Venyu Blog

The virtual nature of cloud computing and its implications on the U.S. Patriot Act have gotten Congress to stand up and take notice.

In a recently published article in Computerworld, Dan Burton, senior vice president for global public policy at a well-known SaaS provider — attending a congressional Internet Caucus forum to discuss regulation and cloud computing as it pertains to government data seeping out to foreign-based servers located outside U.S. legal jurisdictions – suggested that it was “premature for Congress to pass legislation.”

In addition to data security tools such as the Safe Harbor certification program, said Burton, cloud providers that sign up for the U.S. Department of Commerce’s program voluntarily pledge to follow European Union data protection standards.

In the article a co-founder of the Cloud Security Alliance, Jim Reavis, sees problems ahead if issues concerning the protection of data once it crosses international borders aren’t resolved.

In Europe, in particular, there’s a lot of concern about the reach of the U.S. Patriot Act, passed in response to 9/11, which increases the ability of law enforcement to access data, said Reavis. The Patriot Act “is something that definitely gets debated hotly outside the United States,” he said.

“There is a long-term risk that U.S. companies may need to move offshore if the laws in the United States aren’t changed,” said Reavis.

The Obama Administration is proposing new data privacy laws that may affect some cloud providers, but it has not proposed any cloud specific laws. But the administration may see the need for international agreements.

Vivek Kundra, the Obama administration’s point man on cloud computing suggested that as data moves across multiple boundaries, the U.S. and other countries have to think about “data sovereignty” issues. “We have to think about governance models,” he said.

Burton would like to see the U.S. send a strong signal that it will “pledge to work cooperatively to overcome the policy barriers that sort of Balkanize data flows.” Such a policy statement “would create a lot of confidence in the cloud,” he said.

What’s clear is that U.S. companies already control, manage and are evolving a cloud computing paradigm that is showing no lack of opportunity or signs of market fatigue.

“If you are a startup company right now in Silicon Valley, the venture capitalist will demand that you run your business on the cloud,” said John Calhoun, managing partner of OnPoint Consulting, who was also on the panel at the Congressional Internet Caucus panel.

That incisive entrepreneurial bent aside, the first amendment to the U.S. Constitution reads, in part, Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press.”

Should these principles be equally applied to or inclusive of “data transmitted in the cloud?”

Let us know what you think.