

Patriot Act and privacy laws take a bite out of US cloud business - Yoanna_Savova
http://arstechnica.com/tech-policy/news/2011/12/patriot-act-and-privacy-laws-take-a-bite-out-of-us-cloud-business.ars

======
run4yourlives
I'm in Canada, and I'll tell you for certain that whenever the cloud is
mentioned in business it is often followed by the assumption that "all your
personal data - or worse, your client's data - will be subject to the PATRIOT
act". It's a huge killer to accessing many of the cloud services that are
available for US companies for anything requiring some sort of security.

To be clear I don't hang at the local campus - this is suit and tie
businessmen and women that I'm talking about here, not the tinfoil hat crowd.

There's huge opportunity for setting up cloud services for countries outside
of the US right now, simply because of this little issue.

------
Loic
This is sad and this is why we had to build our own PaaS to run our scientific
calculations. Basically, if you want to serve sensitive businesses in Europe,
the door is closed for AWS or RackSpace usage. For scientific payload, AWS is
great because you can batch work at low cost, so not being able to use it is
frustrating.

~~~
tomgallard
I would have thought you'd be fine with Rackspace- I know they are Safe Harbor
certified. Could you explain why not?

~~~
Loic
Under US law at the moment, everything point into the direction that the
authorities can access the data hosted in the US while preventing the hosting
company (Rackspace) to inform the client (us). The problem is also that the
authorities do not even respect the law and you read nearly every month how
they allowed themselves to kind of "wiretap" without the correct rights. So
basically hosting in the US with the track record of the US authorities is not
acceptable.

------
anothermachine
In the USA PATRIOT Act, "PATRIOT" is an initialism, not a word, and should be
capitalized. "Patriot" is not involved.

~~~
jgw
So is the USA part, and it doesn't stand for United States of America.

------
RexRollman
You know, my first gut reaction is to say that these people are overreacting,
but then I start remembering how the current and last administration are
behaving.

------
nirvana
We're planning to use hosting in Europe for part of this reason. I simply do
not trust the US government not to come fishing after my customers data, and I
don't want to be in a position of getting "National Security" Letter. The
company itself is located outside the USA for this reason as well. What
footprints we do have in the USA (namely, gmail, and a tiny bit of AWS) are
being offshored as we prepare for going live with our MVP.

Further, the tendency in the last year for the US legislative branch to pass
really quite unconstitutional legislation does not give much hope that matters
will improve. I'm talking not just about SOPA, but NDAA, and even the so
called "Stimulus" act which contained provisions giving the federal government
the power to centralize all hospital records under federal control. (at least
in the revision I read.)

I have some concerns about eruope. I would not host any data in Britian for
similar reasons, as the USA. It seems continental europe has reacted
negatively to the results of the PATRIOT act, and one would hope, are not
going to impose similar measures as a result. If necessary, we may move our
services to the middle east or to asia, but that would be unfortunate.

It is a real shame to have to consider all these factors that have absolutely
nothing to do with providing a quality product. I'd rather have servers in the
USA to provide better service to customers in the USA.

But I consider my customers data a sacred trust, even if its almost all pretty
trivial data. Thus I anonymize what I collect and I don't collect more than is
necessary, but these measures can be reversed for surveillance purposes, and
thus honor requires me to protect it.

I hope I never get into a situation where my business faces being forcibly
shut down if I refuse to betray the trust of my customers.

I find it very sad that so many american companies are not even putting up a
fight.

