US ambassador slams Australia’s “cloud protectionism”

38

blog Those of you who pay attention to such things will remember that the United States Government doesn’t appear that happy that many major Australian organisations prefer to host their data in Australian datacentres, instead of in the plethora of such facilities located in the US. Well, now the US rhetoric on the issue has escalated further, with an opinion piece published this week by the US Ambassador to Australia, Jeffrey Bleich. In the piece, published by the Sydney Morning Herald (we recommend you click here for the full article), Bleich writes:

“Like people who once thought keeping their money hidden under the mattress was better than having it in a bank, some voices across the region, and even in Australia, have called for limiting the flow of data across borders, and requiring firms to install local data centres in each market to ensure local ”control”. This ”beggar thy neighbour” protectionism would be just as self-defeating in the digital economy as in every other sector.”

Personally, I find this kind of article incredibly hypocritical. It’s precisely this kind of imperialistic approach which gets the United States offside with so many other countries. Can you imagine the uproar which would greet any Australian company which suggested the US Government should stop being so dogmatic about hosting its data in US datacentres, and look overseas for other options? Yeah. You can’t simultaneously focus on protecting your own country’s interests and then get antsy when other countries try to protect theirs.

As I wrote when the US Trade Representative raised this issue in April this year:

“This is pretty much what you’d expect from the US Government — it’s looking out for its own interests and trying to push Australia to conform with it. However, I don’t view the US Trade Representative’s views as legitimate, when examined from an Australian perspective. US cloud computing companies such as Salesforce.com, Rackspace, Amazon and Google have committed very little infrastructure to the Australian market, and analysis after analysis has warned of the data security dangers of storing sensitive data in jurisdictions covered by US legislation, which can, at times, allow the US Government unprecedented access to private data.

I would hope that Australia’s large organisations, and our governments, ignore this criticism from the US. Cloud computing companies are completely free to build infrastructure in Australia, and it’s not a trade barrier when some organisations simply don’t want to buy your products because of some portions of your government’s legislation. In fact, it’s probably true that Australian companies view the Patriot Act as a trade barrier to dealing with US companies. Perhaps Australia’s own trade representative should lobby to have it repealed? ;)”

38 COMMENTS

  1. Right. All they have to do is change thier own laws, and we’ll happily store data in their jurisdication. Easy…

    • +2. World’s leading empire of hypocrisy.

      What I don’t understand is, who the Ambassaador is talking to… surely everyone with cloudable data is aware of all the matters mentioned here in the comments. Unless he is just giving directions to the Australian Government… but I thought even the State Department was a bit more subtle than that.

  2. Ahh Jeffrey Bleich doesnt seem to understand that Aussies can get their stuff hosted in AU now days for as cheap as U.S.

    But I suspect this is more of a dummy spit because we’re smart enough to not let them use the Patriot Act to troll Aussie data which is lawful if hosted in the U.S. but unlawful in AU.

    Guess they’ll just have to find other ways of spying on us Aussies eh.

    • Aus and US have intelligence sharing arrangements, if they arent allowed to spy on us, then they get us to spy on ourselves and report back to them, pronto.

    • Based on other legal decisions, where a .com address extension was enough for US laws to apply, I dont think the centre being based in Australia will stop them from claiming their laws apply.

      Which is a worry for all cloud computing.

      • The obvious follow-on question to that:
        Would Amazon complying with a Patriot Act requirement on data stored in Australia cause them to breach Australian data protection law?

        The legal complications there could get nasty…

  3. Up yours Jeffrey Bleich, I want more investment of data centres and cloud infrastructure in Australia. We also need to grow our own economy and becasue this may impact on yours, who cares, suffer in your jocks mate.

    • Exactly, the total lack of interest by the US in returning access to the data stored by megaupload to the many innocent users, makes the US a poor choice for cloud storage.

  4. Given how smart Bleich is (and he’s boy-genius smart), I’m a tad surprised he allowed this to be published. Yes, he has masters at home, and has to toe the line with US policy, especially given his job, but he’s usually more subtle than this.

