Data sovereignty awareness lacking in Australia: Security experts

Patriot Act not the only means US authorities have to access Australian data, security experts warn

Cloud security consultant, Rob Livingstone.

Cloud security consultant, Rob Livingstone.

While the US Patriot Act may make many headlines for the legal authority it bestows on US agencies to access data held in foreign countries, Australian companies need to be aware of similar legislation in both the US and Australia, according to security industry experts.

Speaking at Trend Micro’s Cloud Evolve conference in Sydney, Forrester senior analyst, Michael Barnes, said Australian companies were right to be wary of placing their data in the cloud as it could be accessed by US authorities using the Patriot Act.

In fact, recent research from Forrester indicated that among Australian companies not intending to adopt the public cloud, the Patriot Act was cited as a major reason. However, Barnes said some Australians may not be aware that US authorities had the power to request data even without using the Patriot Act.

“There are enough bilateral agreements between the US and Australia that if the US wants something for a particular purpose they can probably get it,” he said.

Cloud security consultant, Rob Livingstone, told delegates that Australia’s Anti Terrorism Act of 2005 is similar to the Patriot Act and Australian Federal Police (AFP) can obtain information from companies or individuals at their discretion.

The Anti Terrorism Act states that the AFP can request information from any source about any named person including information about the person's travel, residence, telephone calls and financial transactions.

Legal experts have also expressed concerns with the US Patriot Act. Connie Carnabuci, a partner of the law firm Freshfields Bruckhaus Deringer, told Computerworld Australia in January that under the Act, US authorities have the ability to pass orders for the disclosure of non-US data that is stored outside the country. “The basis for that disclosure is that you have to establish a sufficient connection with the US,” she said.

Carnabuci added that while the Act has a regime that allows companies to seek a formal subpoena, there is an “intrusive route” called the National Security Letter (NSL), an informal request for disclosure of information.

Check out photos of the Evolve.Cloud event: Evolve.Cloud hits Sydney with a bang.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the Computerworld newsletter!

Error: Please check your email address.

More about Australian Federal PoliceC2EvolveFederal PoliceTrend Micro Australia

CIO
ARN
Techworld
CMO