Abstract

  


 



Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act


Joris Van Hoboken


Institute for Information Law

Axel Arnbak


Institute for Information Law (IViR, University of Amsterdam)

Nico Van Eijk


Institute for Information Law (IViR, University of Amsterdam)
November 27, 2012


Abstract:     
Institutions have started to move their data and ICT operations into the cloud. It is becoming clear that this is leading to a decrease of overview and control over government access to data for law enforcement and national security purposes. This report looks at the possibilities for the U.S. government to obtain access to information in the cloud from Dutch institutions on the basis of U.S. law and on the basis of Dutch law and international co-operation. It concludes that the U.S. legal state of affairs implies that the transition towards the cloud has important negative consequences for the possibility to manage information confidentiality, information security and the privacy of European end users in relation to foreign governments.

The Patriot Act from 2001 has started to play a symbolic role in the public debate. It is one important element in a larger, complex and dynamic legal framework for access to data for law enforcement and national security purposes. In particular, the FISA Amendments Act provision for access to data of non-U.S. persons outside the U.S. enacted in 2008 deserves attention. The report describes this and other legal powers for the U.S. government to obtain data of non-U.S. persons located outside of the U.S. from cloud providers that fall under its jurisdiction. Such jurisdiction applies widely, namely to cloud services that conduct systematic business in the United States and is not dependent on the location where the data are stored, as is often assumed. For non-U.S. persons located outside of the U.S., constitutional protection is not applicable and the statutory safeguards are minimal.

In the Netherlands and across the EU, government agencies have legal powers to obtain access to cloud data as well. These provisions can also be be used to assist the U.S. government, when it does not have jurisdiction for instance, but they must stay within the constitutional safeguards set by national constitutions, the European Convention on Human Rights and the EU Charter.

Number of Pages in PDF File: 42

Keywords: cloud computing, privacy, information security, lawful access, Patriot Act, FISAA, ECPA

working papers series


Download This Paper

Date posted: November 28, 2012 ; Last revised: January 22, 2013

Suggested Citation

Van Hoboken, Joris V. J., Arnbak, Axel and Van Eijk, Nico, Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act (November 27, 2012). Available at SSRN: http://ssrn.com/abstract=2181534 or http://dx.doi.org/10.2139/ssrn.2181534

Contact Information

Joris V. J. Van Hoboken
Institute for Information Law ( email )
Rokin 84
Amsterdam, 1012 KX
Netherlands
HOME PAGE: http://www.ivir.nl/staff/vanhoboken.html
Axel Arnbak (Contact Author)
Institute for Information Law (IViR, University of Amsterdam) ( email )
Kloveniersburgwal 48
Amsterdam, 1012 CX
Netherlands
HOME PAGE: http://www.ivir.nl/staff/arnbak.html
Nico Van Eijk
Institute for Information Law (IViR, University of Amsterdam) ( email )
Kloveniersburgwal 48
Amsterdam, 1012 CX
Netherlands
HOME PAGE: http://www.ivir.nl/staff/vaneijk.html
Feedback to SSRN (Beta)


Paper statistics
Abstract Views: 9,549
Downloads: 2,087
Download Rank: 2,637

© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright
This page was processed by apollo7 in 0.375 seconds