If You Deal With A US Cloud Company, The Patriot Act Could Apply

If You Deal With A US Cloud Company, The Patriot Act Could Apply

It’s a topic of constant debate amongst potential cloud computing adopters around the world: is my data potentially vulnerable to intrusion by the US government under the auspices of the Patriot Act? According to one prominent Australian lawyer, the answer is indisputably ‘yes’, if only in theory.

Patriot picture from Shutterstock

Adrian Lawrence is a partner at Baker & McKenzie and the co-author of a guide to data sovereignty issues, co-authored by the Cyberspace Law and Policy Centre at UNSW and sponsored by NEXTDC, which was launched in Sydney today. Speaking at the launch, he directly addressed the question of whether the Patriot Act applied if you dealt with a US company, regardless of where the data itself is located:

“Your basic rule of jurisdiction in most countries is that a country will assert jurisdiction over its geographic borders and its subjects, and its subjects will include corporations that are registered in the country and the children corporations. We see that in a number of different areas,” he said, citing anti-bribery laws as a prominent recent example.

“The US Patriot Act is no different, and is not special in that respect. To the extent that an American corporation is involved in the storage of data, whether itself doing it and whether onshore or offshore or through a subsidiary, ultimately the US authorities will at least assert their right to access that data. Physically undertaking that activity may be a different question.”

Vendors often dispute that position. As we reported last month, Microsoft argues that one of the reasons it has data centres outside the US is so customers can be confident their data is subject to local rather than American law.

For businesses which operate with particularly sensitive data, we’ve always advised a case-by-case investigation of the issues. In the words of the classics: better get a lawyer, son.


  • What difference does the Patriot Act make when the US and the UK are apparently reading everyone’s data anyway?

  • The USA has little regard for even it’s own laws for it’s own people; they have far less for ours.

    They are actively bugging their allies governments, they are collecting the metadata of their citizens and they do take the whole content of any even assumed to be overseas, they are using robots to kill innocent civilians and it’s been proven they have power over these corporations to hand over data secretly.

    Anyone who can trust a company based in this Axis of Evil, even if their data is hosted on Australian soil, deserves to lose it and all the trade secrets therein.

    If there is one thing that annoys me about both our parties is just how far in bed they are with this abhorrent hegemony.

  • … Yet another post on what would at least to me seem to be an incredibly straight forward law.. If your data is in the US, or used by a US based company – it can be subject to this legislation. End of story. Now lets never visit this incredibly droll topic ever again.

Show more comments

Comments are closed.

Log in to comment on this story!