'We can't guarantee the NSA won't touch our data,' says former Dutch government CIO

Dion Kotteman says US domination of the data centre and cloud hardware market means Washington will always have a way in

The US Patriot Act means it's impossible to guarantee that the NSA and other American intelligence services aren't able to snoop on data stored on European data centre servers, Dion Kotteman, executive adviser to the Dutch Ministry of Finance and Former CIO of the Dutch Government has said.

Kotteman made the comments while speaking at Computing's Data centre and Infrastructure Summit 2015.

Passed by the US government following the September 11th 2001 terrorist attacks, the Patriot Act allows the American authorities including the NSA to collect and search communications data stored on servers from American technology providers.

The extent of NSA mass surveillance carried out in the name of the Patriot Act was first revealed by whistleblower and former government contractor Edward Snowden in 2013.

Kotteman told the Computing Data centre and Instructure Summit 2015 audience at London Hilton Tower Bridge that reliance on American technology vendors to provide infrastructure means the Dutch government - and others - are basically powerless to stop US intelligence services from spying on data - even if it's kept on European soil.

"It's a difficult issue; The Patriot Act does of course affect the whole thing [of cloud computing]. The American government can gain access to data if there is a national security issue involved. But to be open, we can't operate these data centres without American involvement," he said.

One reason European authorities can't guarantee that their databases won't be accessed by the US government, Kotteman explained, is because of the market dominance of US technology vendors.

"Most of the hardware is American. Some of these American makes have a backdoor in their machines in order to allow the intelligence services to gain access to the data," he told the audience, adding that even if an organisation took every step to ensure all data was always private, backdoors into systems mean the NSA can still see the information.

"So even if you consider how the Patriot Act applies and you're very careful about keeping data on your own soil, in Dutch territory, even then you can't guarantee that the American government can't gain access to the data," said Kotteman.

Kotteman also suggested that American employees of the Dutch government might be required by their government to hand over data.

"We sometimes do hire staff to operate the data centres and sometimes these staff are American, so the Patriot Act is very involved with the whole thing," he said.

"We can't guarantee the American government won't touch the data, we have to be realistic, there is a chance that they'll touch the data that we have," Kotteman added.

Kotteman said the Dutch government doesn't have much choice when it comes to data centre providers.

"There are no Dutch computer makes that we can install in the data centre. There was a brand called Tulip but they don't exist anymore," he said.

"You're not able to guarantee the Americans won't touch data because of these technical and hardware issues," Kotteman said.