    I’m hosting out of the US as I have long-established sites and a well-priced, efficient host I used before it got cheap at home. If I had the time (or someone pointed me in the right direction) I’d certainly consider moving.

    The biggest issue for Australian organisations (having done a lot of work in and around Australian government, it’s a HUGE issue) is the capability to host onshore, under Australian data management laws (as behind as they are) rather than being subject to US (mostly) laws where data is arguably less safe from vexatious legal action.

  5. “Like people who once thought keeping their money hidden under the mattress was better than having it in a bank”
    To complete his analogy, he thinks we should be putting our money in somebody else’s account.

    • American banks have such a good track record as upright corporate citizens with their customers interest at heart. As it is your data is safer in china if you bribe the right people.

  6. Yup, Patriot Act. Also, the US-Australian Free Trade^ Agreement.

    ^ Which the US defined to mean “Buy all our crap, follow lock-step with us in foreign policy, and implement our draconian laws (DMCA, etc.) and we’ll think about buying a tiny bit of your crap. Maybe.”

    • That about sums it up for what Howard signed us up for. Now, what were they threatening him with, to get him to sign such a woeful deal? Surely he was not so dumb, so it must have been under duress, for as Prime Minister, he has to place Australia’s interests first, or he is guilty of the betrayal of his oaths of Office.
      Hmmm, lets lock him up! He betrayed us.

      • I don’t think Howard sold us out per say. Consider DFAT’s announcements on ACTA – discussed in many articles on Delimiter – they recommend its adoption and didn’t feel that Australia’s laws would have to change very much. Our public servants wouldn’t be invited to international conventions and wouldn’t be global movers and shakers if they didn’t sing the song when they got back home. The politicians are nothing more than beauty queens, there to pose for the camera’s. You want to see where things are going wrong, look to the Federal bureaucracy and its very broad interpretation of its role.

  7. I heard a good story on NPR which explained a major issue with storing data in the US. If you store data on a server for more than six months then it can be accessed without a warrant. This rule was implemented in the 1980’s way before webmail and cloud storage came into widespread use. The US senate is trying to change the law.

    In the meantime, I’d like to remind the US ambassador of a famous American saying: The customer is always right. If they want data protected by Australian law, then have the right to get it. If you want to do something about it, do something positive to make the concerns go away.

  8. My company is bound by regulation of APRA, “that described cloud computing as a new form of outsourcing or offshoring that required its approval.”

    http://www.itnews.com.au/News/322297,banks-mull-two-speed-it.aspx

    “cloud computing is still untested technically and legally”
    http://www.itnews.com.au/News/238817,regulator-warns-australias-finance-industry-on-cloud-risks.aspx

    “concerns that should be addressed relate to ”
    “confidentiality and integrity of sensitive (e.g. customer) data/information; ”
    http://www.apra.gov.au/crossindustry/documents/letter-on-outsourcing-and-offshoring-adi-gi-li-final.pdf

    Any U.S. Government act which does not allow U.S. datacenters to abide by the confidentiality of customer information, will not be getting our data.
    Other countries which do not have such regulation will be open to investment.

  9. I would happily store my stuff in the US – as long as I get guarantees that keeping it there doesn’t give the US Government right of access.

    Presumably the ambassador promised that this would be addressed and US laws would be fixed?

  10. Well when the US Government has no issues with storing their data here in Australia, then I guess the Australian Government won’t insist it has to have their data stored in Australia. That was simple.

  11. The value of not choking our comms links to the rest of the world just fetching local data might be worth something too.

    And It might help reduce the US centric dominance of Internet flows.

    Until we’re the 51st State ;-)

  12. Hmmm … geez … I’m a bit bemused by this whole discussion. Yup, I wish that the future wasn’t coming at the same rate as well … the present suits me just fine I suppose … but I have little control over that. My sense is that we are heading into a global digital economy with Amazon, Google, Salesforce et al as its vanguards. Stick your fingers in your ears, cover your eyes, do what you wish …

    These companies (tax issues notwithstanding) are global … with points of presence and employees throughout the world … so it is not simply a matter of “evil” American corporations … though of course there is an element of this imperialism.

