I’m musing on the risk of government sponsored theft of data.
For example, Amazon is a US-registered company that is subject to, and benefits from, the laws of the US government. If a US-Company, such as Amazon, is hosting data in, say, Ireland and the US government demands access to that data via the courts following due legal process, is Amazon required to provide that data to the US Government ?
In one sense, the data is domiciled physically in the Irish jurisdiction and subject to Irish and EU law. On the other hand, Amazon is the legal owner of the systems and resources and the US courts have consistently ruled that the law allows the US government to take control of people and assets in foreign countries provided that some sort of link to ownership can be made in a court. (And candidates in the current US presidential campaign have been very robust in asserting offshore control via the Patriot and SOPA acts.)
I can’t find any freely available data on this issue, and wonder if anyone else has seen similar problems.
I’ve had discussions with a major financial company who would like to use Google to host their email using gmail, but the data location (or lack of certainty) appears to breach fiduciary guidelines for data control. Therefore Google cannot be considered. More importantly, it’s possible that because Google is subject to US laws, it might be requested to deliver information to the US government in a financial investigation, but the very act of doing so would also breach the laws of the originating jurisdiction in the European Union.
Note that this problem would equally apply to any government, or even via bilateral treaties, or by law enforcement treaties such as Interpol
Deep dark and murky waters these ones. Does anyone have answers ?