It is unlikely that the PATRIOT Act is routinely invoked, or that US officials spend much time reading Europeans’ email. The cloud — even the parts run by US companies — remains broadly safe, secure, and reliable. Safe Harbor provisions, model clauses, and the ability to insist that data normally resides in one territory or another remain an effective means of ensuring that day-to-day cloud operations meet user needs whilst complying with relevant local, regional and international legislation. But, every now and again, the PATRIOT Act will be invoked, and data will be taken. Whilst it’s something to be aware of, it’s probably not something for most people to lose too much sleep over. You’re more likely to lose data yourself, or have it escape into the wild because of an error in your own systems or a malicious hack by a competitor. And you could and would be held accountable for those breaches, in a way that you almost certainly wouldn’t for a PATRIOT Act data seizure.

So the PATRIOT Act may not be as scary as it might now appear. But it remains a visible illustration of a rather more worrying issue; a belief that the laws of one country should be able to trample over the laws of other countries at will — even inside those countries. Further, it suggests a (growing?) disconnect between the attitudes and expectations on either side of the Atlantic. And one particular aspect of that is the subject for my next post.

Nice summary and balanced conclusion from Paul Miller.

I would add only one thing to Paul's closing paragraph... that this also highlights the divide (or perhaps I should say confusion) between Internet-space and geographic/legislative-space.