US slams Australia’s on-shore cloud fixation

52

news The United States’ global trade representative has strongly criticised a perceived preference on the part of large Australian organisations for hosting their data on-shore in Australia, claiming it created a significant trade barrier for US technology firms and was based on a misinterpretation of the US Patriot Act.

The Office of the United States Trade Representative (USTR), recently released “The 2012 National Trade Estimate Report on Foreign Trade Barriers (NTE),” that surveys significant foreign barriers to US exports. The issue of cloud computing was a major barrier, it was felt.

A number of US companies had expressed concerns that various departments in the Australian Government, namely, the Department of Defence, The National Archives of Australia, the Department of Finance and Deregulation, the Australian Government Information Management Office (AGIMO) and the State of Victoria’s Privacy Commissioner had been sending negative messages about cloud providers based outside the country, implying that “hosting data overseas, including in the United States, by definition entails greater risk and unduly exposes consumers to their data being scrutinised by foreign governments”.

The cloud issue is not a new one. In August 2011, the global head of CSC’s cloud business, Siki Giunta who was present in Australia to launch BizCloud commented that she felt that there was a lack of collaboration between the Information and Communication Technologies (ICT) industry and the Government in Australia. However, Glenn Archer, First Assistant Secretary at AGIMO, said the AGIMO had, in fact, been working very closely with industry for many months through the Australian Information Industry Association (AIIA) Cloud Task Force.

Recently, Acting Victorian Privacy Commissioner Anthony Bendall highlighted some of the privacy concerns with cloud computing, particularly in its use by the local government. He said the main problems were the lack of control over stored data and privacy, in overseas cloud service providers. He felt that data security; accountability for data breach; and differing privacy laws were concerns that needed to be addressed, when considering storing information and data, especially relating to the government, in a cloud.

On the issue of privacy concerns, the report stated that there seemed to be a misinterpretation of the applicable US law including the US Patriot Act and regulatory requirements. In November last year, draft legislation had been introduced in Parliament, banning the overseas storing of Australian electronic health records. The report claimed this to be a significant trade barrier for US information technology companies with data centres in the US and other countries. US industry sources have appealed asking for a risk-based approach to ensure the security of sensitive data as against a geographical one.

In the telecom section, the report stated that the structure of the National Broadband Network Company, NBN Co, (responsible for implementing wholesale broadband services in Australia) could enhance non-discriminatory access to network services for overseas companies including US companies, as the NBN would not compete in retail markets. The United States expressed concern that foreign equity limits in Telstra, were still capped at 35 percent, and the individual foreign investors could own only up to 5 per cent of the company. The report stated that the US Government would monitor the development of the NBN to ensure that competitors obtained fair access to services and customers.

opinion/analysis
This is pretty much what you’d expect from the US Government — it’s looking out for its own interests and trying to push Australia to conform with it. However, I don’t view the US Trade Representative’s views as legitimate, when examined from an Australian perspective. US cloud computing companies such as Salesforce.com, Rackspace, Amazon and Google have committed very little infrastructure to the Australian market, and analysis after analysis has warned of the data security dangers of storing sensitive data in jurisdictions covered by US legislation, which can, at times, allow the US Government unprecedented access to private data.

I would hope that Australia’s large organisations, and our governments, ignore this criticism from the US. Cloud computing companies are completely free to build infrastructure in Australia, and it’s not a trade barrier when some organisations simply don’t want to buy your products because of some portions of your government’s legislation. In fact, it’s probably true that Australian companies view the Patriot Act as a trade barrier to dealing with US companies. Perhaps Australia’s own trade representative should lobby to have it repealed? ;)

Image credit: Krystle Fleming, royalty free. Opinion/analysis by Renai LeMay

52 COMMENTS

  1. Agreed. The USA can build local infrastructure to host the local cloud to pacify security concerns and be content with us simply transferring dollars rather than data back to the USA.

    Also takes pressure off our datalinks to off-shore clouds.

    • Didn’t Microsoft suggest a while back that it was irrelevant where the servers were? If they’re owned by a US company the data falls under us jurisdiction.

