Skip to content

Thoughts on Saleforce

A Salesforce.com community dedicated to making Salesforce, it's products, and partners better...

Click to register with Salesforce.com for a FREE 30-DAY TRIAL!

Sponsors

Login Form






Lost Password?
No account yet? Register
Home

European Customers vs. US Subpoenas?

Between a Rock and a Hard Place?
Between a Rock and a Hard Place?
Sculpture by Nancy Doran

In a previous post I posed the question: Is SalesForce.com TRUSTWORTHY? Although I was a bit vague in that post, I had planned to follow up with numerous posts to make several points.

Even though I have yet to return to that theme, the other day "Rup" posed a question that should be of significant concern to current and prospective customers of Salesforce.com in Europe and beyond:

Hi,

Can we trust salesforce.com not to hand over confidential data to a US judge (since the data is hosted in the U.S.) upon request through a subpoena, without them warning the targeted client/user?

This is what has just happened with the SWIFT inter-bank messaging company which is Belgian, but handed over confidential customer data (banking transactions!) to the U.S. without warning these customers.

Handling of personal and confidential business data is viewed very differently in the U.S. and in Europe, and this problem is a concern for European customers of US-hosted on-demand services.

What do you think?

Rup

My first thoughts when I read this were simply:

"Wow! That thought takes us in a completely different direction than I had intended. But still, it’s a very valid concern nonetheless!"

Actually, I see it being a symptom of a problem much larger than trusting Saleforce.com, and a very difficult problem indeed! The Internet has exacerbated a situation that globalization began less than a century ago. National sovereignty was established along geographic lines for centuries, and the Internet is disrupting that precedence. Today we have companies and even people caught in the crossfire between multiple nations where each nation believes it has jurisdiction often resulting in conflicting edicts.

For example, consider that the France court ruled against Yahoo for allowing Nazi-related material on its auction site yet the USA considers such actions protected under free speech. And what about Google’s decision to censor itself in China to keep the Chinese government off it’s back, ignoring the U.S.’ fundament right of free speech? Or when Yahoo gave the Chinese government of four bloggers names and addresses leading to his arrests and jail time? Or when Microsoft deleted the writings of free-speech blogger Zhao Jing on the Chinese government’s request?

I think the reality is these multiple sovereign nations are putting companies between a rock and a hard place. If you are running a business in a foreign country and that country’s government says "Hand it over!" what do you do? Defy and risk going to jail on principle disrupting your life to protect someone you’ve never met, or worse? Unfortunately, I wish it were different but I think there are too few martyrs left in the world today, and especially not working in a compliance role for multinational corporations.

Though the USA is not a foreign country to Salesforce.com, the logistics of your example behave essentially the same. If a U.S. court requires Salesforce.com hand over customer information and requires those customers NOT be notified as per our USA Patriot Act (thank you very much, Mr. Bush and gentlemen of PNAC), do you think it is likely (or even realistic) to expect that Salesforce.com would notify customers out of some sense of moral obligation? Or would Salesforce.com just stay quiet and comply with U.S. law? I think we both know the answer to that one. And honestly, though I hate to say it publicly, I don’t think that I could blame them.

That said, I think I have a potential for Saleforce.com to mitigate this situation if they act in advance. However, me not being a lawyer I have no idea whether my suggestions would be feasible. And who knows, maybe they’ve already done it?

So if you take a look at http://trust.salesforce.com (rather an ironic domain name given the topic du jour, don’t you think?) you’ll see that The Salesforce.com server EMEA operates in Europe, Middle East, and Africa according to Kingsley Joseph. In order to avoid U.S. law, Saleforce.com could configure itself as multiple companies that do not incur jurisdiction in the other’s jurisdiction but that interoperate via agreements as if they were one. Further, these independent companies could be sewn together by a holding company in a business friendly jurisdiction such as Switzerland. Then when a U.S. court asks for a European customer’s information, Saleforce.com USA could rightly say it has no access at all to that information.

Assuming this strategy worked, it would make sense for Salesforce.com to create even more independent companies and spread their servers across the world on a more granular basis. Of course as I said, I have no idea if this would even be viable, especially given the fact Saleforce.com is already a public company on a U.S. stock exchange. But this is the only scenario I can envision that could protect the customer information of European companies from the potential assault of a Patriot Act-backed U.S. subpoena.

If the above is not possible, it appears there is a really huge opportunity for a Saleforce.com competitor to establish a foothold and gain market-share in Europe, and beyond. And if Saleforce.com and many other American company’s loose significant customer’s because of this, they can thank those politicians and pundits who played to the predjudices and fears of majority of the American people and deceived them regarding most of the ramifications of the Patriot ACT.

Anyone else got any other thoughts or theories? Even better, does someone from Salesforce.com’s legal department want to weigh in?

WordPress database error: [Table './thoughtsonsalesforce/jos_wp_comments' is marked as crashed and last (automatic?) repair failed]
SELECT * FROM jos_wp_comments WHERE comment_post_ID = '44' AND comment_approved = '1' ORDER BY comment_date

No Comments

Add your own comment...