Are foreign cloud providers exploiting privacy concerns?

A panel of technology officials Wednesday warned members of a House subcommittee about the challenges of overseas expansion confronting the burgeoning cloud computing market, including privacy and security concerns and efforts by foreign governments to protect domestic providers at the expense of U.S. companies.

Those two issues are closely coupled, the witnesses testified, citing a growing body of regulations that foreign governments, particularly in European Union member states, have enacted that restrict access for U.S. firms to their markets. Often, the regulations are proffered in response to highly publicized concerns that the Patriot Act and other laws give U.S. government authorities unfettered access to data stored with U.S. companies.

"There are major barriers to the competitiveness of American cloud companies internationally. Concerns about data privacy limit the willingness of foreign companies to do business with U.S. firms and threaten to exclude American companies from competing abroad," said Justin Freeman, corporate counsel for Rackspace.

[ Related: Foreign Cloud Privacy Issues Dismissed by U.S. Officials ]

[ Related: Google Establishes Partner Program for Cloud Services ]

"There's a perception, even if unfounded, that U.S. privacy protections are insufficient to protect the data which is stored either on U.S. soil or with U.S. companies," Freeman added.

Critics of those policies have charged that the alleged privacy and security concerns are presented as scare tactics, a red herring intended as a protectionist measure to stifle potential competitors to domestic companies. David Castro, a senior analyst with the Information Technology and Information Foundation, called those restrictive provisions a form of "cloud mercantilism" that threatens free and fair global trade in the IT sector.

"While fair competition is legitimate, some countries are using unfair policies to intentionally disadvantage foreign competitors and grow their domestic cloud computing industry," Castro said.

The Business Software Alliance (BSA), a leading trade group representing members of the software and hardware sector, recently issued a report, entitled "Lockout," that warned of the various practices that foreign nations have adopted that "discriminate" against IT providers.

Testifying before the House Judiciary Committee's Subcommittee on Intellectual Property, Competition and Internet, BSA President and CEO Robert Holleyman cited a Chinese policy requiring cloud providers wishing to do business in that country to form a joint venture with a domestic firm and agree to certain provisions about sharing source code.

At the other end of the spectrum, he pointed to comments that government officials in Germany have made calling for businesses and consumers to limit their use of cloud services to those stored within the country. Then Deutsche Telekom, with government backing, has been promoting a campaign to gin up privacy and security concerns about dealing with U.S. cloud providers associated with the Patriot Act, Holleyman said.

"The Patriot Act is frequently -- and ominously -- invoked by foreign governments and international competitors. Its powers are exaggerated and misconstrued, leaving the impression that the U.S. government has far greater ability to access data in the cloud than any other government," he said in his prepared testimony. "This simply isn't true. But that hasn't stopped others from using the Patriot Act as a weapon against U.S. cloud providers."

Holleyman praised the efforts of U.S. officials, particularly Phillip Verveer, deputy assistant secretary of state, for their work mounting an education campaign to dispel myths about the privacy implications of the Patriot Act in the era of cloud computing.

The witnesses also told lawmakers that the United States and other nations could help reduce trade barriers in the cloud-computing space by working to harmonize privacy laws and international standards. Dan Chenok, executive director of IBM's Center for the Business of Government, urged policymakers to rally behind internationally viable open standards that can resolve some of the cross-border issues that arise with cloud computing.

"The benefits of cloud can best be achieved by reliance on open standards that promote data portability and interoperability, which are critical for successful adoption and delivery of cloud-based solutions. An open standards approach would also help location-based mandates," Chenok said. "Governments could enhance the cloud's efficiency and cost effectiveness by avoiding location mandates and leveraging and encouraging an open global model."

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for

Follow everything from on Twitter @CIOonline, on Facebook, and on Google +.

Read more about government in CIO's Government Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

More about BSABusiness Software AllianceDeutsche TelekomFacebookGoogleIBM AustraliaIBM AustraliaTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kenneth Corbin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts