USA Patriot Act and Cloud Hosting: What You Need to Know

Published by on January 16th, 2012

Property of Uncle Sam

The USA PATRIOT Act of 2001 is the product of a Post-9/11 world, a new legislation created to change U.S. policy regarding gathering intelligence for the purpose of preventing further attacks. Deemed a knee-jerk reaction by many and intrusive by others, the unadulterated power and confusion surrounding the Patriot Act have now directly impeded much of U.S. data centers’ cloud services.

Many cloud services companies are feeling the sting of potential clients that are avoiding U.S. governed providers subject to the Patriot Act. This paranoia springs from the risk of their data being swept up in the Act’s net if invoked, and as a result, some firms are avoiding U.S. cloud providers altogether. It is important to note that although it is used as a counter-marketing tool for U.S. data services, such as web hosting companies, similar counter-terrorism laws exist in places like the UK and Canada as well.

The purpose of this article is to outline the basic principles of the Patriot Act, explain how it affects your business, examine how to represent the issue to your clientele and identify the European work in motion to shorten its reach.

What’s it all about: The Patriot Act makes any data that is kept by a U.S. company, both within or outside the U.S. borders, susceptible to a possible U.S. Government seizure or unwarranted search. A basic example shows that Google and Microsoft, despite having subsidiaries in other countries like Google UK and Microsoft UK, are both U.S. companies and fall under the umbrella of the Patriot Act.

Regardless of where it is stored, any data can be turned over to the government for inspection since the company that is storing the data is governed by U.S. law. Many people and companies already use cloud-based services like Facebook, Twitter, Gmail, Hotmail, etc that, despite where they live, place them within the jurisdiction of the Patriot Act because the cloud providers are all U.S. owned.

Not-so-Safe Harbor: Confusion begins when we consider the Safe Harbor framework – a means for U.S. organizations to comply with the different privacy protection approaches of the EU and Switzerland and ultimately allow data to flow freely between the EU and U.S. The principles of this framework are superseded by the Patriot Act and any data, once it reaches the U.S., can be intercepted with or without a court order depending on the requirements of the data.

Popular opinion: Some people think (hope) that a compelling interest must be shown in the data to prove jurisdiction for the request so that it may be granted by the host country’s courts. In June of 2011, Microsoft admitted that they cannot guarantee that data won’t be handed to U.S. authorities as a result of the Patriot Act saying, “Microsoft cannot provide those guarantees. Neither can any other company.” This is the current reality.

Dealing with it: For the time being, every U.S. governed company must comply with the Patriot Act if ever necessary. Businesses would be wise to follow Microsoft’s lead in being open to the possibility of this occurring. Explain that your business will always endeavor to be transparent with how each client’s data is handled and will always follow any and all applicable laws, including data protection laws. Whenever possible, if you’re contacted by law enforcement for any information hosted on your systems, your company will similarly endeavor to redirect law enforcement to the client to give them the opportunity to respond. Explain that you will never replicate a client’s data for any outside purpose unless required by law.

Uncle Sam

Let’s look at a scenario of the Patriot Act being invoked and how it may affect innocent customers: A terrorist (bad guy) uses a cloud service (hosting provider) based in the U.S. to infiltrate or spread propaganda. The FBI tracks the site to the hosting provider. If the threat is significant, the FBI may seize an entire rack of servers for both simplicity and preservation of evidence. As you can imagine, this is how innocent customers may be caught in the net and taken offline.

Most cloud companies, however, aren’t quite as expansive as Microsoft or Google and have that working in their favor. Private hosting companies, especially ones specific to a certain niche, are at a very low risk of the Patriot Act being exercised for a couple reasons: On one hand, bad guys want a cheap automated service with millions of customers so they can hide (think GoDaddy or WordPress). Secondly, small or private hosting providers get to know their customers and in most cases are industry specific (think Exchange or SharePoint) so there’s zero chance of a bad guy coming into their network on a cheaper service and jumping over to an Exchange or SharePoint customer’s environment. In essence, the Patriot Act, like doing business on the Internet, is all about minimizing exposure and mitigating risk.

Your Data Center security: Further information on your data security features is warranted in a continued discussion. Transparency and clarity with the client is always the best way to get your message across. Yes, the Patriot Act affects your company as it does every other, so as a U.S. based company, your only move is to keep them informed and offer a dedicated service they can rely on. And tell them what’s on the horizon…

The EU Response: Currently the European Parliament is asking for clarification from the European Commission regarding the Patriot Act’s reach to their 27 European member states and demanding the obvious: let EU data remain in EU jurisdiction with EU law taking precedence.

