Report: Patriot Act Fears Squash UK Defense Company's Microsoft Cloud Plan

Speaking at the Business Cloud Summit 2011 in London this week, Charles Newhouse, head of strategy and design for BAE Systems said it had expected to deploy Microsoft Office 365 for its cloud solution, but since data sovereignty could not be guaranteed it had to pull the plug on the proposal, according to a report from Computer Weekly . Newhouse told the crowd during a panel discussion that it ditched its Microsoft Office 365 deployment because it could not guarantee that the company's data would not leave Europe and that the Patriot Act could make BAE's data accessible by the U.S. government.

"We were going to adopt Office365 and the lawyers said we could not do it," Newhouse said during the discussion.

Massive global companies like BAE have strict guidelines around data protection and where data can be stored and accessed. BAE, which sells defense equipment and weaponry to various global governments, said that its data must be protected at all times.

Microsoft itself has noted that BAE's concerns aren't off-based. During its European launch of Office 365, Microsoft UK Managing Director Gordon Frazer said that data stored in European data centers could potentially be handed over to American officials under the Patriot Act, Engadget reported at the time. And when asked if Microsoft could guarantee that data stored in Europe wouldn't leave the continent, Frazer said: "Microsoft cannot provide those guarantees. Neither can any other company."

Newhouse also noted that recent cloud outages that have racked Microsoft and other cloud providers also raised red flags as BAE investigated its move to the public cloud via Office 365.

"A number of high profile outages that users have suffered recently demonstrated just how little control you actually have. When it all goes horribly wrong, you just sit there and hope it is going to get better. There's nothing tangibly you can do to assist," Newhouse said in a recording of a portion of the discussion posted by Computer Weekly .

Along with lack of control, concerns over where data is located and who can access it were top concerns, Newhouse said.

"I was on a study tour recently, and 85 percent of European companies out on that now cite international regulations being their major issue. Everyone was on about the U.S. Patriot Act, saying that the geo-location of their data and who has access to that data is the number one killer for adopting to the public cloud at the moment," Newhouse said. "We had these wonderful conversations with Microsoft where we were going to adopt Office 365 for some of our unrestricted stuff, and it was all going to be brilliant. I went back and spoke to the lawyers and said, '[The data center is in] Ireland and then if it fails in Ireland go to Holland.' And the lawyers said 'What happened if they lose Holland as well?'"