Q619 The Chairman: […] If 30 million British subjects are held on a server in the States, do I understand the Patriot Act and others correctly in thinking that American authorities, whether the NSA or the FBI, would then have the right to say that they wanted access to anything on an American computer?

Simon Milner: Well, we are subject to the US courts, and if we receive a valid and enforceable order requiring us to disclose data about a user we have to comply with that order. It is worth bearing in mind that UK users of Facebook have a contract with Facebook Ireland and are protected under Irish data protection law, which is under the European data protection framework. We are subject to some very clear and robust rules around how we handle their data. It is not an issue that has arisen thus far, but you are right that, given where we hold our data, it could be an issue in future.

Q620 The Chairman: Is it fanciful that American security agencies could serve a legal notice on you, saying that they did not just want information on this dodgy character, Blencathra, [THE CHAIRMAN] but on all 30 million Brits so that we can do a trawl for other reasons.

Simon Milner: The approach of the US authorities has been much more around preservation than retention. You might get requests to preserve data about accounts of somebody of interest, who may well be suspected of illegal behaviour. So it would be completely out of character, given their approach to these issues, to take that kind of blanket action.

Q621 The Chairman: And Twitter is of the same view, roughly?

Colin Crowell: Yes.