With most of the big tech companies trying to get users on the cloud, questions have been raised about the data protection. We are not talking about data protection from hackers but rather from the government.

Concern have been raised about the boundaries of the US Patriot Act. Some have been suggesting that the Act requires them US-based companies to give user data to the US government, if asked for it, regardless of the location of the server. None of the big three – Google, Microsoft and Apple – had given a definite answer to this question until now.

Microsoft answers the question

At the Microsoft Office 365 launch, Gordon Frazer, managing director of Microsoft UK, was asked about this.

Can Microsoft guarantee that EU-stored data, held in EU based datacenters, will not leave the European Economic Area under any circumstances — even under a request by the Patriot Act?

Frazer replied that the US Patriot Act will apply to those servers not located in the US as well and that they have to hand over data if requested by the government.

Microsoft cannot provide those guarantees. Neither can any other company.

Richard Stallman have been warning about this

This will not come as a surprise to those who have been reading Digitizor regularly. Late last year, Richard Stallman, the founder of the GNU Project and the Free Software Foundation, had said the exact same thing about using the cloud services from these US based companies.

In the US, you even lose legal rights if you store your data in a company's machines instead of your own. The police need to present you with a search warrant to get your data from you; but if they are stored in a company's server, the police can get it without showing you anything. They may not even have to give the company a search warrant.

This is absurd

I do not have any illegal data, but this has me concerned. I am not a citizen of the US and have never been there. I do not have any problem with my government or the government of the place where the data is stored wanting to get access to my data for legal reasons. But, I find it outrageous that the US Government can still get my data stored outside the US only because it is handled by a US based company.

Let us consider an analogy to this. The many Indian IT companies handles a lot of data and projects from many major US-based companies. This means they have access to data from these US companies including customer data, company data etc. So, these Indian IT companies are handling the data for these US-based companies.

What if India makes a law similar to the US Patriot Act? Will these US companies, government and citizens like it if the Indian Government gets access to all these data only because they are handled by an Indian company?

What users can do

Unfortunately, there is not a lot that users can do. The service provides so much convenience that it is next to impossible for many to even consider leaving these services.

So, what users can do is encrypt the data stored in the cloud using some strong encryption algorithm. It does not guarantee that no one will ever see your data, but it makes it harder.

[image credit: 1, 2]