      • Jutin yes you are correct
        if it is in the usa it then falls into us law
        regardless of data private or public
        this is why most australian will not use any us cloud servers
        you same a movie and they scan for it it gets deleted and you get a very nasty email
        they can scan all emails and data under some sections of their securiuty act
        so this little black duck will just store all my stuff on external hard drives at home safer than a cloud
        and easier to retrive no log jam in the network!
        i personly think cloud services will be dead in about 12-18 months as people wont take advntage of them to teh fullest especialy if your on a low internet plan!

    • US Companies operating in Australia hosting local data give rise to potential conflicts and issues. For example the US company may find that it is being served with a US warrant to divulge local Australian data contrary to Australian law. Such a situation puts even a well meaning company right between Scylla and Charybdis. Another possibility is that while Australian data is nominally hosted in Australia there may be backups or redundancies outside of Australia.

      However I don’t feel particularly sympathetic to Kim Dotcom. This person has a very checkered history and was clearly operating contrary to various laws. As where many of his customers. That is very different from a legitimate cloud hosting company.

    • As an American, I can only say, “RUN YOU FOOLS!!!”. It is too late for us, but you can still save yourselves. Do not let the US government get a single tentacle into any of your orifices or you too will be infected by this monster – it needs to be burned with fire.

  2. Agree on your opinion Renai.

    Our company provides cloud services storing confidential data for organisations with Aust. Govt. contracts.

    The US Govt. has the right to access any data at any time stored on US servers. This is not compatible with Australian client confidentiality requirements and the national privacy principles.

    If the US removed their draconian powers, then we would be in a position to use their cheaper cloud based options. While those powers exist, they won’t be getting business from many countries, not just Australia.

  3. “In fact, it’s probably true that Australian companies view the Patriot Act as a trade barrier to dealing with US companies”:
    The word probably is very much redundant.

    • The word probably is very much redundant.

      Very much redundant?
      are there different levels of redundancy? ;-)

      this post brought to you by the department of redundancy department.

  4. US companies are generally very happy to hand data over to their government. Why on Earth would anyone want to put their data into a US-based cloud, operating under US law and answering first and foremost to US government agencies?

    • I am a US citizen, and I do not trust the US government with my data. To expect foreigners to do so is asinine.

      Perhaps this will be the wake up call the government needs to reign in its heavy handed power grabs. Or perhaps Australia is the next country that will find itself liberated by the US military. It worked great in Iraq and Afghanistan!

  5. Let’s add a compulsory additional 200ms latency to every network interaction the Office of the United States Trade has to make and then see what they say.

  6. jeesh – do you reckon that might offer up what they believe to be “correct” interpretation of the Patriot Act instead of just saying that it’s been misinterpreted.

    And if it’s acknowledged as being ambiguous, and that ambiguity is constraining the success of US companies in global markets, wouldn’t that be a good reason to amend it?

  7. Several problems from my perspective. Firstly, the US government has shown no qualms laying claim to foreign run data sources, and websites, going to the point of extraditing British nationals simply because a website had a .com extension. A website mind you that was perfectly legal in Britain, where the person lived, and the website data was hosted.

    They have siezed hundreds, if not thousands, of websites, simply because they have a .com extension. These websites have been given zero opportunity to plead their case, or defend the seizure. They have simply lost their site, and all data pertaining to it.

    They have siezed hundreds of millions of dollars of assets of ONE company, and put every possible roadblock in their way to defend themselves. Records by a third party that may be crucial to their defense will be destroyed, because the US government wont release money to pay for the server upkeep.

    A company that seems to have been prejudged as guilty, that has had their defense evidence denied them, their CEO under permanent house arrest until they determine whether NZ law can extradite him or not, and the US government is even trying to deny them their preferred law team.

    These are not the actions of a non-partisan government. To be blunt, I wouldnt trust the US Governement with ANY data storage laws, they have shown they are too willing to abuse the responsibility. And that data only needs the most minor of links to the US for them to act.

    Keep it local, keep it ours.

    The US Government is doing everything in their power to destroy the concept of cloud computing. Whether thats their goal or not I cant tell, but its heading towards that being the outcome. Biggest issue is that one countries set of laws arent everybody’s set of laws, and to expect them to be is tantamount to war.

  8. Even if we disregard the security implications (which any sane business wouldn’t) the performance issues are enough for Australians to want local hosting. I work for a company based out of Boston and they use a lot of the cloud services (Salesforce etc) I often face problems or just general slowness using our hosted services because everything is hosted out of the US. I go through periods where the sites are painfully slow to load etc.

