[x-pubpol] AU: What will you do when the US comes for you?

Thu Jan 26 07:52:13 PST 2012

http://www.smh.com.au/it-pro/cloud/what-will-you-do-when-the-us-comes-for-you-20120125-1qhc1.html

*Hosting your cloud onshore may not protect you when American cops come
knocking.*

Australian organisations destined for the cloud now have the dilemma of
dealing with warrantless demands from US law enforcement as part of their
due diligence, a partner at a top international law firm said.

Connie Carnabuci, a Hong Kong-based partner in global No.2 law firm
Freshfields Bruckhaus Deringer, said recent cases such as the
Megaupload.com arrests this week and the overreach of US anti-terrorism
legislation since 2001 laid bare Australians' data.

In a fillip for her host Macquarie Telecom, which stands to gain from
promoting the idea of onshore cloud computing as it pitches for business
against US data centres, Carnabuci said interpretation of the US Patriot
Act was so broad it captured almost any communication or data held in the
US or by Australian businesses with US "connections".

She related the story of how a Canadian Privacy Commissioner sided with US
authorities to force CIBC to divulge private customer records because the
bank outsourced data processing to a US company.

The Alberta commissioner's subsequent report advised government agencies
not to outsource operations to the US, especially because US secrecy
provisions made it difficult to monitor how the law was used.

The Australian Government's cloud computing directions paper in April said
agencies need to be aware of legislative and regulatory requirements as
compliance may be a challenge for agencies, for example, the Patriot Act".

The Australian Defence Signals Directorate strongly encourages agencies to
"choose either a locally-owned vendor or a foreign-owned vendor that is
located in Australia and stores, processes and manages sensitive data only
within Australia".

"Foreign-owned vendors operating in Australia may be subject to foreign
laws such as a foreign government's lawful access to data held by the
vendor," DSD wrote in a paper titled Cloud Computing Security
Considerations.

Carnabuci said the Patriot Act gave the US a big stick "to compel
disclosure of non-US data, which is stored outside the US".

But she said its interpretation was so broad as to capture an employee of
an Australian organisation in Australia using a server located on Amazon
Web Services (AWS) as could using webmail services such as Gmail: "We don't
have a clear answer".

Carnabuci said in each case, it was subject to US laws and may have to
fight here and in the US demands for its records.

Australian organisations could face a "damned if I do, damned if I don't"
paradox, compelled by the US to divulge information that was illegal to
hand over under Australian privacy laws.

Although he was charged under US copyright statutes, the recent arrest of
Kim Dotcom or Schmitz, the founder file-sharing site Megaupload.com,
highlighted US extraterritoriality, Carnabuci said. US authorities relied
on the fact it had servers in the US and was a .com.

"What we're seeing is the legislation is being used quite liberally and
connections to terrorism is quite remote and may be speculative," she said.

"The American economy is still in the doldrums and is an economy where
there's a very strong imperative to position one's self in a protectionist
way."

Australia was in a position to become a safe haven for data outside the
reach of US law enforcement owing to our strong privacy laws but there was
a tension between the political and commercial, she said.

"International data handling will become a free-trade issue; most
businesses are so heaviy weighted in handling info, they are heavily data
dependent."

-- 
---------------------------------------------------------------
Joly MacFie  218 565 9365 Skype:punkcast
WWWhatsup NYC - http://wwwhatsup.com
 http://pinstand.com - http://punkcast.com
 VP (Admin) - ISOC-NY - http://isoc-ny.org
--------------------------------------------------------------
-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.isoc-ny.org/pipermail/x-pubpol-isoc-ny.org/attachments/20120126/8341dd67/attachment-0001.htm>