Indeed, the Patriot Act, enacted in 2001 in US, gives full powers to the United States in investigating. Thus, any U.S undertaking must provide "sensitive data" required by the Federal government (NSA for instance), and that, whatever the place where they are stored.
Worst: all of that may be done without notifying it to the authorities of the country or the company that has been investigated.
My point here is not to make us fall in a fully paranoid mode. But I think it is important to have these risks in mind when we advise our companies to move towards any public cloud solution (mostly provided by american companies: Amazon, google, Microsoft, etc.).
Of course, public cloud solutions are still valuable for most of the companies and data. But for other companies with crucial and highly competitive advantages, it's important to think it twice before moving into such public cloud solutions...
In a nutshell: public cloud not for everyone, not for every kind of data.
Some posts or newspapers articles about it:
- Defense giant ditches Microsoft's cloud citing Patriot Act fears (zdnet)
- The Patriot Act and Your Data: Should You Ask Cloud Providers About Protection? (cio.com)
- Snowden link to encrypted email service closes
and in french:
- Patriot Act : vos données lui appartiennent (from my friend Stephane Bellec @01net.com)
- USA Patriot Act : un risque majeur pour la confidentialité des données dans le Cloud (lemonde.fr)
Last update: August 18th, 2013