European Firm Refuses To Go On the Microsoft Cloud Due to PATRIOT Act Concerns
Sometime back I had written about how Australian cloud computing company Ninefold was trying to drum up fear that data residing on Amazon’s servers in Australia were under the jurisdiction on the US PATRIOT Act, and thereby, subject to search and seizure (See: Your Data in Australia is subject to the US PATRIOT Act ).
Thus, even data on an offshore location would have no privacy from American investigators, a situation unwelcome to many businesses. While Ninefold had its own selfish reasons in highlighting this issue, it being a rival of Amazon Down Under, this is not the first time that cloud privacy under the PATRIOT Act has been in the news. Indeed, I had covered it as well (See: Is Cloud Computing a Threat to Consumer Rights?).
It seems that at least one European firm has heeded these voices of doubt, and decided not to patronize American cloud companies. UK defense contractor BAE Systems has abandoned its plans for using Microsoft’s Office 365 cloud based productivity platform, citing the possibility that the data may be accessed by the US government. “We were going to adopt Office365 and the lawyers said we could not do it,” said Charles Newhouse, head of strategy and design at BAE Systems, speaking during a panel debate at the Business Cloud Summit 2011 in London.
These fears seem to have some rationale considering what Microsoft UK’s managing director Gordon Frazer said to ZDNet during Office 365’s launch in the country last June. He was asked, “Can Microsoft guarantee that EU-stored data, held in EU based datacenters, will not leave the European Economic Area under any circumstances – even under a request by the PATRIOT Act?”, and answered that as Microsoft headquartered in the US, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based).
And it’s not only one firm speaking; a recent survey indicated that 70% of Europeans have similar concerns. Consequently, local firms have taken a page out of Ninefold’s book and started promoting their services as immune to American legislation. One of them is Swedish firm City Network, whose chairman Johan Christenson has gone on record saying, “We believe that a service owned and operated locally in the EU, and fully compliant with EU data protection laws, will be very attractive for European companies. US companies with European operations will also benefit from the lower latency of a locally hosted solution.”
Ambassador Philip Verveer, US coordinator for International Communications and Information Policy at the State Department, had earlier remarked that German cloud providers were openly using the PATRIOT Act as a “marketing proposition” to promote their services. However, he believes it’s due to “misperception” and the Obama administration is in regular talks with foreign governments to assuage fears.
Whatever the reason, there’s no denying that American cloud companies are feeling the heat. Unless the matter is cleared at the highest levels of government, they will continue to lose business to local counterparts. And the phenomenon may spread to Asia as well.
By Sourya Biswas