A meeting between the European Commission’s justice commissioner and German Consumer Protection Minister last November set a deadline of January 2012 to update a 15 year old Data Protection Directive to comply with EU regulations. “We both believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market.” A draft of this legislation was recently revealed.

While it may take all 27 European member states several years to ratify, the new law will certainly help ease tensions surrounding cloud computing security. And with the long shadow cast on U.S. data removed, U.S. governed cloud services will continue business as usual with EU consumers that embrace the cloud and their revised EU data protection laws whole-heartedly.

Read more in Peter Cartier’s follow up:  The European Commission and Data Protection Laws: What You Need to Know

Thanks to Zack Whittaker, a UK journalist, who is credited with exploring the reach of the Patriot Act extensively with his USA Patriot Act series and was first to report Microsoft UK’s admittance to being within the reigns of the Patriot Act.  









About Peter Cartier

Peter Cartier has written 94 posts in this blog.

Peter, the Senior Copywriter at Fpweb.net, is the wordsmith of the family. But if we’re choosing titles, he’ll go with “The Elocutionator”. Thus far, he has only used his powers for good and understands that with great vocabulary comes great responsibility. After finishing University, Peter sneaked onto an ultra-luxury cruise line where he worked as the on-ship Publisher for a few years, traveling the world. His next adventure would have him wandering the streets of London for six months while scratching out some purposeful writing. Now, Peter once more hangs his Adidas jackets in his hometown, St. Louis, MO, where there can never be enough Blues and Cardinals games to watch. If you like what you read by him, don’t be a stranger – let him know! Follow Me on Google+

VN:F [1.9.22_1171]
Rating: 8.7/10 (6 votes cast)

 
  1. January 17th, 2012 at 07:57 | #1

    Like you said, the patriot act is a sign of the post 9/11 world. I know that protecting the country is more important than protecting privacy, but isn’t this a bit 1984-esque? Soon Big Brother will be in on every interaction a company has with the it’s clientele. That’s a bit scary if you ask me! Great Post :)

  2. Brynn C
    January 17th, 2012 at 12:03 | #2

    Incredibly informative and in regard to the cloud services, I had no idea of the intrusive nature the Patriot Act inflicts to American businesses gone global. Privacy rights are the new threat to freedom, and it is obvious this threat comes from those that wish to manipulate the exchange of information via the internet for their own purposes. The fear that has been ignited in this country has more to do with political interests, propaganda, and disastrous foreign relationships which aid those who have no interest in democracy. On a business level, this is a warning to be careful of how you exchange private information on the web.

  3. January 17th, 2012 at 13:20 | #3

    What’s worse is that that the definition of a “terrorist (bad guy)” is not the result of any perceptible legal process but at the whim of some, possibly hypersensitised, state employee.

  4. JP
    January 17th, 2012 at 22:24 | #4

    What about a new John Edgar Hoover becoming in charge in such conditions?

  5. May 30th, 2013 at 19:54 | #5

    U constructed several wonderful ideas with ur post, “USA Patriot Act and Cloud Hosting: What You Need to Know”.

    I’ll end up coming back again to ur web site in the near future. With thanks -Julianne

  6. Amir
    October 31st, 2013 at 07:51 | #6

    Thanks for such an informative article. I am concerned because global IT infrastructure used to have research centers and being “hosted” in Silicon Valley (i.e. California, a Southern State of USA) and all of the IT businesses and professionals will obviously start looking elsewhere for their future endeavors. Closing down the whole USA at the whim of a law inspired from one single terrorist attack is plainly stupid. If you’d watch US media closely, you’d feel the fear-mongering and hate-mongering brewing something very strange. USA had a very brutal civil war more than a century ago. It seems USA is getting ready for the same to repeat. There’s an age-old saying that unless the whole jungle burns down to ground, it can’t flourish like it did before reaching this decay. It is so sad to see such a great nation and its people going down the drain of wars, mostly for protecting a teeny tiny, racist and an apartheid state of Israel and extremist Jews or Zionists. Such a great waste of human intellect!

  7. June 28th, 2014 at 12:09 | #7

    Fastidious response in return of this difficulty with solid arguments and explaining the whole thing concerning
    that.

  1. February 22nd, 2012 at 00:52 | #1
  2. April 3rd, 2012 at 07:57 | #2
  3. April 22nd, 2012 at 22:46 | #3
  4. April 22nd, 2012 at 22:52 | #4
  5. April 23rd, 2012 at 06:58 | #5
  6. April 23rd, 2012 at 09:27 | #6
  7. September 3rd, 2013 at 15:45 | #7
  8. May 21st, 2014 at 10:03 | #8

Leave a Reply

Your email address will not be published. Required fields are marked *


two × = 18

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>