The governments of several other countries, including the U.K.,Germany, France, Japan and Canada, have laws in place allowing themto obtain personal data stored on cloud computing services, saidthe study, by Hogan Lovells, an international law firm that focuseson government regulations and other topics. The Patriot Act, passed as an anti-terrorism measure in 2001, is"invoked as a kind shorthand to express the belief that the UnitedStates government has greater powers of access to personal data inthe cloud than governments elsewhere," wrote study co-authorsChristopher Wolf, based in Washington, D.C., and Winston Maxwell,based in Paris. "However, our survey finds that even Europeancountries with strict privacy laws also have anti-terrorism lawsthat allow expedited government access to cloud data." Since late 2011, some European cloud providers have promoted their services as so-called safe havens from the U.S. Patriot Act. In September2011, Ivo Opstelten, the Dutch minister of safety and justice, saidthat U.S. |
cloud providers could be excluded from Dutch governmentbecause of the Patriot Act. Opstelten later softened his stance . But the Hogan Lovells study, released by think tank the OpenforumAcademy Wednesday, said there are "misconceptions" about thePatriot Act and other countries' laws allowing access to clouddata. Some people believe, and some cloud providers haveadvertised, "that choosing a cloud service provider based on itslocation will make some data stored in the cloud more secure andless subject to governmental access," Wolf and Maxwell wrote.
However, the Patriot Act generally didn't create "broad newinvestigatory powers" in the U.S., but instead, expanded existinginvestigative methods, the study said. There are "meaningful limitations" on the cloud data U.S.authorities can access, with law enforcement authorities needingcourt-ordered search warrants in some cases, and investigators ableto issue subpoenas in other cases, the study said. Many othercountries studied by Hogan Lovells also require cloud providers toturn over personal data when compelled by a court, the authorswrote. Other countries have their own privacy challenges, the report said.ISPs in the European Union must retain telecom customer data forbetween six and 24 months, when U.S. ISPs have no such requirement,Wolf and Maxwell wrote.
The E.U. data-retention directive givesEuropean investigators access to information that may be deleted inother countries, they said. Under the data-retention directive, "police and security agenciesare able to access, with judicial permission, details such as IPaddress and time of use of every email, phone call, and textmessage sent or received," the study's authors wrote. Despite the results of the study, firms in other countries shouldbe "reluctant" to turn over data to U.S.
cloud providers, said MarcRotenberg, executive director of the Electronic Privacy InformationCenter, a privacy group. Since the Sept. 11, 2001, terrorist attacks on the U.S., "the U.S.government has simply been far more aggressive in its demands fordata from other jurisdictions than have other governments,"Rotenberg said in an email. "The U.S. is also widely believed tohave more powerful data processing tools than any other government.There is simply no other spy agency that competes with the NSA[U.S.
National Security Agency]." The study surveyed the laws in 10 countries, and all 10 allow thegovernment to require a cloud provider to turn over consumer datain the course of an investigation. In eight of the 10 countries,cloud providers may voluntarily turn over some data to thegovernment in response to an informal request, the exceptions beingthe U.S. and Japan. Eight countries do not require the cloud provider to notify itscustomer when it turns over data to government investigators.German and U.S.
law allows cloud providers to notify customers,with some exceptions. All 10 countries allow government agencies to monitor electroniccommunications sent through the systems of cloud providers, thestudy said. Eight of the 10 countries allow governmentinvestigators to require cloud providers to turn over informationstored on a server in another country. Germany and Japan do notallow such access, with some exceptions. Grant Gross covers technology and telecom policy in the U.S.government for The IDG News Service.
Follow Grant on Twitter atGrantGross. Grant's e-mail address is email@example.com.
We are high quality suppliers, our products such as Sculpture 3D Model Manufacturer , Custom Model Train Layouts Manufacturer for oversee buyer. To know more, please visits Custom Scale Model Cars.
Related Articles -
Sculpture 3D Model Manufacturer, Custom Model Train Layouts Manufacturer,