At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK, gave the first admission that cloud data — regardless of where it is in the world — is not protected against the USA PATRIOT Act. . . . Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based).
Though he said that “customers would be informed wherever possible”, he could not provide a guarantee that they would be informed — if a gagging order, injunction or U.S. National Security Letter permits it.
He said: “Microsoft cannot provide those guarantees. Neither can any other company“.
While it has been suspected for some time, this is the first time Microsoft, or any other company, has given this answer.
Or if not death, it will certainly move offshore. When the full impact is understood by companies of the exposure one may have to the Patriot Act in using third parties, cloud or otherwise, it will impact the overall situation. If its sensitive, no cloud. If the transaction is sensitive, no cloud. HIPPA for example has had some of the same impacts for not using the cloud. The law is so broad that one could not be sure that in using the cloud one is not infringing on the law itself. So caution has inhibited cloud use of medical data. Its the primary reason Google shut down their medical data efforts.
Consider this, right now there is a rush by many corps to move email to the cloud. Cloud based Exchange is a very popular item and is popping up all over the place. The reasons are simple, its a low value, high risk endeavor. Only bigger companies are willing to invest in the internal maintenance needed to keep it running. But, this just makes YOUR corporate email ripe for the taking by the FBI. Fact it makes it a cherry pick situation, and with the Patriot Act you will never know. The Act itself has gag provisions that would prevent a Microsoft from informing you under penalty of law.