Misconceptions About The USA Patriot Act and Data Security in the Cloud Sector

By | June 8, 2013

This blog post speaks about the misconceptions people are having about the USA Patriot Act and Data Security, especially in the cloud sector.

Since the cloud computing technology has emerged it has changed our life in many different ways. Unlike the old days, now we don’t have to stick to the same computer system to access the data and application on Web. The cloud computing has offered a unique way through which people can access applications and upload, download any data from anywhere, anytime and using any device supporting an Internet connection.

Using the cloud computing technology, USA-based web hosting companies are able to offer various cost-effective cloud-based services to businesses which can help them increase efficiency, reduce their investment and increase the profit level. However, despite the advantages and the highest growth rate of cloud computing in USA, people avoid to go with a web hosting service provider based in USA because of the USA Patriot Act. Most of the people having several misconceptions about the USA Patriot Act, especially in the cloud sector which restricts them from opting US-based cloud services.

Cloud Hosting

Here, we have explained few misconceptions about USA Patriot Act & Data Security in the Cloud Sector and what can be done to avoid such Investigations:

The USA Patriot Act is an acronym that stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act that was passed in 2001 in order to prevent and punish the terrorist activities in the United States and throughout the world, as well as to improve the law enforcement investigatory tools. Along with the approval of this Act all the existing anti-terrorism laws were consolidated and special powers of surveillance and seizure without any court order were provided under the USA Patriot Act.

There is also another act known as Foreign Intelligence Surveillance Act, through which the unlawful or the activities like activist, protest or political group which are possibly against United States are monitored. Some people thinks that USA Patriot Act is an anti-Eurpoean. But the truth is that its not. The Patriot Act applies same to the USA-based cloud providers as much as European cloud providers.

Will the FBI access my data, if its stored in a US data center?

Surely according to the USA Patriot Act, the FBI could have access to your data, but it don’t mean they will access it. Businesses shouldn’t concern unless they are involved in unlawful activities that are against USA.

The FBI won’t be able to access my data, if its stored in a UK data center

If you are thinking that hosting your data in a UK-based data center will restrict FBI from accessing it, then you are totally wrong. The USA Patriot Act still applies even if you host your data in a foreign country, just because you are a US headquartered business. It doesn’t matter at all even if you host your data in other country and use a UK provider, still the Patriot Act can impact you, if you have a US based provider somewhere in the cloud chain that manages your data.

No one would be able to see and access my data, if I avoid US cloud providers

Its necessary for you to know that each and every country’s government has their own anti-terrorism and surveillance acts (such as UK’s Regulation of Investigatory Powers Act)  made to access the data under their jurisdiction. Even if you decide to avoid US-based cloud providers, your data would be still under surveillance.

The UK will not pass my data to the FBI

You are wrong, they will because of the treaties they have signed. Including the US and UK, there are many other countries who have signed treaties (Treaty – an international agreement between countries for exchange of data (information) upon request). However, if you wish to keep your data safe from US and UK governments, then the best places would be in Iran or North Korea.

If the US and UK governments can get access to my data, I will be safe staying out of the cloud

If you think that you hold the kind of data that UK, US and other governments would want to investigate, then definitely you should stay out of the cloud. However, if your data is something that won’t cause any problem to the law enforcement agencies, then there is no point in staying away from the benefits of cloud just because of an unknown fear of getting caught for no reason. You may check whether private cloud or hybrid cloud could work for you.

I am completely secure, if I am not in the cloud

For majority of the cloud providers the data security is at the top of their priority operations list. If you decide to host your data with an on-premise service, just ensure to address the data security. Don’t stay under an illusion that the data security is adequate. In addition, ensure that your staff don’t utilize their own devices such as smartphones and tablets to access the business data.

What can be done to avoid such government surveillance?

There are various steps you can take to avoid the USA Patriot Act and other similar Acts.

  • Evaluate whether you have any data that would create or pull the attention of governmental agencies.
  • Appraise your data and identify the most crucial information that you have.
  • You may consider the Hybrid Cloud deployment model to store your important data on-premise and run other via the public cloud.
  • You may also consider the Private Cloud, where your business data is hosted by someone to whom you can investigate and trust.
  • Ensure the encryption of your data in order to protect it.
  • Confirm whether your staff are using their own devices or free cloud tools for business .

The concerns about the data security are most important for businesses, however, you can stay away from such investigations if you ensure the above 6 points.

Leave a Reply

Your email address will not be published. Required fields are marked *