It seems hardly a month goes by without a commentator or competitor in the EU invoking the ever-lurking specter of the US Patriot Act Boogeyman, to suggest that European customers should not trust their cloud service requirements to a US-owned provider. Indeed, based on an uninformed view of the Patriot Act, some media commentators have expressed surprise at AT&T winning a recent deal with an EU multinational. The amount of misleading and poorly informed comment and opinion about the Patriot Act – or for that matter about the privacy protections in AT&T’s enterprise customer contracts for cloud services — can lead to bewilderment and confusion, which is ultimately harmful for the development of cloud services and realization of their benefits.
At AT&T, protecting our customers’ privacy is fundamental to the way we do business every day. We vigorously protect our customers’ privacy, and we support efforts to maintain a clear legal framework for any government requests for our customer’s information. It is from this background that we ask people to take the time to learn the facts, before buying into the intentionally fear-inducing sound bites.
We were pleased to see the publication last month of a detailed study by law firm Hogan Lovells, which comprehensively debunks the frequently-expressed assumption that the US government’s access to cloud data is greater than that of other advanced economies. Indeed, although other countries may not have a law with a catchy abbreviated name to caricature, it is nonetheless interesting to see which countries in Europe have equal or greater investigatory powers.
The study examines the laws of ten countries, including Denmark, France, Germany, Spain, and the UK. In its review of the guiding laws, the study shows that all these countries permit law enforcement to have access to data in the cloud under circumstances similar to those in the singularly-abused Patriot Act. Indeed, some European jurisdictions have even less protections to prevent disclosure to governmental authorities. These differences in safeguards have led one commentator to describe the Patriot Act as “namby pamby” compared to equivalent practices in France.
Hogan Lovells’ review also found that the existence of Mutual Legal Assistance Treaties between sovereign states diminishes any argument that data stored in one jurisdiction is inherently immune from access by governmental authorities in another jurisdiction. Businesses (and the media) are therefore creating a false and misleading distinction when they contend that restricting cloud service providers to one jurisdiction – or black-listing cloud service providers that are headquartered in one jurisdiction — will hermetically seal data from governmental access.
We agree there is an important conversation to have about striking the right balance between the genuine needs of law enforcement and the genuine needs for privacy protection, as well as about the appropriate legal frameworkfor governmental access. But the debate should be on the basis of the facts, and not skewed towards securing competitive advantage with the stuff of hyperbolic fear and nightmares.
The post Selling Fear Without Facts appeared first on AT&T Global Public Policy.