Cloud and the Patriot Act: A big red herring served with a large helping of paranoia sauce

I’ve been watching, with more than a little bemusement, some of the commentary surrounding the implications of the US patriot act on the security and privacy of data that is held in the cloud. Here is my perspective (perspective being something rather lacking in some of the commentary).

Here’s the essence:

  • Yup, the Patriot Act gives substantial powers to key law enforcement agencies
  • Yup, the Patriot Act asserts jurisdiction over any US corporation, or any corporation having a business connection with the US…
  • BUT, even if the patriot act doesn’t apply to you, it’s likely that US law enforcement could still get your data, by invoking a Mutual Legal Assistance Treaty with the government of whichever country your data is stored in
  • The patriot act does not give US law enforcement agencies a right to roam freely through your data
  • Other countries have almost identical laws
  • For the paranoid among you, this means that none of your data, wherever it is held is safe…
  • Of all the security risks you face when it comes to cloud computing, the patriot act comes very low down the list
  • Some questions you should ask yourself
  • Some questions you should ask your provider
  • Sure… some data should never be exposed to any risk of seizure, but please use your common sense
  • If you’re still paranoid, the only solution for you is to get off the net completely, live in a shack in the forest and make yourself a tinfoil hat
  • ADVERT : If you’d like me to speak at your conference ask for a quote