Google, Microsoft and Salesforce.com are among the vendors to have joined an IT industry coalition that aims to restrict the impact of US privacy legislation on data stored online and in the cloud.
The Digital Due Process group, which also counts Intel, AT&T and the Electronic Frontier Foundation as members, aims to enact changes to the 24-year old Electronic Communications Privacy Act.
In its current form, the legislation allows government agencies access to data and communications without the requirement for an official warrant or subpoena.
While specific to the US, the 1986 act and the 2001 US Patriot Act – which added further powers for law enforcement agencies – have direct implications on foreign organisations, as cloud computing vendors such as Google and Salesforce.com frequently store and replicate customer data in US locations, regardless of where the customer is headquartered.
"Originally designed to protect us from unwarranted government intrusion while ensuring that law enforcement had the tools necessary to protect public safety, it was written long before most people had heard of email, cell phones or the ‘cloud’," wrote Richard Delgado, senior counsel for law enforcement and information security at Google, in a company blog post.
According to Delgado, and other members of the coalition, it is necessary for legislation to be changed so that law enforcement officials need a stronger case before accessing data stored on the Internet or in the cloud. "The government must first get a search warrant before obtaining any private communications or documents stored online," Delgado added.
Security and compliance are commonly-cited barriers with potential cloud customers. Earlier this week, US university Yale postponed its roll-out of cloud-based Google Apps, claiming that the vendor’s policy of replicating data across global data centres could result in legal issues.