Cloud users need to ignore Patriot Act scare stories

Critics of cloud IT services say that the Patriot Act gives US government agencies unprecedented access to information stored in the cloud – and that worry is amplified by the fact that the vast majority of cloud vendors are US-based. "Scare stories over the Patriot Act abound, but they are fallacious," insists David Bradshaw, IDC research manager for European public cloud services. "The Patriot Act is nothing special: indeed data stored in the US is generally better protected than in most European countries, in particular the UK," he asserts. Almost all countries have similar legislation that gives the authorities a means to requisition data on cloud services, to investigate and prevent acts of terrorism. The issue is ensuring that these powers are used only when absolutely necessary, he explains. For Bradshaw, the 'gold standard' is that government agencies are required to seek a court order for any access to data, and that cloud vendors are generally not permitted to give up customers' data without a court order. This is the case in the US, where all access to cloud data requires a court order, says Bradshaw. However, most European countries are less stringent in their requirements. In particular, the UK has weaker legal controls, and this may become a barrier to organisations in other European countries adopting services that store data in the UK, he warns. "Users need to ignore the Patriot Act scare stories. Most large organisations will already be using services, such as outsourcing, where their data is stored on a service vendor's system," says Bradshaw. "Adopting cloud services brings nothing new to these customers: indeed with many cloud vendors storing data in the US, your data will arguably enjoy far more stringent protection."