Data Sovereignty Threat: US Service Providers Need to Engage

Years ago I learned that we in the tech industry typically engage with public policy only when we feel our businesses are at risk.

Unfortunately, one of those business risk moments is upon US-based service providers – and it ain’t going away anytime soon.

 

Data sovereignty – the requirement by countries that the personally identifiable information (PII) of their citizens stay in country and be governed by their own laws – is a trend with legs already. Now, it’s been kicked into a sprint by the overreach of US lawmakers and judges. The latest trigger moment is provided by a US judge ruling that because Microsoft is a US company, it must hand over customer email data of Irish citizens stored on Irish servers as requested by a US government agency in support of criminal investigations.

Parallels takes no legal or policy position here but I direct your attention to the approach taken by Microsoft in its dissent: Emails should enjoy the same protections as snail-mail letters and US search warrants should stop at the US border.

Here’s why we in the hosting business can’t ignore this issue. Governments don’t automatically figure things out. Once when I was involved in public policy work in our industry on a different issue a US senator said that it’s our job in the industry to educate the government about how to make laws. And if we don’t educate them, they’re still going to make and interpret laws. Because that’s what they do – they make laws.

Let’s look at some of the issues with this current round of overreach:

  1. At a philosophical level, basic rights seem at risk here. If I’m Irish and send email to someone via an Irish server shouldn’t I expect that US police won’t have access to it?
  2. This ruling sends a signal that the US government believes it can ignore the laws of other sovereign nations.
  3. Are these types of searches and intrusions even having the desired impact? It’s unclear, at best. For example, with requests for these bulk data sets for fighting terrorism, the jury seems to be in – and the verdict may be that all this pain is likely for naught. It’s possible that literally zero terrorism plots have been thwarted by this sort of snooping.
  4. And, of course, it undermines your competitiveness as a US tech industry business.

What should we do? If you’re a US-based service provider are you supposed to call your congressman and educate him on this topic? Yes, actually. Members of Congress love to hear from companies that employ voters…uh, I mean, citizens in their district. If you tell a story of a law that is jeopardizing your ability to compete outside the US and that it may impact the number of voters…uh, employees you have, they will listen.

You don’t have to do it alone. Our friends at Internet Infrastructure Coalition (Parallels is a Founding Member) are all over this. They have multiple ways to engage – from simply joining to participating on congressional visits.

 

Posted on August 18, 2014 and filed under Industry & Market Insights.