Latest Posts

Latest Comments


The US Patriot Act and your data – is it safe?


Posted by |

The US Patriot Act was set up in the aftermath to the horrific 9/11 attacks. The act facilitates the US government in its gathering of foreign intelligence about possible national and international terrorist attacks. There has been a lot of controversy about the implementation of the Patriot Act, with the US government using the act to collect documents and data with remote or highly speculative links to terrorism.

The US government can collect information from any company or data centre with sufficient links to the USA. This includes US companies, foreign subsidiaries of US parent companies such as Microsoft UK, and their data centres around the world. In the second half of 2011, Google received 6,321 requests that it hand over its users’ private data to U.S. government agencies including law enforcement, and complied partially with those requests in 93% of cases. This includes information stored in their European data centres.

Financial and legal organisations are bound by law to ensure their clients’ data does not leave the UK. But for many other organisations not bound by a regulatory framework – other than the not-to-be-dismissed UK Data Protection Act and European Commission’s Directive on Data Protection -concern for corporate integrity makes it important that they know where there data is stored and who is looking at it. With the long arm of the US law enforcement agency seemingly reaching into the EU through less-than-salubrious methods, how can users protect their data?

The problem with the Patriot act is that it uses outmoded legal systems built for single geographical jurisdictions and applies them to an international technical network which does not inhabit any true geographical location. This means that the American government believe that it is acting within its rights to take possession of the data without thinking of the consequences. However, if China or Russia did the same to the American’s data, they would be up in arms about it, perhaps even literally.

The data seizure of Megaupload and the arrest of its founder Kim Dotcom have serious ramifications for end-users of public data storage networks. The United States Department of Justice seized and shutdown the file-hosting site and have since retained the data with no access for users to retrieve their personal files. This is a consumer issue, not just a business issue. Whether personal music files or sensitive private data about clients; security from any prying eyes, including foreign governments, is key. When asked, respondents stated that data security is the most important concern of companies, whether large or small. The location of this data is one of the essential components of keeping it secure.

Even more horrifying is that news this week that following a court case involving Kyle Goodwin, who stored his data on the Megaupload servers. He was in court this week, fighting for the right to access his own data. The US government have told Mr Goodwin that he lost his property rights in his data by storing it on a cloud computing service. According to the brief, the uploading of data to a cloud – not just the controversial Megaupload, but by the terms of the brief also Amazon’s S3, Google’s cloud or Apple’s iCloud – renders your property rights ‘severely limited’. The American government is trying to use ‘standard contractual language to argue that any user of a cloud computing service has, at best, ‘severely limited’ ownership rights in their property’.

The only way to keep your data safe is by storing it in the UK, with a company who have no ties with the USA. This way, they have no remit to peer through your sensitive information.



Post a comment

Comment submitted! Comments needs approval before being displayed.