  9. Hell yeah, go with the US cloud servers… worked a treat for Kim Dotcom… and the thousands of customers who have their personal data locked in the bowels of the FBI

  10. On behalf of all the Americans that *do* have a brain (certainly not government officials), I’d like to offer an apology. Seriously.

    Given how loose the U.S. government has been with regard to people’s data, I wouldn’t store anything on U.S. soil, either. I find it immensely disturbing that our own government can’t acknowledge how stupid they sound right now.

    So anyway.

  11. If the US didn’t have such dick laws, compared to Australia, and make it so difficult for small to medium business for cross-border enforcement under agreed respective laws, this wouldn’t be an issue. But as a citizen of a country which is subject to numerous international covenants that the US refuses to sign up to, their objections are just stupid. ‘The only freedom you can have is the freedom to agree to our freedom’. As the kids say, DERP.

  12. I totally agree with the concerns of the Australian government and I do believe they have a legitimate argument. The US has a bad reputation for doing anything they want, and storing that data in such a volatile country would be a detriment to Australia and undermines the countries economy and trade. There are plenty of conspiracies floating around, but the one that concerns me the most is that a “cloud” provider seems to be mainly a US company where the servers are on US soil. Based on past precedence, the US government has close relationships with these cloud providers: Google, Amazon, etc., which raises a red flag for any country using these services. What a great avenue to be able to collect and analyze data from other countries. Australia – Stand Your Ground.

  13. Wait for a mirror suit from China, complaining that US DoD, Raytheon etc… refuse to use Chinese cloud providers. U.S. looks utterly ridiculous when they attempt to force others to do what they would never accept.

  14. Might as well let US companies host the data if it’s cheaper for you, we’ll seize your data no matter where the computers are located if it’s a .com address…

  15. this is *so* sick. the us government must truly believe to be the ruler of the world measured of their imperial behavior…

  16. I’m shure, burning secret gouvernmental papers in Australia only and not to send them for that purpose into the United Staes is a unforgivable violation of various trade treaties…

  17. Several years ago, we acquired a small US health company. There is no possible way of legally hosting their data in Australia.

    This criticism is pure hypocrisy.

  18. As a US citizen, I would honestly prefer to store my data outside of US jurisdiction for the very same arguments expressed in this article. Lots of people in the US are really appalled at the things our government does; we’re trying to change it. I hope you and your government (and governments around the world) will stand up to the US, and send a clear message that this attitude of superiority is unwarranted and unacceptable.

  19. America has proven over the past few years that they respect no other law except their own. Anything people upload to American based or owned hardware should be assumed to be readily accessible the US authorities; any other reading of the situation is just stupidly trusting.

    America doesn’t even respect its own constitution internally anymore, and the President orders targeted assassinations of his own citizens, and all you have to do is point at something and call it a terrorist or a terrorist sympathizer and their rights evaporate.

    If America wants people to trust American businesses, then America and American businesses first have to become trustworthy again. They might start by actually following their own constitution and granting their own citizens the rights mentioned therein. Again.

  20. As an American I can lay this out very clearly for you all. America is rapidly becoming a fascist nation. Stay away. Avoid doing business here. Our intense police state build-out is accelerating. The spying powers, spying laws, and police militarization are getting worse every year. In the short span of 15 years, we’ve rolled over and gone an anti-freedom and anti-privacy direction. Our government has doubled in size in that time, and its appetite is voracious. I’m 30 years old, and it was a beautiful country to grow up in; such is no longer the case, this ain’t your grandpa’s America.

  21. As a person, living in the U.S. ( I don’t consider myself an American because this country has repeatedly denied me basic, guaranteed rights), I applaud the Australian government in it’s decisions. I fear for my freedom, here, more and more, every day.

  22. Little correction: The Act is called USA PATRIOT Act, not US Patriot Act.
    PATRIOT is not a word but an acronyme. It has nothing to do with patriotism. And the first part of it has nothing to do with the United States of Amerika.

  23. Poor old US. I’ve visited a fair number of US based cloud sales managers in the last few months. Every one I meet I put the same question about the Patriot Act.

