Only public info for foreign-owned vendors

Summary:After Microsoft confirmed a couple of weeks ago that it would have to provide the US government with data hosted in Australia were it requested to do so under the Patriot Act, I decided to talk to the government about the Patriot Act and its cloud strategy.

After Microsoft confirmed a couple of weeks ago that it would have to provide the US government with data hosted in Australia were it requested to do so under the Patriot Act, I decided to talk to the government about the Patriot Act and its cloud strategy.

The Australian Government Information Management Office (AGIMO) pointed out that the Patriot Act wasn't exactly a new issue, having come into force in 2001, and said that government agencies had to be aware of the Act's implications when they were procuring ICT management or hosting services.

Cloud was just a new procurement approach for the same service, and agencies would have to consider the Patriot Act in the same way, according to AGIMO.

IT pointed out a sentence from section three of the "Australian Government Cloud Computing Strategy (Potential Risks and Issues of Cloud Computing)", which says that "[Agencies] need to be aware of Australian legislative and regulatory requirements, including Archives Act, FOI Act and Privacy Act."

It also drew attention to the "Defence Signals Directorate's Guidance for Cloud Computing Security Considerations", which says in the first page of the introduction:

DSD recommends against outsourcing information technology services and functions outside of Australia, unless agencies are dealing with data that is all publicly available. DSD strongly encourages agencies to choose either a locally owned vendor or a foreign-owned vendor that is located in Australia and stores, processes and manages sensitive data only within Australian borders. Note that foreign-owned vendors operating in Australia may be subject to foreign laws, such as a foreign government's lawful access to data held by the vendor.

So, in other words, DSD really doesn't think that government agencies should provide information, unless its publicly available information, to foreign-owned vendors. DSD also pointed to this advice when asked about the Act.

So agencies have been warned.

However, let's be realistic; these vendors will most likely have cheaper prices, and the likelihood that the US Government is going to greedily request information left, right and centre is small. As long as agencies are careful about what data they put into the public cloud, there shouldn't be an issue. And there's always encryption.

Topics: Cloud, Government, Government : AU, Microsoft

About

Suzanne Tindal cut her teeth at ZDNet.com.au as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for t... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.