In a recent contribution to a just-published UNCTAD report on cloud computing we said:
The other aspect of the problem is whether data are subject to the laws of the jurisdictions where the cloud computing companies are located. For example, take the case of a company in Country A using the services of a cloud computing supplier registered in Country B, which dynamically stores and processes the Country A firm’s data on server farms located in Countries C, D and E. Country A may not be happy to have the laws of Country B apply to the data and that its police may go trawling therein. The applicability of the laws of the country where the storage and processing occurred poses a new set of problems, because even determining which country has jurisdiction may be difficult in light of dynamic resource allocation.
This was well before Snowden changed the entire discourse. It now appears that we were not just spinning scenarios. Non-American companies are actually putting anywhere-but-US clauses in their contracts:
U.S.-based technology companies face a serious threat. The NSA disclosures may reduce U.S. technology sales overseas by as much as $180 billion, or 25 percent of information technology services, by 2016, according to Forrester Research Inc., a group in Cambridge, Massachusetts.
Some large tech firms have used the revelations as a public relations opportunity, casting themselves as defenders of individual privacy and a bulwark against government encroachment. The approach has elicited accusations of hypocrisy from privacy advocates who say that many tech companies are eroding privacy, as we reported Monday.
It’s not all doom and gloom, however. Thompson’s comments show that some U.S. firms stand to benefit from distrust of the U.S. government, and that a new model may be in the offing for protecting sensitive data from the NSA’s prying eyes.
There’s a worry in this approach, though. Keeping the data out of the U.S. makes intuitive sense, and limits the likelihood that U.S. firms bound by U.S. laws will disclose it to the government. However, if the scandal has proven nothing else, it’s that the NSA isn’t bound by geography. And bucking the childhood admonishment, it certainly doesn’t do the polite thing and always ask permission first either.
The full report.