At PDC this week we have seen Microsoft set out their stall for the next few years and to be honest, it all looks pretty good.

Azure will underpin the Microsoft cloud whilst the likes of Windows 7 and Office 14 will look to that cloud for storage, synchronisation, collaboration and advanced services. New third party applications will be deployed into the cloud which can then be run on any device, anywhere. All good stuff.

And to support all of this, Microsoft is spending big bucks on massive data centres all over the planet. After all, these clouds don’t run themselves and you need lots and lots and lots of servers and petabytes of storage to do this kind of thing.

And we know that these data centres will be built properly with redundant power and great security and that the data will be synchronised between multiple centres so that if one is lost, the user will not be affected. Great!

But here is the problem. Whilst the platform may be secure, a US government official can approach Microsoft and demand access to everything that you have stored on their servers without a warrant and without having to disclose the reason why they want to look. Say hello to the USA Patriot Act.

Now don’t get me wrong, the Patriot Act is there for a very good reason and the good people of America have been quite happy to sign over many of their liberties and rights to the US government over the last few years in the interest of Homeland Security but that is their choice.

So here we have the dilemma.

If I am a British company and I want to use the new services from Microsoft, the Patriot Act extends to all my data even though I am on UK soil and and a British subject. By using this service I have waived any protection I might have otherwise had under UK law and a lot of UK companies don’t like this. Indeed today I am seeing UK companies who are happy to see their data off shored to India, the Czech Republic, South Africa or even Wath upon Dearne but tell them you are sending their data to the US and they will be on the phone quicker than you can say “new supplier”!

But maybe things will go further than this.

After all, in the US the Patriot Act is pretty clear in what it covers but what about in other countries? After all, all it takes for one of the old Russian states to be overthrown and what was a friendly power that gave Microsoft a good deal on the land for a new data centre might suddenly be paying a visit in the middle of the night to seize all the servers.

Now traditional encryption is not going to work here either because not only would Microsoft have to hand over the data but they would be required to hand over the encryption keys as well and because you are now creating the data in the cloud rather than just uploading it, you can’t just PGP it before you upload.

So before we all start throwing our data into the cloud and letting someone else take on the responsibility of keeping it secure just stop and think a minute. Maybe we need some of those nice big Microsoft data centres right here in the UK all to ourselves first?