7/28/2019 06 Information on Patriot Act_2.pdf

http://slidepdf.com/reader/full/06-information-on-patriot-act2pdf 1/3

Box Security Whitepaper

Just the Facts: Government Access to Cloud Content

Who’s Afraid of the Patriot Act?

In 2001, the United States Congress passed a piece of legislation called the Unitingand Strengthening America by Providing Appropriate Tools Required to Intercept andObstruct Terrorism Act. More commonly referred to as the Patriot Act, this compilationof amendments to pre-existing statutes defines the means by which governmentagencies can request evidence in limited circumstances – mainly, to support criminal andnational security investigations.

Too often, too much is made of the impact and reach of this act, and it is frequentlycited as a reason for domestic and international organizations to delay their adoption of

cloud services. As a matter of fact, almost all countries (including the EU) have similarlegislation granting authorities the means to requisition data stored anywhere in their

jurisdict ion for the prevention and inves tigat ion of acts o f ter rorism. And, relative to theseinternational laws, the United States provides some of the strongest legal safeguards fordata stored with companies operating under US jurisdiction.

“Data stored in the U.S. enjoys a higher degree of protection against unwarranted access...than data stored in most European

countries. People who cite the Patriot Act as a reason for not usingU.S. vendors are promulgating an ill-informed viewpoint and doing

their potential customers a disservice”

– David Bradshaw, IDC

There has been significant work performed both by academic and practicing legal teamsto outline the global ecosystem of data access legislation, including the frequently-citedreport by Winston Maxwell and Christopher Wolf (Hogan Lovells – A Global Reality:

Governmental Access to Data in the Cloud).

“ 99% of Europeanorganizations with 50 or

more employees already use the cloud.

” David Bradshaw IDC

SSAE16Type II Compliant

HIPAA Compliant

We’re here to help. You can contact us freeof charge0800 3304444.from German fixed line andmobile networks.

Mo-Fr 08:30 - 18:30

Sa 10:00 - 18:30

Callers from abroad, please dial

+49 6151 6804448.

E-mail: support@businessmarketplace.de

7/28/2019 06 Information on Patriot Act_2.pdf

http://slidepdf.com/reader/full/06-information-on-patriot-act2pdf 2/3

Perception vs. Reality: No Reason Not to Adopt the Cloud

The primary objection that is inappropriately attributed to the Patriot Act comes fromEuropean service providers who claim that storing information in datacenters locatedoutside of the European Union (EU) puts that data at increased risk of subpoena by theUS government. In truth, data stored in the United States enjoys both more protectionsagainst unwarranted government access and more judicial overview of the discoveryprocess.

• The first are requests to support criminal investigations and are normally part of apublic process, permitting cloud services to notify the data owner. It is Box’s policyto notify customers of these requests, as on our platform the customer is in the bestposition to comply with the request.

• The second are requests for information regarding substantiated terrorist or nationalsecurity threats. These requests are typically in the form of National Letters of

Security (NSLs), and do not often permit the services vendor to notify the customer.

The laws that govern data privacy in the United States also provide cloud services andother cloud providers with many tools to question and challenge these kinds of inquiries.For example, service providers can oppose FISA orders (the public requests for criminalinvestigations), they can seek judicial review of National Letters of Security, and they canalso petition to overturn gag orders that accompany requests.

Box Security and Compliance

The Box customer community is a global one, crossing continents, languages, industriesand governmental jurisdictions, and we understand that the security, visibility, andtrustworthiness of our platform is critical to maintaining our customer relationships.Our customers trust us to encrypt, manage and securely share over 50 million new filesuploaded to Box every week.

As a result, the work we are doing in the enterprise cloud ecosystem is changing the waythe industry approaches security. We’re redefining the bar for cloud security, giving ourcustomers the best possible:

• Data security, with end-to-end encryption, robust access control, strict policycompliance, Box provides the best possible security for content and the mostreliable architecture in the business

• Direct customer control, ensuring that the businesses that choose Box keepcontrol over critical content and who has access, usually getting more control thanthey had before.

• Visibili ty over data and activity, with simple, powerful tools to let IT and securityunderstand in real-time what is happening with content, sharing and access

“ You’d think the finance team would be worried about putting sensitive information online, but

with Box’s strong security,they’re totally comfortable putt ing that and much

more on Box.” George Smith

Head of Network Solutions,Qicraft

We’re here to help. You can contact us freeof charge0800 3304444.from German fixed line andmobile networks.

Mo-Fr 08:30 - 18:30

Sa 10:00 - 18:30

Callers from abroad, please dial

+49 6151 6804448.

E-mail: support@businessmarketplace.de

7/28/2019 06 Information on Patriot Act_2.pdf

http://slidepdf.com/reader/full/06-information-on-patriot-act2pdf 3/3

Addit ional ly, Box has a continued investment in our compliance with the industry’s mos tstringent and important standards for the protection and stewardship of information.In addition to our SSAE16 SOC1 certification, we carry full compliance for HIPAA andHITECH, EU and Swiss Safe Harbor standards, and our leadership in the Cloud Security

Alliance and the STAR regist ry.

Debunking the Myths

There is a growing body of work you use to help educate your team and stakeholdersabout the true impact of data access laws around the globe. To start with, Boxrecommends the following independent third-party legal and industry reviews from:

• Hogan Lovells Whitepaper on Governmental Access to Data in the Cloud

• IDC: Government Access to Cloud Data: Impact on Users, Vendors and Markets

•

Microsoft Government Tech: The USA Patriot Act: Myth v. Reality

We have customers in every industry and almost every continent, and would be happyto share their success stories. For more information about how Box protects your data,improves monitoring, and gives you direct control, contact our Sales team at sales@box.com or 1-877-729-4269.

“ We thought an online file server was the way tosafely share information

with investors and throughout the company.”

Melissa GannonHead of Corporate Operations,

MCR Development LLC

We’re here to help. You can contact us freeof charge0800 3304444.from German fixed line andmobile networks.

Mo-Fr 08:30 - 18:30

Sa 10:00 - 18:30

Callers from abroad, please dial

+49 6151 6804448.

E-mail: support@businessmarketplace.de