So how are we to interpret
"Based on our interpretation of the Fourth Amendment and ECPA, we are of the view that Rackspace is prohibited from accessing and turning over customer data stored on a customer’s server or other storage device in a U.S. data center without a properly issued, lawful request ( e.g. search warrants, court orders, Foreign Intelligence Surveillance Orders) from a U.S. court with appropriate jurisdiction over Rackspace and the data sought."
? Coming right after the recitation of the Fourth Amendment, this gives the impression that Rackspace will only hand out your data in response to a warrant (or warrant-like-thing) that demonstrates probable cause. But in fact, when the customer is a non-resident alien, the order is a FISA 702 order, and the court is the FISC, probable cause never comes into it: the US can (completely properly and lawfully!) get such an order for no stated reason at all. Imagine the following conversation in 1860:
Q: I hear that you have slaves on your Virginia cotton plantation. Is this really true?
A: The Fifth Amendment to the US Constitution states that 'No person shall [...] be deprived of life, liberty, or property, without due process of law'. No-one is forcibly detained on this plantation except fully in accordance with the law and the Fifth Amendment.
This answer seeks to suggest that the only prisoners on the plantation are convicted criminals, which is false - the plantation is worked by slaves. But in fact the answer is precisely true though devious: slaves have no rights under the law, while the Fifth Amendment does not apply to slaves. I really hope this isn't the correct way to interpret Rackspace's statement as well.
And further - it's not just "US-based cloud", it's almost certainly "cloud resources physically based _anywhere_ if it's owned/operated by a US based company". I'm pretty sure Rackspace would consider any data that I (a non-US resident/citizen) store on a Rackspace instance intentionally provisioned in their Sydney Australia datacenter to be subject to US law instead of local Australian law - and would most likely hand over any and all of my data with no need for a warrant.
 for completeness/fairness, I'm pretty sure Amazon would treat and Sydney AZ instances I spin up exactly the same way.
 actually, I suspect I'd get the worst-case scenario of the least protection available under either US or Australian law - if push ever came to shove...
Totally. These points completely nail it for me (A non-US consumer of US based services).
Anyone who was concerned about "the subpoena risk"  before, but was satisfied if their data resides in (eg) Australian data centres will now be forced to think again.
I see this as a huge opportunity for non-US domestic PAAS / IAAS providers who keep everything in a single juristiction.
When you see just how far the New Zealand law enforcement rolled over and violated national law at the request of US copyright enforcement in their shoddily executed raid on Kim Dot Com, I have very little doubt that in spite of Ninefold's marketing using legal jurisdiction nightmares if you use their major competitors AWS or Rackspace - if the NSA showed up even without local law enforcement on their side, me and my data would likley get "thrown under the bus" (especially in the light of stories like this: https://mailman.stanford.edu/pipermail/liberationtech/2013-J... )
Something needs to change. What do you think are the chances of Senator Scott Ludlum's "Get a Warrant" bill  making it through before the election?
If some nation can step up and provide some guarantee that your data is not subject to law enforcement without rigorousness due process, they might be able to attract substantial investment.
So for my personal situation - there are two juridictions I have citizenship in (Australia and The UK), neither of which I have much confidence in the amount of resistance they'd provide at a policy or law enforcement level to requests for my personal data from US agencies - and both places where I suspect that companies capable of storing data for me reliably and availably enough probably all have enough of a US presence that they'd be easily "leaned on" by agencies as powerful as the NSA (and probably even the MPAA) in such a way that it'd be "the right thing for them to do" to give up my data rather than incur the costs to the company of fighting.
My current "solution" is increase my (and as many people as I work and communicate with as possible) use of encryption (and hope that as well as "not doing anything wrong, so I've got nothing to fear", that things like AES & PBKDF2 with strong passphrases and tools like EncFS, TrueCrypt, 1Password, OpenSSL are still viable options even against the NSA).
The question of whether to migrate to other cloud services, or to host my own private cloud is up in the air.
I m not saying PRISM is lawful (that remains to be seen?), but i think many non-US citizens are feeling too entitled to the protection of US law.
It's seems stupid that given recent events that the uproar over whether the US government is reading your Facebook posts has rammed the point home to many people but I guess this is just the final prod that woke a lot of people up.
*Purely from the perspective of the government. I've nothing but admiration (mostly) for large parts of the culture, attitude and hard work of the good citizens of the 50 states.
There have been at least four or five major epochs for the US, which saw fairly substantial changes (good or bad) to the rule of law and social cohesion. We started as a constitutional republic and nearly laissez-faire capitalism; then we had a massive federal explosion post civil war, that saw the power of the states greatly diminished; we shifted to a mixed economy, welfare state with a heavy bent toward democracy; now we're speeding toward police state socialism with oligarchs, the facade of property rights, and blended government-corporations, aka fascism (or as some call it in our incarnation, corporatism).
What you have to realize is that 4th Amendment law is largely tied to searches for prosecution reasons and so usually the issue is "well, the 4th Amendment is violated and so to punish the government and give them the right incentives, we won't let them use the following set of evidence in their prosecution." It's really hard to make such rules effective regarding surveillance of foreigners conducted overseas.
Non-citizens in the US for whatever reason do have relevant liberties. This does not extend to say buying tv advertisements for candidates in elections, but it does extend to unreasonable searches and seizures. Non-citizens with no real ties to the US, and not in the US are different.
But their US property is still protected. If I'm a Russian orthodontist in Minsk and I buy 500 shares of Google, the Fifth Amendment protects me having them expropriated by the US government even if I never go near the States. (IANAL, but I did check this one.) However if I open a Google Mail account then apparently (under current interpretations) I have no similar protections.
I can't say if this apparent discrepancy is actually legally justified, or not. Without even getting into the question of whether it's morally justified, it is going to come as a significant surprise to a lot of people, who have got used to the idea that they're largely protected by the US rule of law when they do business with the US. And one way or the other, it's reasonable to point out that Rackspace's Fourth Amendment-based reassurances seem to be (no doubt accidentally) crucially misleading to many or most of its customers.