Data sovereignty awareness lacking in Australia: Security experts

Patriot Act not the only means US authorities have to access Australian data, security experts warn

Cloud security consultant, Rob Livingstone.

Cloud security consultant, Rob Livingstone.

While the US Patriot Act may make many headlines for the legal authority it bestows on US agencies to access data held in foreign countries, Australian companies need to be aware of similar legislation in both the US and Australia, according to security industry experts.

Speaking at Trend Micro’s Cloud Evolve conference in Sydney, Forrester senior analyst, Michael Barnes, said Australian companies were right to be wary of placing their data in the cloud as it could be accessed by US authorities using the Patriot Act.

In fact, recent research from Forrester indicated that among Australian companies not intending to adopt the public cloud, the Patriot Act was cited as a major reason. However, Barnes said some Australians may not be aware that US authorities had the power to request data even without using the Patriot Act.

“There are enough bilateral agreements between the US and Australia that if the US wants something for a particular purpose they can probably get it,” he said.

Cloud security consultant, Rob Livingstone, told delegates that Australia’s Anti Terrorism Act of 2005 is similar to the Patriot Act and Australian Federal Police (AFP) can obtain information from companies or individuals at their discretion.

The Anti Terrorism Act states that the AFP can request information from any source about any named person including information about the person's travel, residence, telephone calls and financial transactions.

Legal experts have also expressed concerns with the US Patriot Act. Connie Carnabuci, a partner of the law firm Freshfields Bruckhaus Deringer, told Computerworld Australia in January that under the Act, US authorities have the ability to pass orders for the disclosure of non-US data that is stored outside the country. “The basis for that disclosure is that you have to establish a sufficient connection with the US,” she said.

Carnabuci added that while the Act has a regime that allows companies to seek a formal subpoena, there is an “intrusive route” called the National Security Letter (NSL), an informal request for disclosure of information.

Check out photos of the Evolve.Cloud event: Evolve.Cloud hits Sydney with a bang.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

More about Australian Federal PoliceC2EvolveFederal PoliceTrend Micro

2 Comments

James

1

There are enough bilateral agreements between the US and Australia that if the US wants something for a particular purpose they can probably get it

Steve Hodgkinson

2

FUD is what this is all about. It all comes down to practical benefit vs. risk trade-offs which largely sit in the context of the adequacy of the existing in-house or outsourced ICT provision arrangements. The case for cloud is the most clear in organisations with weak or overstressed ICT capabilities - which is unfortunately most small-medium size government agencies and many SMEs.

When in-house ICT capabilities and funding for ICT are adequate then the cloud can seem to be a step too far ... fair enough ... lucky you for not needing to worry about all of this.

My issue with the whole data sovereignty argument, however, is just that it is being hijacked and overstated by those with a vested interest in the protection of weak ICT capabilities ... which is not a good thing for national competitiveness through productivity and innovation.

The fact is that the data sovereignty requirements symbolised by the Patriot Act can be addressed adequately, given all the benefit/risk tradeoffs, and so they are not a material barrier to adoption of public cloud if there is an imperative and a will to consider faster, better, cheaper ways of sourcing ICT capabilities.

Comments are now closed

We must end cyber warfare: RSA's Arthur Coviello

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]