Only public info for foreign-owned vendors

Only public info for foreign-owned vendors

Summary: After Microsoft confirmed a couple of weeks ago that it would have to provide the US government with data hosted in Australia were it requested to do so under the Patriot Act, I decided to talk to the government about the Patriot Act and its cloud strategy.

SHARE:

After Microsoft confirmed a couple of weeks ago that it would have to provide the US government with data hosted in Australia were it requested to do so under the Patriot Act, I decided to talk to the government about the Patriot Act and its cloud strategy.

The Australian Government Information Management Office (AGIMO) pointed out that the Patriot Act wasn't exactly a new issue, having come into force in 2001, and said that government agencies had to be aware of the Act's implications when they were procuring ICT management or hosting services.

Cloud was just a new procurement approach for the same service, and agencies would have to consider the Patriot Act in the same way, according to AGIMO.

IT pointed out a sentence from section three of the "Australian Government Cloud Computing Strategy (Potential Risks and Issues of Cloud Computing)", which says that "[Agencies] need to be aware of Australian legislative and regulatory requirements, including Archives Act, FOI Act and Privacy Act."

It also drew attention to the "Defence Signals Directorate's Guidance for Cloud Computing Security Considerations", which says in the first page of the introduction:

DSD recommends against outsourcing information technology services and functions outside of Australia, unless agencies are dealing with data that is all publicly available. DSD strongly encourages agencies to choose either a locally owned vendor or a foreign-owned vendor that is located in Australia and stores, processes and manages sensitive data only within Australian borders. Note that foreign-owned vendors operating in Australia may be subject to foreign laws, such as a foreign government's lawful access to data held by the vendor.

So, in other words, DSD really doesn't think that government agencies should provide information, unless its publicly available information, to foreign-owned vendors. DSD also pointed to this advice when asked about the Act.

So agencies have been warned.

However, let's be realistic; these vendors will most likely have cheaper prices, and the likelihood that the US Government is going to greedily request information left, right and centre is small. As long as agencies are careful about what data they put into the public cloud, there shouldn't be an issue. And there's always encryption.

Topics: Cloud, Government, Government AU, Microsoft

Suzanne Tindal

About Suzanne Tindal

Suzanne Tindal cut her teeth at ZDNet.com.au as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for the site.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • I think its an assumption that Australian cloud vendors are going to have higher prices than their foreign owned counterparts.

    Australian pricing will fall into line sooner rather than later IMHO.
    kris@...
  • Microsoft the CIA lackey - within Australia, enters into a contract within Australia - supply goods and services within Australia - and the agrees with a foreign intelligence service (spying on you) to give them your data....
    Jahm Mittt
  • As Suzanne says, its all about encryption. Hosting a cloud based shared encrypted partition, as opposed to hosting native file system for word docs, is entirely different. The worst they can do is take it down. There are some good Euro software vendors with such technology. Let the CIA eat your scrambled bits, who cares.
    ptrrssll@...