    I usually get one of these responses:

    1. there are no issues. Your data is perfectly legally safe in either the US or Australia. So I ask for that in writing from their legal counsel (yet to get any written responses).
    2. they might ask us, but we’d say “no”. For sure. Righto I say, picture there are 10 armed FBI officers present in your CEO’s office back in old USA, you guys are so nationalistic they’d either force you to do it or you’d cave. When they denied the nationalism, I remind them it’s called the “Patriot Act” for a reason.
    3. the US govt would never do anything like this. I give them the example of the hundreds of domains they impound for “online gambling” – as well as the fact that to date it hasn’t happened but it’d be mighty tempting for a government to be able to threaten to conduct a virtual blockade or sanction against an ally for some particular purpose.
    4. they might ask us to hand over data, but we’d say “no” as we’d lose the rest of our overseas customers. Well my take on this is that they have two problems: (1) they don’t really have many customers to lose (2) they have to comply with the law regardless on their ethical take.

    Finally I say, if you guys don’t like this, get your US based CEO to start lobbying to have the Patriot Act removed or modified.

    I reckon it’s something that should be include as part of a Free Trade Agreement.

    • Just the fact that they acknowledge that the US government can ask for your data is enough for me. I wouldn’t even care if they were 100% faithful to their word no matter what, the fact that it can be asked for, and knowing the US they will be loose reasons, is plenty enough to keep my business out of the US cloud sector.

  24. They are slamming us for wanting to keep our dollars onshore? How repulsive. Also, the fact is, there are security issues involved in transfering data over long distances, period. There are security issues in relying on a foreign entity with foreign laws to keep your data safe, period. And to top it off, why would *I* as an australian, WANT to drastically increase my latancy in accessing my data if it could be avoided?

  25. As an American I totally agree with Australia, the US government created this problem and now they have the gall to complain about it and insist you comply? Total SNAFU and the height of hypocrisy. Please don’t bow to the pressure, in fact as the author states it’s Australia (and others) that should be the ones complaining and pressuring the US. Personally I look to store my own data outside the US, which given the reach of the US isn’t even much of a protection.

    BTW there are some providers here in the us that do push back and just don’t bend over to every requests of the government, however be warned they are very few and far between. However once there are “badges at the door”, 99.99% will comply.

    Let me echo another sentiment expressed by some comments from Americans in this thread – I’m 37 spent my whole life here, it’s no longer the same country I grew up in as a kid, and many of us can see a return to those days is highly unlikely no matter what action we take as citizens, the rubicon has been crossed. After 235 their isn’t anything seriously wrong with the firmware but the OS is in serious need of a reboot, .

    @TenTen – Here’s a tip when it comes to the titles of most legislative works since the 90’s in the US, whatever the title of the bill is, the content contained in it does the opposite or produces the opposite effect what the title would have a layman imagine.

  26. I’m a German, and I’m trying to use mostly european services too. Why shall I host my files in the US. It’s silly enough that they did a biometric eye-scan for my new pass only for sending it to the U.S (it’s a new GERMAN pass btw, Germany is not saving this data!), so why should I sending my personal data to this hypophobic country. Maybe I’ll write a presentation about some Mountains in the Iraq as a school work someday, and two years later they’ll take me to prison if I want to visit NYC. Nah, if I have the choice between a fast & shiny Dropbox in the US and a terrible slow australian or german/european Dropbox, I’ll ever take the second one!

    It’s great that this kind of thinking is so popular in Australia that the USA is crying about it. :-D In Germany is US = cool, (okay, actually it’s more Apple = cool, but iCloud means storing your personal data in the US in the end).

  27. US citizen and resident here, and while I love the US (the country), our government seems to be smoking more and more crack every day. This is beyond ridiculous for a variety of reasons already noted. I maintain my own “cloud” for security/privacy reasons, and would hope Australians and their government would give these protestations the dismissal that they deserve.

    Maybe one day our government will realize how much money they are losing, for themselves and US companies, with their actions. Because that’s about the only way things will change (SOPA-style uprisings notwithstanding, though those are rare and the nefarious perpetrators of that monstrosity are already trying different plans of attack).

