Patriot Act May Hamper Cloud Computing Adoption


The common wisdom concerning e-mail these days is that it's all heading into the cloud. After all, it's difficult to manage and, as a basic utility of computing, in and of itself it doesn't provide a lot of strategic value.

But Sendmail CEO Don Massaro would beg to differ with conventional cloud computing wisdom when it comes to e-mail in large enterprises. While Massaro concedes that e-mail delivered via the cloud will be a fairly common approach for small-to-medium (SMB) businesses, larger corporations are going to think long and hard about the legal and regulatory implications of such a move.

The issue that Massaro says will result in most large corporations refraining from putting too much data in the cloud is the existence of "Federal Letters," otherwise known as National Security Letters. Under the provisions of the Patriot Act, these can be used to require carriers to turn over records and data concerning individual customers if asked to do so by the Federal government.

The letters do not require the government to get a court order, so in effect the regulation allows the government to access that information on demand. The law itself is a little vague when it comes to the definition of a "carrier," but Massaro says that it has enough of a chilling effect to make corporations that might be involved in any type of lawsuit involving the Federal government to steer clear of cloud computing when it comes to sensitive data that in all probability is going to found in e-mail. Congress is working on refining how this provision of the Patriot Act can be applied, but the Federal government's ability to execute these letters is enough to get most corporate lawyers to err on the side of extreme caution, especially if the company does business in countries where the Patriot Act does not apply and they may be accused of violating local privacy laws.

This doesn't mean that large corporations will eschew cloud computing all together. Massaro thinks the cloud will be used to augment e-mail services by delivering anti-virus, anti-spam and data loss prevention (DLP) services via the cloud.

But when it comes to actual corporate data, Massaro is betting that no matter what the economics are, corporate legal departments are going to direct their corporate officers to steer clear of any service that eliminates their ability to keep potential damaging information out of the hands of Federal prosecutors without so much as the nicety of being told what the government might actually be looking for.