Business Report

Transcending Borders but Not Laws

As cloud computing spreads data around the globe, a haze of legal and privacy questions follows.

There’s a problem facing cloud computing that doesn’t have an easy solution yet.

Although it is often not obvious where data is actually residing when it’s uploaded to a cloud service such as Web-based e-mail, the location does matter. And depending on the legal jurisdiction where the data is stored, it could be exposed to government scrutiny or to unexpected regulations. “When data is physically located within a country, that country has the practical ability to force access to that data by various means,” says Katitza Rodriguez, international rights director for the Electronic Frontier Foundation, a tech-focused civil-rights organization.

This story is part of our November/December 2011 Issue
See the rest of the issue

That is cause for worry in Canada and some European countries, where activists fear that strict local privacy rules may not apply if citizens’ data is stored on servers in the United States. The powers of U.S. law enforcement to snoop on e-mail and other records were expanded by the USA Patriot Act, passed shortly after the September 11 terrorist attacks. The Canadian province of British Columbia responded with a 2004 law requiring public bodies to ensure that citizens’ personal information, such as health records, be “stored only in Canada and accessed only in Canada.”

The spread of restrictive data laws could make it more difficult for overseas companies and government agencies to use commercial cloud providers, the largest of which are based in the United States. Indeed, the U.S. Department of Commerce considers legal obstacles to “transborder data flows” a brewing threat to free trade. It has formed a committee with Mexico and Canada to make sure privacy laws don’t stand in the way.

The jurisdictional issue is already having effects. Francis deSouza, group president for enterprise products and services at Symantec, says his company has negotiated with a Swiss financial institution about running the bank’s e-mail servers and other software. In principle, they could be hosted in an existing Symantec data center anywhere. But because Swiss bank secrecy laws don’t apply outside the country, deSouza says, doing business will mean building a new data center in Switzerland.

Yet storing data outside the U.S. may not be enough to shield it from American law enforcement. Microsoft and Google inflamed anxieties in Europe this summer when they confirmed that even data stored outside the United States—including in European data centers—could be subject to lawful U.S. government requests (not to mention those of other nations). All this is making the cloud a difficult place to hide, particularly when it comes to sensitive data. Last year, for instance, Amazon booted the whistleblower organization WikiLeaks off its cloud servers amid complaints from Washington that WikiLeaks was storing stolen classified documents on the machines.

Another potential headache: some countries require data to be logged for a certain amount of time, while others require that data be deleted after a certain time. As a result, companies like Facebook that store data in multiple places may face conflicting mandates, says Daniel Garrie, general counsel for the Focused Solution Resource Delivery Group, which advises companies on cloud computing contracts. 

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Business Impact
Business in the Cloud

How technology advances are changing the economy and providing new opportunities in many industries.

Want more award-winning journalism? Subscribe to Insider Premium.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Listen in as our editors talk to innovators from around the world.

You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.