    As for “dick laws”, yes, many of ours unfortunately are. Companies can be even sued in the US by other countries’ government-funded research organizations over invalid patents — re: CSIRO & WiFi (sorry, couldn’t resist :)

  28. It’s so much better being onshore sometimes due to things such as speed and latency (especially latency…not that it’s too too important in cloud services it’d still make it noticeably quicker…)

    That’s the way I think of it. I don’t care if my data is in the USA as I don’t do anything suspicious or illegal nor would any cloud storage service be my only backup EVER.

    I mean have a look at how much of your personal data is offshore, or able to be accessed offshore, you call telstra and who is on the other end identifying you? do you have GMAIL, where does google have data centers again (I think google has servers here too but your data is DEFIANTLY in the USA).

    You see we are just so screwed in this day and age so all we got to bank on is that there are too many of us using cloud services for any close monitoring to go on.

  29. Most of our clients are Aus gov/educational. The solution is very simple yanks: if we buy hosted space in the nebulous ‘cloud’ that is the US of A, then change your laws to make this space sovereign.

  30. Isn’t this all kind of a moot issue? Who cares if your list of sales clients and the notes from your sales calls is stored in an area that is in jurisdiction that could allow the US government to check into it to look for terrorist activities. I’m not logging super sensitive data about anyone into salesforce.com so who cares? They’re probably not ever going to look but even if they did – so what?

    • What about hosted email, sharepoint? WRT govt data, your health records, tax returns, banking details?

  31. I care about thieves getting my bank details but the government? Again- so what? What are they going to do? I don’t get the fear.

    • Oi, JDUB…..

      How about you give me all the money in your wallet? I promise i wont spend it, i will only hold onto it. Being that i said that i am not going to use the money, you shouldn’t have a problem with it right?

      Use that same same, and swap the words ‘money in your wallet’ with ‘data on your sever’.
      Still think the same way?

  32. So you’re fear is that the US government, under the guise of the patriot act, will access your banking information and steal your money? Really?

    • Frankly, I personally would prefer it if no government or private sector organisation had any access to any information about me unless it was information that I chose. Access to bank details in particular has the potential to map out a complete picture of your life.

      For example, say I met a confidential source for coffee at a certain cafe and paid for it with my credit card. Say that source worked upstairs from said cafe, and was giving me information about secret government programs. If law enforcement wanted to make a case against me, they could use that information to establish a case for searching that source’s files.

      You may laugh, but I’ve seen plenty of similar things happen to other journalists in the past. The less people who have access to your supposedly private information, the better.

    • Of course the US government don’t seize your money. That’s what Paypal, Mastercard and Visa are for. And in the case currently before NZ courts, Universal. Or in the case of Airbus, Boeing. Then again, there’s ICE for your TLDs. And Border & Customs for all the data you take in and out of the country.

  33. Hmm, yes I really want to host my data as far away from my place of business as I can. Latency is good.

    FFS.

  34. As some people have mentioned iCloud does present an issue.
    I may need to read the DSD restriction on iOS 5 to see what they found.

    Apple site of what backed up.

    “What is backed up

    You get unlimited free storage for:

    Purchased music, TV shows, apps, and books *

    You get 5GB of free iCloud storage for:

    Photos and videos in the Camera Roll
    Device settings (for example: Phone Favorites, Wallpaper, and Mail, Contacts, Calendar accounts)
    App data
    Home screen and app organization
    Messages (iMessage, SMS, and MMS)
    Ringtones”

    Don’t know if they include actually email content but it does seem to include mail contacts which may contain information covered under the privacy act. Not to mention SMS MMS and photos taken with the phone.
    Data for LoB applications that is cached on the phone?

  35. As a professional web developer from the United States, and still living there, I have to say that the country has gone insane in several ways, and if I have a choice, I no longer host data on domains under US control or with US companies. I’m even troubled when overseas companies open US offices, thus bringing some of their operations (all of them?) under US control (I’m looking at you gandi.net).

  36. ” US cloud computing companies such as Salesforce.com, Rackspace, Amazon and Google have committed very little infrastructure to the Australian market, and analysis after analysis has warned of the data security dangers of storing sensitive data in jurisdictions covered by US legislation, which can, at times, allow the US Government unprecedented access to private data.”

    This is because cloud computing requires fast, cheap broadband which Australia presently lacks.

Comments are closed.