Cindy Cohn and Katitza Rodriguez of EFF write:
Does using cloud computing services based in the United States create a risk of US law enforcement access to people’s data? The US Department of Justice (DOJ) seems to be trying to placate international concern by saying one thing in international fora; but it says something quite different in the US courts.
On January 18, a senior Justice Department official tried to reassure companies and people around the world that hosting their data in the United States creates no increased privacy risk for them from the US government. Deputy Assistant Attorney General Bruce Swartz noted: “Cloud computing has important advantages to consumers (but) doesn’t present any issues that have not always been present. Certainly not regarding Internet service issues, but even before that.”
Apparently, the DOJ is reacting to decisions by foreign entities to drop US-based services due to concerns about US government access, including British company BAE dropping Microsoft Office 365 and the Dutch government‘s hesitation about allowing its contractors to use US-based cloud services. In the past, Denmark and Canada have also voiced their concerns about the level of protection the United States can provide to their citizens’ data. EU public tenders of cloud services are also avoiding US cloud services for the same reasons. European–basedcompanies, which have to comply with EU data protection law, see this opportunity as a competitive advantage, as do Australian cloud services.
Yet the DOJ’s reassurances ring hollow. While the DOJ may spin its position one way to try to appease foreign audiences, its actual position is quite clear where it really matters: in US courts when it is trying to access subscriber information held by US-based cloud computing services. Indeed, the DOJ’s position in its court filings is that very little, if any, privacy protection is available against US government access to the records of users of US-based cloud computing services.
Read more on EFF.