Patriot Act applies to Amazon Australia, warns Ninefold


Australian cloud computing specialist Ninefold has warned that any datacentre set up by global rival Amazon Web Services in Australia would still be subject to US legislation, despite being located in a different jurisdiction.

Last week, The Australian newspaper reported that Amazon Web Services, the global retailer’s cloud computing division, was planning to open a new datacentre hosted in Australia next year. While the company didn’t confirm the rumour, it has opened an Australian office with dedicated local staff, as its advances international expansion plans.

If an Amazon datacentre was opened in Australia, the potential exists for more local companies to use Amazon’s services, as a number of companies and government departments remain unwilling to host data off-shore, in a different legal jurisdiction. However, in a statement issued last week, local company Ninefold warned a local datacentre wouldn’t make much of a legal difference. Ninefold, which is backed by local telco Macquarie Telecom, launched this year to provide local cloud computing services mirroring many of Amazon’s — but targeted specifically at the Australian market.

“There are … critical considerations around data sovereignty and US-headquartered organisations, regardless of the location of the datacentre,” the company’s local managing director Peter James said. “The US Patriot Act and the US Constitution affects data stored in AWS data centres wherever they are – even in Sydney.”

Ninefold recently highlighted a case on its blog where the FBI seized a number of services at a US-based datacentre operated by DigitalOne. The hosting company wasn’t informed about the raid until three hours after it had begun — and the end customers weren’t informed at all by the FBI.

“If DigitalOne hadn’t communicated with their customers, affected businesses would have had no idea that their website outage was not down to the usual suspects of technology or error, but instead due to their valuable data sitting in the back of an unmarked black van speeding away from the scene,” Ninefold community manager Jonathan Crossfield wrote at the time.

Last week, James added that even if you were storing “innocent” data, a hosting customer could still be impacted if “the Feds go after someone hosted on the same infrastructure”.

“This means your data, while housed outside North America, can be taken and withheld by government and police with no warrant or due process simply because your provider is a US registered company,” he said.

In a wider sense, James noted that Ninefold didn’t feel threatened by any local launch by Amazon.

“We have long planned for competitive and market changes,” he said. “Ninefold has been operational in the Australian market since January, with behind the scenes activities well before that. Since launch, we’ve gained considerable market share from customers who take advantage of our competitive pricing and innovation in product delivery, genuine human service and support and deep understanding of the Australian market.”

The executive said his company had worked hard to gain trust and build strong local and global customer and partner relationships — and it was currently realising the benefits of its endeavours.

“The cloud computing segment will continue to enjoy strong growth in Australia, as new demands, including environmental sustainability, bandwidth and pricing, require ongoing transparency and innovation. We created our business plan for all of these, right from the start,” James added. “We believe our brand, products, pricing and early market entry combined position us well to continue our rapid growth path, irrespective of competitive activity.”

Image credit: Krystle Fleming, royalty free


  1. “Hello, Technical Support.”

    “Hi, my server seems to be down. We’re client #X.”

    “Ahh, yes. As you didn’t invest in the NextG fallback and attached UPS US raid protection package you may experience some downtime over the coming weeks. We apologise for the inconvenience. If you like I can put you forward to our sales team to put in an order for the US raid protection package. Might I also recommend an SSD upgrade as tests have shown they perform better during a US raid incident?”

    • Per recent comments from Microsoft… As a U.S. based company, Microsoft is subject to the U.S. Patriot Act in all of its’ operations regardless of geographic location. As such they can be required, upon appropriate request from U.S. authorities, to give up any and all requested data regardless of the country of origin of the data, ownership of the data, or its’ current location. As Microsoft has been attempting to expand it’s cloud computing services into the European market, this policy conflicts directly with existing EU privacy laws and has the Europeans appropriately concerned.

      Amazon, also being a U.S. based company, is subject to the same laws (specifically the U.S. Patriot Act) and would be forced to respond in a similar fashion.

      Bottom line… Ninefold may have ulterior motives here (after all Amazon is a competitor in the cloud) bu they are not blowing smoke here. The privacy concerns which they are raising are real.

      • Absolutely Robert, and thanks for making my point for me (had connection issues last night). Of course we’re a competitor and that does prompt people to apply a cynicism filter to our comments ;-), but the advice doesn’t come from us, it comes from the lips of Microsoft themselves, which prompted us to dig a little deeper and confirm from independent sources that, yes, it is true.

        Should probably be pointed out that Renai came to us for comment on the rumours of a local AWS data centre primarily because we ARE a competitor and one that fortuitously had been writing about data jurisdiction before the latest rumours surfaced, so we responded with what we saw as a key consideration. (Thanks Renai)

        But to be honest, the power of the US Patriot Act to reach a local data centre if the company is headquartered in the US is not new information for anyone who has been looking into data jurisdiction.

        • This all reads pretty square with my own research into the issue.
          The US Fed issues the request for data to the US office of the company in question, eg Amazon.
          If the company fails to provide the data it is considered in breach of the Patriot act and badness ensues.

          It’s important to remember that this applies to more than just Cloud hosting companies, although they are the most visable.

          If “Sally’s Global Tyre Company” is HQ’d in Boston then every branch office or subsidiary world wide falls under the scope.

          Think about that for a moment…..

  2. A comment from a lawyer familiar with the Patriot Act would certainly be welcome. It sounds like FUD to me…

    Even if the feds do raid your data, depending on the architecture of the cloud provider, there shouldn’t really be any ‘downtime’ per-se, since you’d expect your data to be stored in multple sites anyway. It’s not like there’s one hard disk, or even rack of hard disks that contains all your data.

    I guess you just have to be happy with the idea that it’s possible for them to look at your data in the first place.

  3. We’re also subject to laws which can result in a confiscation of equipment by our own Federal law enforcers. So long as you’re not party to plotting against US or Australian citizens, there shouldn’t be a problem with either the FBI or our own guys.

Comments are closed.