Over the past few years, there has been mounting concern that the US government could invoke the Patriot Act to collect Australian data for surveillance purposes without permission. However, the extent of these powers is a little hazy: some experts claim that the Act can be enacted on American soil only, while others maintain that any data centre with ties to US companies is fair game.
Data centre picture from Shutterstock
According to Microsoft’s senior director for servers and business tools, Steven Martin, non-US customers only need to worry about the privacy laws in the country that their data is hosted in — their data will not be subject to the Patriot Act even if their cloud provider is American owned.
Martin was speaking at a Windows Azure conference during Microsoft TechEd 2013 (check out all our coverage from the event here). During question time, the topic inevitably shifted to data sovereignty and how it relates to the Patriot Act. Interestingly, Martin was adamant that all of Microsoft’s non-US customers are exempt from data collection activities if the data is hosted outside of the US.
“If a European customer is running a European data centre, it will not be subject [to the Patriot Act]. That particular piece of hardware is owned by that European company. This is something we have been dealing with for several years now,” Martin explained.
“This is one of the reasons we set up geo-replication the way we have. Taking Europe as the example, when you’re doing geo-replication and you’re replicating between the western and the northern European data centres, customers that are running geo-replicated data in Europe know that all of their data is in Europe and it will never be out of those countries.
“And then customers who say I only want to be in Ireland, as an example, can turn off geo-replication so you know that your data never leaves that particular area.”
In other words, it would appear that any data stored on Microsoft’s incoming Australian Azure data centres will be safe from US snooping, which is good to know.
Comments
12 responses to “Microsoft: The Patriot Act Is Powerless Outside Of The United States”
Really?I would not be at all surprised down the road to see that the US has been doing whatever the hell it wants! Who’s going to stop it, or even be noticed for pointing it out?
Yes, the US has no respect for boundaries of any kind – geographical, political, legal…… It will argue that data stored outside the US by an US owned company still comes under its jurisdiction, and order the company to move or copy the data onto US servers.
Next thing you know they’ll find an Australian citizen in the middle east, ship him to a military prison in Cuba where US (and Australian) rights do not apply, torture the poor guy, and only ship him back to Australia if we agree to detain them without charge for a couple of years.
It’s good to know that such a thing could never happen.
this may be what Microsoft says, that that is not what the US government says. The US government has already declared that no matter where the data is stored, if the company is a US company then the data can be accessed by the US government.
My understanding is that the US company caveat only applies to the customer, not the cloud service provider. So a US-owned company using an MS data centre in Europe would be open to snooping, but a European-owned company wouldn’t be. (At least, that appears to be what Microsoft is saying.)
yeah it seems to be the MS stance, but from presentations and discussions I’ve been to for other security matters they US government is not hiding the fact that if you do business in their ‘realm’ then they can access your data – and their ‘realm’ is very loosely defined.
And the U.S. government can require the U.S. based company not to reveal that any data has been accessed. C’mon everybody, put all your data on Cloud Services, like the Federal Government’s new I.T policy is pushing for Aussie government data. Will make it so much easier for U.S, to monitor everything without having to infiltrate expat American spooks into large companies I.T. departments.
Good to see, the ‘We can do whatever we want under guise of the patriot’ act, is one of the biggest abuses of power in the last hundred years. I understand what it was set up for, but it’s been endlessly abused since its inception.
1 week ago, every tech giant in the US denied any cooperation with (or knowledge of) PRISM.
This week, that whole claim has seen a backflip.
The takeaway is this;
– Whatever governments/companies say, is irrelevant. They lie.
– Citizenship is irrelevant.
– A data center’s geographic location is irrelevant.
YOUR ONLINE DATA WILL NEVER BE PRIVATE.
This includes: Email. This blog comment. Facebook. Your Skype calls. Your VOIP + telephone calls. Your bank account. Your income. Your geographic “check-ins”. Your online “connections”.
Whether that should concern you, is a perhaps different story… but it’s really up to you.
Make conscious the decision: What are/aren’t you comfortable sharing online? Take countermeasures accordingly.
Assume someone is watching.
Touche!
P.S Steven Martin is a S.M.U.R.F (Seriously Maniplulating & Under-reporting Real Facts)
… Some “claim” a foreign *act* can be en*act*ed in an entirely different country?
Seems like sensationalism gone wild, and this story so obvious it’s not worth the data used to post it, let alone to read it.
Yet you felt the need to click the title, read and comment on the post.
We had a US Telecommunications company in Darwin (Australia) – the one the NSA employs as a front. Give our Phone Services were exclusively publicly owned Telecom at the time they were positioned to intercept Telephone lines in Darwin and that included the Indonesian Embassy (the only foreign embassy). So what do the USA care for our rules? How do I know? it was the only building other than government buildings designed to survive a category 5 cyclone.
Interestingly, Microsoft also admitted in 2011 that “no cloud data is safe from the Patriot Act, and the company can be forced to hand EU-stored data over to U.S. authorities”. See: http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225
Oh – and Microsoft also told me last year that apparently the Australian govt has signed an agreement with the US government that they would never enact the Patriot Act on Australian organisations.
Sounds to me like they might say anything to get a sale?