Defense giant ditches Microsoft's cloud citing Patriot Act fears

BAE Systems has pulled the plug on a proposed outsourcing mission to Microsoft's Office 365 cloud solution, after data sovereignty could not be guaranteed.
Written by Zack Whittaker, Contributor

London-based defence contractor BAE has reportedly bailed on plans to adopt Microsoft's Office 365 cloud-based service, citing fears that critical defence secrets could land in U.S. hands.

Speaking during a panel debate at the Business Cloud Summit 2011 in London this week, one of the company's executive said that it could not guarantee that the company's data would not leave Europe.

(Source: Wikimedia Commons)

Charles Newhouse, BAE's head of strategy and design, highlighted the controversial U.S. Patriot Act as one of the reasons why the defence giant could not move to a public cloud-based offering.

At Microsoft's Office 365 launch in London in June, Microsoft UK's managing director Gordon Frazer admitted to ZDNet that "no company", including the software giant, could guarantee that cloud-stored data will not leave Europe under any circumstances; including under a Patriot Act request.

This comes amid changes to the European Data Protection Directive, which will enact changes to prevent the U.S. from exploiting the flaws in the current law.

As Computer Weekly highlighted, large industries have strict policies on data protection, along with where the data is stored. Particularly for a major global arms giant such as BAE, a company that sells weaponry and defence solutions with a variety of governments around the world, putting even innocuous data in the cloud can reveal business and industry secrets.

Talking about data security and the location of that data, Newhouse said:

"A number of high profile outages that users have suffered recently demonstrated just how little control you actually have. When it all goes horribly wrong, you just sit there and hope it is going to get better.

I was on a study tour recently, and 85 percent of European companies out on that, now cite international regulations being their major issue. Everyone was 'on about' the U.S. Patriot Act, saying that the geo-location of that data and who has access to that data is the number one killer for adopting to the public cloud at the moment.

We had these wonderful conversations with Microsoft where we were going to adopt Office 365 for some of our 'unrestricted' stuff, and it was all going to be brilliant. I went back and spoke to the lawyers and said, "It's Ireland" [the datacenter], and should that fail, then it will go to Holland. And the lawyers asked what happened if they lose Holland?"

The European Commission expects to reveal the next version of its data laws next month.

Meanwhile, Sophie in ‘t Veld, Dutch MEP and vice-chair of the European Parliament’s Civil Liberties, Justice and Home Affairs committee, warns that European businesses cannot wait years for the draft bill to be ratified and enacted in the 27 member states of the European Union.

in 't Veld said that emergency legislation will be proposed as efforts to patch the flaw in the current directive, to protect European data from unauthorised U.S. inspections.


Editorial standards