    What Australia needs to do as a digitally aware nation is learn how to play hard and fast by the new rules in order to develop survival skills. These skills can only be learned by being in the game and playing to win. Pretending that we, a nation of 20 odd million souls, can develop our own rules in this corner of the South Pacific is a fundamental folly IMHO.

    We should be aiming to participate fully and aggressively in the global digital economy so that we can benefit from the investments in capacity and innovation being made by the global (at this point US) leaders in order to boost our own productivity. Then we will develop the skills to add value to these global offerings locally and then to maybe even develop our own offerings to export to the world. Open your eyes …

    This “global competition should be blocked and banned to defend our local cottage industries” logic has never worked in the past to build sustainable and competitive local capabilities. I agree that the issues are complex, difficult and inconvenient for vested local interests … but the Amazons and Googles of the world, and their replacements, are charting the future of the ICT industry … like it or lump it. I’d rather my children knew how to develop and implement secure cloud services to export internationally than how to buy and operate infrastructure which anyway is necessarily imported from US corporations.

    “Hold your enemies close” … learn how to do what they do … but better … and (of course) how to make them pay their fair share of local taxes!

    We can’t put this genie back in the bottle. All we can do is work out how to use its power to our own advantage. This requires experiences and skills which are only gained by hands on experience of how to play safely on a global digital stage. The time for theoretical discussion is running out … the only thing that will count is practical experience.

    Protectionist logic simply delays the rate at which we as a nation gain that experience …

    • I’m fine with global companies operating in Australia, the part I am not comfortable with is the fact that because the global company is incorporated in the good OL USA that that our data comes under US laws

    • Sorry Steve, it’s not all about “local cottage industries”.
      It’s about data, and the laws that govern the use and storage of that data.
      Take the humble TFN. There are laws and regulations surrounding how and where this small piece of information may be stored by Australian financial systems.
      Putting a small piece of information like this onto a disk drive on U.S. soil suddenly creates issues in Australia, as well as the U.S.
      The U.S. Ambassador doesn’t seem to understand that this is more than just a decision regarding cost and accessibility of data. There are some fundamental laws here that need re-writing, and not everyone is sure they need changing.

      This is why the NBN is such a boon for Australia. It opens the way for companies like Amazon to place datacentres in Australia, allowing financial data to be store here without all the legal issues.

      • Does the soil that the data centre is built on really matter these days? My understanding is that a US Corporation is under the same obligations to comply with lawful requests for data access from US intelligence and justice agencies irrespective of the physical location of the server. So if Amazon hosts the data in Sydney, Singapore or the USA it, in practice, make no difference in terms of the potential exposure to data access by the US Government . If the data is hosted for an Australian domiciled company then that company needs to ensure that it remains compliant with Australian regulatory and legal obligations … which is easier (of course) if the data remains resident in Australia and is held by an Australian-owned company … but it is not impossible or illegal or immoral for the data to be hosted offshore by a US company as long as the contract ensures that the company hosting the data does so to the required audited standards of best practice and regulatory compliance.

        Has anyone had definitive legal opinion on this? I understand the desirability of protecting local interests but we need to do so based on factual positions not just scaremongering …

        • @Steve,

          Yes there are definite actual matter of fact legal issues.

          Apra (superannuation regulator) has an issue around notice being required to apra and that the offshore site needs to have the same level of data security as Australia.

          ASIC I’m pretty sure has also got some regulations for pty ltd companies.

          Patriot act remain the big elephant in the room – whilst software providers seem pretty blasé about this one, average joe on the street is more conservative as to implications as to where they store their data.

          In a international context, we’re not alone. Much of western Europe has the same concerns.

          There’s a great video on ninefold’s site about data jurisdiction (yes as a Aussie provider they have bias, but the vid is a good explanation).

  13. Like people who once thought keeping their money hidden under the mattress was better than having it in a bank…

    Possibly not the best choice of analogy, given the state of the US banking industry at the moment.

    Did the Germans ever get their gold back? Not that we are in any doubt whatsoever about where exactly this god really is, but, errr, just tell me did they actually get it back?

