US cloud firms should get off the soap box
A recent US report on trade barriers has revealed a hissy fit by US companies about the Australian government's caution on cloud.
The report (PDF), released last month by the Office of the United States Trade Representative, says that US companies have voiced concerns that various Australian government departments are "sending negative messages about cloud computing services to potential Australian customers in both the public and private sectors, implying that hosting data overseas, including in the United States, by definition entails greater risk and unduly exposes consumers to their data being scrutinised by foreign governments".
Departments that the report singled out as being the bad eggs included the Department of Defence, the National Archives of Australia, the Department of Finance and Deregulation, the Australian Government Information Management Office (AGIMO) and the Office of the Victoria Privacy Commissioner.
The report goes on to say that many of these concerns, when directed at US firms, "appear based on a misinterpretation of applicable US law, including the US Patriot Act and regulatory requirements".
In its report, the Office of the US Trade Representative pointed to the fact that e-health legislation — which was introduced to parliament last year, before being worked over by a Senate committee — had set out that Australian e-health records should be kept under the government's planned Personally Controlled Electronic Health Record (PCEHR) scheme, couldn't be stored overseas.
The report said that this would "pose a significant trade barrier for US information technology companies with datacentres located in the US or anywhere else outside of Australia". US companies are trying to influence this Bill in a direction that would see the location of the data based on risk, not on geography.
When I finished reading this report, I had to concentrate on not laughing.
Yes, I'll concede that there's likely misunderstanding around the Patriot Act. Microsoft spoke to me last year on this issue, saying that in reality, the Patriot Act isn't behind the US government's ability to request data from US-based companies. Rather, it is due to court precedents, which exist in Australia, too, so it isn't just the US that could force companies to provide data from their datacentres. The company also said that such requests are as rare as hen's teeth.
Still, a certain amount of caution is a good thing. Especially when we're talking about sensitive data. The example of e-health records was chosen by the report to illustrate its trade barrier point, as these encompass one of the most sensitive types of data. There has been so much debate about whether we should even be creating a universally accessible electronic health record, so it's no surprise to me at all that consumer advocates want to keep this data close to home.
It is also exceedingly hypocritical for the US government to lambast the Australian Government for its caution in this area, when it has been paranoid in a similar way about not using equipment from Huawei for certain government roll-outs. If speculation is correct, the US was key to the Australian Government excluding Huawei from National Broadband Network (NBN) tenders.
It seems as though what's good for the goose is not good for the gander.
Putting all of that aside, it doesn't even seem like this excessive caution is having any effect on the Australian adoption of US cloud providers. A recent Telsyte survey found that two thirds of Australian enterprises are adopting foreign clouds.
Taking all of this into account, I would suggest that the Australian Government ignores this childish US temper tantrum.