US hosted data
> If they do this openly, just imagine what they do with your US hosted data.
Actually customs officers in many countries can demand passwords; they have very strong powers. I'd say that this is a risk that most companies have learned to accept (or else issue special sanitised laptops for international travel). And data hosted in another country (not just the US) is subject to whatever that country's intelligence services are allowed to do. That's an intrinsic risk of cloud computing, and it's short-sighted to only point at the US risks. There are numerous countries that require equipment vendors to provide back doors.