On May 26, 2011, minutes before a midnight deadline, President Barack Obama extended the USA PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act) of 2001 which gives authorities of post 9/11 powers to search records and conduct roving wiretaps in pursuit of terrorists.
Should we care?
In an effort to protect the American people, the Act allows for unprecedented access to personal information stored on computer systems and in other formats. Perhaps the most controversial section of the Act is section 215 which is commonly referred to as the “library records” provision because of the wide range of personal material that can be investigated. It allows the US government to secretly request and obtain records for large numbers of individuals without any reason to believe they are involved in illegal activity. Items that can be searched include “books, records, papers, documents, and other items,” which includes dumps from private-sector computer databases.
This is likely a concern to many organizations wanting to protect the privacy of its customers and users. And for companies using web analytics tools, the collection and storage of that data in the US provides government authorities unfettered access to that information. Furthermore, the US government can access considerably more information than any web analytics tool would be capable of. For example, the US government can cross-reference the IP address assignment records for any given IP address for any given time. This allows them to access name, address, phone number, account numbers, etc. Not even the best web analytics software has access to this depth of information. There may not be much US based organizations can do to prevent such access, but those located in Canada and abroad can choose not to use services which store collected information in the US.
Web analytics tools such as Adobe SiteCatalyst, Google Analytics and Webtrends On Demand all store visitor information on US servers. As an alternative, Webtrends offers software on premise to ensure collection occurs within the organization and within its own country borders. Since hosted services free staff from implementing hardware solutions to support installed software, they continue to be popular options for many. For clients who don’t want their data stored in the US but also don’t want to deal with software installations, Unilytics offers managed services, whereby we install and manage the Webtrends implementation. This is a very attractive solution for organizations concerned with the location of collected data, but who are also attracted to a hosted solution.
The number of court approvals for business record access jumped from 21 in 2009 to 96 in 2010. While that remains a relatively low number, it poses an uncertainty that many organizations are unwilling to accept. It’s that uncertainty that causes the issue.
It may be that the greatest risk to organizations allowing data to be stored in the US is to their own reputation. The threat to privacy may be more perceived than actual, but that may be reason enough for organizations to not want their data stored in the US.