The US cloud providers have enough problems trying to sell services abroad -- and domestically -- thanks to the government rules that under the Patriot Act, allow law enforcement agencies to access most data without judicial oversight.
Now a brief from the Office of the United States Attorney (10/30/12 pg. 4) claims that the agreements one signs when storing data in the cloud, "likely limit any property interest [one] may have in the data stored" and "may have severely limited any ownership rights."
A bit of background history: Last year the US Government seized the servers of Carpathia Hosting and Megaupload.com for copyright violations, because they were hosting thousands of copyrighted materials, mostly movies and TV shows, without their legitimate owners' consent. But Megaupload was also storing data from thousands of users that kept their own files on Megaupload servers as part of their backup and storage strategy. According to the Electronic Frontier Foundation (EFF):
When the United States Government shut down access to Megaupload, a multitude of innocent users who stored legitimate, non-infringing files on the cloud-storage service were left with no means to access their data.
"EFF is troubled that so many lawful users of Megaupload.com had their property taken from them without warning and that the government has taken no steps to help them," said Julie Samuels, staff attorney at EFF in a press release. "We think it's important that these users have their voices heard as this process moves forward."
Now, after the government's brief to the court, the EFF and some users affected by the Megaupload seizure are concerned that the rules the government tries to apply to this case affect the individual property of data stored in any cloud computing platform.
Another important issue in this case is privacy. When the government received the request from Mr. Kyle Goodwin (one of the Megaupload's cloud customers represented by the EFF) to recover his data hosted in the Caparthia servers as part of the Megaupload Cloud Service, the government agencies went to inspect and dissect Mr. Goodwin's files without consideration of his Fourth Amendment rights. Mr. Goodwin was not a suspect in the Megaupload investigation, he just used the cloud storage service for his personal files. The EFF, representing Mr. Goodwin, claims that "In the past, courts have required the government, when executing digital searches and seizures, to be mindful of and segregate third-party data to protect privacy concerns."
My email is hosted on the cloud, as well as my personal blog, my photo archive, and some private documents. If the FCC decides to seize some of Google's data servers and stop providing the email hosting service, is my email still secure? Can I get it back to move it to another provider? How long do I have to wait to get my data back, and to what extent can the government "browse" my data to try to limit my property rights?
How much will these cases affect the cloud computing business of American corporations? Amazon's cloud computing business represents around $2 billion a year of revenue for the company in the North America segment alone. (Amazon is not selling its Elastic Cloud services outside the US and Canada yet.) Google's new Compute Engine, now being offered as a limited preview trial, is available worldwide with competitive prices, but I doubt that any large European corporation will risk using an American cloud provider for their data.
My questions for international CIOs: How do you feel about the lack of protection of your property rights and confidentiality in the US cloud services? Are you using any cloud provider in the US? And, based on the US government policies and the US Patriot Act, would you consider cloud services hosted in the US or by any US corporation?