The Cloud and the Patriot Act

The Patriot Act is a US Act that essentially says that the US Government can access and intercept any data held by anyone on US territory. There has been quite a lot of vagueness about whether or not the scope of this Act extended beyond US territory and cloud providers such as Amazon have, in my view, avoided making any statements on this.

Microsoft in their official release of Office 365 have now clarified the position as they see it. Their view is that any US-headquarted company that maintains data are bound by the Act irrespective of where that data is stored. Therefore, data stored on a public cloud run by one of the big providers can be accessed by the US Government.

This hasn't yet been tested in court but what it means for cloud users is that if you have any reason to think that your data might be of interest to the US Government, then don't use a US headquartered company for cloud services. Even if (like me) your data is completely innocuous, Governments have been known to get things wrong and you may not wish to take the risk.

This clarification is great news for local cloud providers in the UK and an opportunity to pick up business from organisations that are risk averse on compliance issues. For sure, they are not bound by the Patriot Act and they can guarantee that there will be no US Government snooping.