The document discusses legal issues surrounding cloud computing and data access across borders. It summarizes the expansive reach of the US Patriot Act, which allows US authorities to subpoena business records from any company that has minimum contacts or possession of targeted data. While the Patriot Act is extraterritorial, EU position is that foreign laws cannot impose direct obligations on organizations in other countries. The document also discusses jurisdiction issues and examples of companies responding to Patriot Act concerns, as well as similar national security laws in other countries.