Hacker News new | past | comments | ask | show | jobs | submit login
Patriot Act and privacy laws take a bite out of US cloud business (arstechnica.com)
78 points by Yoanna_Savova on Dec 19, 2011 | hide | past | web | favorite | 9 comments

I'm in Canada, and I'll tell you for certain that whenever the cloud is mentioned in business it is often followed by the assumption that "all your personal data - or worse, your client's data - will be subject to the PATRIOT act". It's a huge killer to accessing many of the cloud services that are available for US companies for anything requiring some sort of security.

To be clear I don't hang at the local campus - this is suit and tie businessmen and women that I'm talking about here, not the tinfoil hat crowd.

There's huge opportunity for setting up cloud services for countries outside of the US right now, simply because of this little issue.

This is sad and this is why we had to build our own PaaS to run our scientific calculations. Basically, if you want to serve sensitive businesses in Europe, the door is closed for AWS or RackSpace usage. For scientific payload, AWS is great because you can batch work at low cost, so not being able to use it is frustrating.

I would have thought you'd be fine with Rackspace- I know they are Safe Harbor certified. Could you explain why not?

Under US law at the moment, everything point into the direction that the authorities can access the data hosted in the US while preventing the hosting company (Rackspace) to inform the client (us). The problem is also that the authorities do not even respect the law and you read nearly every month how they allowed themselves to kind of "wiretap" without the correct rights. So basically hosting in the US with the track record of the US authorities is not acceptable.

I'm pretty sure national security rules pretty much nullify any sort of Safe Harbor agreement.

Otherwise, it's just paranoia (and probably justified). As an America with nothing particularly interesting, even I am not real hot on the idea of storing information "in the cloud" right now.

In the USA PATRIOT Act, "PATRIOT" is an initialism, not a word, and should be capitalized. "Patriot" is not involved.

So is the USA part, and it doesn't stand for United States of America.

You know, my first gut reaction is to say that these people are overreacting, but then I start remembering how the current and last administration are behaving.

We're planning to use hosting in Europe for part of this reason. I simply do not trust the US government not to come fishing after my customers data, and I don't want to be in a position of getting "National Security" Letter. The company itself is located outside the USA for this reason as well. What footprints we do have in the USA (namely, gmail, and a tiny bit of AWS) are being offshored as we prepare for going live with our MVP.

Further, the tendency in the last year for the US legislative branch to pass really quite unconstitutional legislation does not give much hope that matters will improve. I'm talking not just about SOPA, but NDAA, and even the so called "Stimulus" act which contained provisions giving the federal government the power to centralize all hospital records under federal control. (at least in the revision I read.)

I have some concerns about eruope. I would not host any data in Britian for similar reasons, as the USA. It seems continental europe has reacted negatively to the results of the PATRIOT act, and one would hope, are not going to impose similar measures as a result. If necessary, we may move our services to the middle east or to asia, but that would be unfortunate.

It is a real shame to have to consider all these factors that have absolutely nothing to do with providing a quality product. I'd rather have servers in the USA to provide better service to customers in the USA.

But I consider my customers data a sacred trust, even if its almost all pretty trivial data. Thus I anonymize what I collect and I don't collect more than is necessary, but these measures can be reversed for surveillance purposes, and thus honor requires me to protect it.

I hope I never get into a situation where my business faces being forcibly shut down if I refuse to betray the trust of my customers.

I find it very sad that so many american companies are not even putting up a fight.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact