John Omwamba| Cloudtweaks
The European Union has resuscitated the more than a decade-old contention about data independence after giving an exposé of the US Patriot Act of 2001, which bequeaths the Federal administration, on the other side of the Atlantic, the power to seize data in any continent for surveillance reasons.
The same rigmarole surrounding a legislation that is now a dozen years old has also visited upon the Australian scene, where CIOs are circumspect on whether to go ahead and store data offshore, where the United States’ forensic agencies have a right to penetrate the firewalls as long as they are under US companies, despite being in overseas’ jurisdictions.
This has forced tech giants like Google and Rackspace to come out strongly, vowing that they would resist the prerogative of the government to use a warrant, or even, in some cases, as the Patriot Act stipulates, seize information devoid of a warranty, as this would lead to the gagging of the Infrastructure as a Service (IaaS) dispensation.
One of the key elements of the legislation is the Foreign Intelligence Surveillance, an Act that received revision by Congress (2008), whose mandate the current US administration extended for the ensuing period of half-a-decade, starting 2012. It is this clause that the Eurozone has much bone to chew on for it provides for searches without warrant on cloud data as well as in other communication conduits, not just the Internet.
The European IT community feels that this provision is more like a weapon of mass destruction spot on the EU laws, which have much of a right to claim as being some of the freest legislations on the globe, factoring in user privacy. Indeed, the whole point of concern is the Foreign Intelligence clause’s ability to just monitor the offshore data by US firms or even data under storage in the United States by a non-citizen, for “purely political” reasons. The current legislation is a limb of several others that came up intermittently two to three decades ago but consummated into a single powerful automation of a law or what is now the Patriot Act, subsequent to the terrorist attacks in 2001.
On the Other side of the Smoke
Despite this much concern about the cloud laws, analysts are saying that the Patriot Act may eventually prove to be too much ado about nothing in cloud computing terms, because of two points:
First, the laws have always been there and have required, time and again, a federal judge to provide a subpoena for the investigation of another entity’s sovereign data, with the exception of cases where the issue is too sensitive for the government to necessarily seek a legal permit. Furthermore, there have to be precedents in certain cases before anyone can arbitrarily rummage through someone else’s data, albeit this is rather vague for the government can use the same advantage of a precedent to analyze an offshore account without going through a judge.
Secondly, the Patriot Act is not the only legislation around. In Australia, United Kingdom, Germany, Denmark and other nations that protest the move, there are provisions for the respective regimes to perpetuate this ‘reign of terror’ on cloud accounts abroad that are of national concern.
In the Land Down Under for instance, the government can search a national’s documents abroad but under a shady alias so that this won’t become public. The fact of the matter still remains that there always have to be a permit to conduct any surveillance on outsource and cloud data in Australia.
The implications of this compendium of laws which are all obscure but for the Patriot Act, one would say, has led many IT firms to decide to just go on with their business of life while EU, Google and co., check their pawns for their next moves on the chess table.