  14. Hi everyone,

    I’d like to offer this link to the data privacy policy of Rackspace, which was released when the new data center in Sydney was announced:

    http://datacentre.rackspace.com.au/data_privacy.html

    Scroll down a bit to see the letter from Alan Schoenbaum, General Counsel of Rackspace.

    Hope it helps to clear up and inform regarding some of the legal questions in this discussion.

    • Thanks Carl – that’s an interesting link.

      I was under the impression that the purpose of the Patriot Act was that it sidestepped the MLA stuff altogether; will be looking into whether this is the case or not.

      Cheers,
      L

    • Thanks for this Carl … very helpful. The bottom line is that LEAs will always be able to access data where ever it is located if they have a lawful purpose supported by agreement between the relevant government agencies involved … this is just common sense. The key issue, quite rightly, is that some countries legal frameworks are more trustworthy than others … so it matters where the data is located.

      Trustworthy cloud service providers will locate their data centres in trustworthy countries and work very hard to maintain confidence and trust through compliance with the laws of the countries in which they operate. The ‘best of all worlds’ scenario is large global cloud services providers with networks of data centres that enable data to stay in its country of origin if that is what the customers wish = global economies-of-scale + on-shore data.

      This is, however, the start of a phase of globalisation of ICT systems and trans-border data flows. My view is that we are better to learn to operate safely in the global digital economy than to pretend that it is always safer to operate locally with “data under the mattress” thinking.

      Some data, in some circumstances, in some organisations may well need to stay local (fair enough) but this does not mean that all data, in all circumstances and in all organisations can or should stay on-shore if we are to fully take advantage of the productivity and innovation benefits of public cloud services.

      • Steve,
        you refer to “data under the mattress” as if the cloud services offered in Aust are second rate, insecure, and short sighted. Is this really the case? If Rackspace, Amazon and others are offering Aust hosted storage, surely what we have on offer is as good as that any where else? While the Ambassador may like to suggest we are putting our data under the mattress, what we are really doing is putting our money in an Aust bank, rather than a US one. It’s a furphy! Why go overseas if we get the same service here? The danger is that we will never develop a first class cloud service here if companies keep using overseas storage. We need companies like yours to encourage local storage so that we create a better ICT industry here, with more local jobs, rather than chasing savings of the odd cent o/s. PS – do you put you money and yor super in companies based in the US and subject to US law, or in those based here and subject to our laws and scrutiny?

        • Hi Saalbach, you are right … by “data under the mattress” I was referring to in-house local IT storage … in the sub-scale, under-invested, under-skilled, under-secured, sense revealed by many audit reports. I am all for the view that Australian cloud services providers should take on the world and both provide world-class services domestically and export these services as a trustworthy cloud service hosting nation. To do this, however, my view is that we need to embrace competition and resist being lazy about the creation of unnecessary barriers to trans-border data flows as a trade protection mechanism. Our cloud services industry needs to be founded on genuine points of service quality and differentiation … not on the crutch of protectionism and scaremongering.

          I understand that we need to think about this carefully and understand the actual, rather than the perceived risks, but the bottom line is that data sovereignty concerns cut both ways. If Australia’s view is that “data isn’t safe unless it is onshore” then how can we expect any other country to ever buy our cloud services? We are better to learn the skills of securing data wherever it is located in a global digital economy fueled by public cloud services. If we can do this then we can genuinely assert to be both a trustworthy location for data and a trustworthy provider of services on a global stage.

    • I wouldn’t hold too much credibility to that, information from the company I do business with in the U.S. is that the Patriot Act compels them to provide access to that data without notification to the content owner, they have servers in the U.K and Germany, so why would Australia be immune to this when the U.S.’s other close allies are not.

      A lawyer for a company is like a salesman, will say what they have to say to benefit the organisation they work for/represent – just like the U.S. ambassador, Aussies sending money to U.S. companies benefits the U.S. economy, not so much ours.

      Also, it’s the same old thing, ask a different lawyer, get a different answer each time :)

Comments are closed.