It starts with something called the Patriot Act which was signed into law by U.S. President George Bush and extended by President Obama in 2011. This act gives the U.S. government broad powers to legally gather information on individuals and entities suspected of acting in ways that are dangerous to U.S. interests.
This Act has been defended as an unfortunate necessity in these troubled times and vilified as an intolerable attack on Americans' consitutional rights but I doubt anyone ever considered that it could be bad for U.S. economic interests as well.
At issue is something called "Cloud Technology" which allows companies or individuals to treat IT as a service that one can purchase from a utility company. Storage, processing power, even applications can be rented as a service like water or electricity. A company no longer needs to have physical servers/computer or local storage because they can just buy what they need from a Cloud Service provider. After a slow start Cloud Computing is now getting to be quite hot. Demand is growing. Politico reports that this is a 41 billion dollar industry that is projected to grow to 241 billion by 2020.
Given U.S. dominance in the computing industry one might expect that U.S. IT companies would be looking forward to reaping in record profits as a result of this new business opportunity. Well, maybe not and the Patriot Act is to blame.
Imagine that you are a multi-national corporation. Do you really want your data and critical applications stored in a country where the government can legally access that data or spy on how you do business? Other countries (like EU countries, for example) have much tougher data privacy laws and wouldn't it make much more sense to use their cloud services instead? That is exactly what is happening with European IT companies touting their cloud services as being much more secure and completely safe from the prying eyes of the U.S. government.
Tough to argue with their logic but the U.S. government, in response to outrage and concern from the U.S. IT industry, is trying. In the Politico article, Ambassador Philip Verveer, U.S. coordinator for International Communications and Information Policy at the State Department, said, “We think, to some extent, it’s taking advantage of a misperception, and we’d like to clear up that misperception.” Apparently even the Obama administration is attempting to limit the damage and reassure potential foreign clients of U.S. based IT services.
I doubt it will work and many others are of the same opinion. Jon Stokes in this article in Wired Magazine points out the following reasons that the U.S. government is simply not credible on this issue:
1. Private sector policies with respect to sharing data with law enforcement are not uniform across cloud providers, and they’re often not completely clear in how they’re stated.
2. Nasty surprises routinely crop up in the press, where we learn that this or that company is turning over customer data to the feds.This is another great example of how, in a globalized world, lawmakers need to be very careful about the international consequences of local law. A bad decision or a poorly crafted piece of local legislation can have a terrible impact on a country's ability to compete in the global marketplace. Cloud technology is a wonderful opportunity for U.S. IT companies and it could create a lot of jobs for Americans; Alas, it appears that their efforts in this area will be hampered by a ball and chain on their legs called the Patriot Act.
3. On a more general level, the US government has shown that when it comes to surveillance, it’s willing to ignore the law time and again.
4. US government agencies don’t trust their own sensitive data to foreign clouds, and often require that such data be stored in a US-based datacenter.
5. Contrary to what cloud companies and lobbyists would have you believe, the PATRIOT Act really does give the US government very broad powers to get their mitts on your data without you ever knowing about it.
