Azure (I did have a few giggles, I have to admit, thinking of the impending ex-employee versus employer lawsuits that could follow).&#160; Finally Steve Ballmer admitted to the issue at a CEO conference \u2026 but try stop sales and marketing!<\/p>\n<p>For you nay-sayers, here\u2019s a couple of bits from this <a href=\"http:\/\/www.zdnet.com\/blog\/igeneration\/case-study-how-the-usa-patriot-act-can-be-used-to-access-eu-data\/8805\" target=\"_blank\">excellent article<\/a>:<\/p>\n<p><em>\u201cThe bottom line is that both Microsoft and Google \u2014 and therefore any other cloud service provider operating in Europe \u2014 cannot provide satisfactory guarantees that data supplied by EU customers and housed in datacenters on European soil will not leave the European Economic Area under any circumstances\u201d.<\/em><\/p>\n<p><em>\u201cThese subsidiary companies and their U.S.-parent corporations cannot provide the assurances that data is safe in the UK or the EEA, because the USA PATRIOT Act not only affects the U.S.-based corporations but also their worldwide wholly-owned subsidiary companies based within and outside the European Union\u201d.<\/em><\/p>\n<p>I\u2019ve met loads of people who love EC2.&#160; I know an Azure MVP and he\u2019s fallen for it as a developer.&#160; All quite understandable.&#160; To me, things like Office365 do offer amazing opportunities in the right circumstances.&#160; Will anything change regarding the Patriot Act?<\/p>\n<p>Rumour is that Amazon and MSFT lobby strongly over this issue.&#160; Some believe they had a lot to do with some of the contentious pieces of the Cyber Security Act being stripped out.&#160; I\u2019d believe it \u2013 the USA might be the big player in cloud computing right now, but if data laws continue to cause concerns then what\u2019s to stop a Chinese operator dominating there, or a French\/UK\/German operator dominating in Europe, or a South American provider dominating down there?&#160; That would put a seriously big pinch on Amazon\u2019s plans to be online content kings of the world, and Microsoft\u2019s plans to dominate PaaS\/SaaS just like they\u2019ve dominated Office software.&#160; Maybe there will come a time when the USA government will cop on and relinquish these communist-like demands over hosters.&#160; That would be of benefit to us all.&#160; But we have learned from history that both USA political parties are willing and able to undo freedoms at a moment\u2019s notice; we only have to look at the original drafts of the Cyber Security Act to see that.<\/p>\n<p>So are people listening to the warnings?&#160; As I\u2019ve already alluded to: no they\u2019re not.&#160; The louder voices of those who are already invested are drowning out those urging caution.&#160; And there are those who see those oh-so-tempting low sticker prices of an Azure or an EC2 and then don\u2019t want to listen to anything else.&#160; I\u2019ve had those conversations in the past.&#160; To be quite honest, most people don\u2019t want to listen.&#160; It\u2019s like telling a gambling\/spending addict they they shouldn\u2019t get that sixth credit card.&#160; They either berate you for questioning \u201cprogress\u201d, try to change the topic of conversation to that of technical features, say that the Patriot Act will never be used against them (it\u2019s known to have been used over 80 times \u2013 and the fact is that data that is susceptible to the PA is at risk to not being protected by the European Data Protection Act), or they engage the lah-lah-lah arguement.&#160; I gave up; that\u2019s why I\u2019m not in the hosting business any more.<\/p>\n<p>So give the <a href=\"http:\/\/www.zdnet.com\/blog\/igeneration\/case-study-how-the-usa-patriot-act-can-be-used-to-access-eu-data\/8805\" target=\"_blank\">ZDnet article<\/a> a read.&#160; It\u2019s well constructed, telling the story of the author\u2019s investigation.&#160; He uses a case study and approaches some big service providers directly to get their official responses on the issue.<\/p>\n<p>Now, let me get back to folding that tin (aluminium) foil hat to keep those pesky NSA satellites out of \u2026<\/p>\n<div style=\"padding-bottom: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; float: none; padding-top: 0px\" id=\"scid:0767317B-992E-4b12-91E0-4F059A8CECA8:186080b6-bb64-4acf-89af-eb8305d49a3f\" class=\"wlWriterEditableSmartContent\">Technorati Tags: <a href=\"http:\/\/technorati.com\/tags\/Cloud\" rel=\"tag\">Cloud<\/a>,<a href=\"http:\/\/technorati.com\/tags\/Security\" rel=\"tag\">Security<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Note: This article applies to public cloud computing.&#160; Private clouds where you own the equipment and software in your computer room\/data centre are not affected. Regular readers will know that I used to work in the hosting business and that something I warn people to be aware of is the USA Patriot Act \u2013 a &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=11187\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;A Factual Analysis of Cloud Computing VS The USA Patriot Act&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1],"tags":[190],"class_list":["post-11187","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/11187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11187"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/11187\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}