Cloud computing services from outside the U.S. are trying to exploit perceived weaknesses in privacy laws to drive business away from U.S. providers, according to some representatives of the tech industry.
Deutsche Telekom and other companies are marketing their cloud products as more private than those from U.S. vendors because of the Patriot Act and other laws, representatives of the Business Software Alliance and Rackspace told a U.S. House of Representatives subcommittee during a hearing Wednesday.
Foreign cloud computing vendors are spreading "fear, uncertainty and doubt" about U.S. privacy standards, Justin Freeman, corporate counsel for Rackspace, told members of the House Judiciary Committee's Internet subcommittee.
"We commonly see almost absurd positioning of what the Patriot Act permits, to the extent that it allows almost any U.S. government agency to, without notice or warrant, access any private data that's on a server contained within the United States," Freeman said.
"That's totally false," said U.S. Rep. Bob Goodlatte, a Virginia Republican.
Witnesses from the U.S. tech industry and some lawmakers complained that some of the privacy problems are more perceived than actual, but some also called for Congress to change U.S. privacy laws to better protect data stored in the cloud.
The U.S. Electronic Communications Privacy Act (ECPA) allows law enforcement agencies easier access to information stored in the cloud than to information stored on a hard drive or in a file cabinet, noted Reps. Zoe Lofgren, a California Democrat, and Jerrold Nadler, a New York Democrat.
Some countries have "legitimate concerns, honestly, about the lack of standards in American law," Lofgren said. "We have a lot of work to in this area."
In addition to marketing campaigns, several nations have passed or are considering laws that require their residents' data to be stored on servers within the country, said Daniel Castro, senior analyst with the Information Technology and Innovation Foundation (ITIF), a tech-focused think tank. Many countries are using privacy and security concerns to pass domestic storage laws, he said.
"Some countries are using unfair policies to intentionally disadvantage foreign competitors and grow their domestic cloud computing industry," Castro said. "The rise of cloud mercantilism is an emerging threat to global trade and information technology."
Greece, China, Russia and Venezuela are among the countries that have passed data localization requirements, Castro said. He called on the U.S. government to push against such laws.
Castro and Robert Holleyman, the BSA's president and CEO, also asked Congress to update ECPA to better protect stored data.
Congress also needs to consider ways to better protect stored information on cloud services, Lofgren said. The U.S. Department of Justice, when it shuttered the Megaupload file-sharing site in January, left the data of many innocent users in limbo, she said.
Holleyman, whose trade group supports strong law enforcement actions against file sharing sites, said he didn't have a suggestion for how to protect innocent users.
"Nobody seems to feel any responsibility toward people who are completely innocent here," Lofgren said. "There seems to be no interest or obligation to innocent bystanders to this action."