Cloud Security: It’s a matter of trust

Posted by .

Simple question

Why would anyone – a company, citizen, or even a government – knowingly trust cloud security and the rights to data privacy if it’s subject to the wprivate propertyhims of US intelligence? Answer: you totally wouldn’t. But we do every single day. We blissfully give up our cloud security in the name of convenience all the time. And right now (today, as I write this), one of the most important cases in the history of the internet insofar as data privacy is concerned, is underway. And yet, almost no one even knows it.

Microsoft v. US Justice Department

Saying “no” to the gov isn’t usually a great idea but Microsoft did just that. The US Justice Department has served a search warrant on Microsoft to gain access to information being stored in a data center in Ireland as part of an ongoing effort to crush an international drug smuggling ring. Microsoft has flatly refused, placing them in direct contempt of court; very dangerous. So why should you care and what does that have to do with cloud security?

Data sovereignty

Consider this: An acquaintance sends you an email. Doesn’t matter what it’s about, all that matters is they sent you an email. Could be that you were sovereigntynot even the main recipient; maybe you were only copied in the email. But now that acquaintance is in trouble with the law and it’s not good. Doesn’t matter what they did or if they even did anything at all or even that you have absolutely nothing to do with whatever may or may not have transpired. They are in big trouble, and as a result of that, you find you have been served with a search warrant for your computer because you were a recipient of an email sent by someone of interest. How happy are you about turning over your privately held data? Not very.

That’s what is happening to Microsoft and by proxy, Ireland. The USJD is compelling Microsoft to hand over data stored in Ireland. In the analogy above, you are Ireland. Someone wants to take a look under your kimono for something that you are not even remotely involved in. Microsoft and Ireland are understandably crying foul.

Slippery slope
This has massive implications way beyond a traditional search warrant, which happens all the time. But what is out of the ordinary is the US Justice Department is forcing Microsoft to hand over data stored in another country – a country that has its own set of laws and regulations. Therein lies the problem and it begs the question: just what rights does one jurisdiction have over another when it comes to data privacy? Microsoft is digging in their heels on this and your data privacy hangs in the balance.

Precedent setting
“Big deal” you say. “What do I care if the US government is going after some international drug ring and they want some emails that Microsoft is housing in Ireland?” Because this case will set a huge precedent. If the government wins, this opens the possibility of them doing this on demand in the future without having the encumbrance of a court of law.
So going back to our analogy above, it’s no longer just the local authorities wanting to look at your email, it’s a foreign government. Uncle Sam wants you AND your data even (especially even) if it is self-incriminating. Bad enough that Bill C51 gives our own government the ability to – without due process – give you the digital equivalent of a colonoscopy, you may well now be subject to a strip search from a foreign entity that can reach right into your living room irrespective of the rights and laws of our own country. Still thinking “Big deal”?

The impact on cloud security
domestic securityThe ramifications of this are far-reaching. The crux of it is this: one of the last pieces of the puzzle preventing greater adoption of the cloud is data privacy. Many businesses that I speak with daily have indicated that they still don’t trust cloud security. People are concerned – rightly so – that once their intellectual property leaves the confines of their building, it’s open season. Cases like this do nothing to instill confidence; this case, and many others like it, is exactly what erodes confidence in cloud security.
Microsoft goes back to court today and I for one will be watching this very closely. We need to have confidence in the cloud companies we trust our data with. We don’t want our governments or anyone else’s having carte blanche with our data just on a whim. Without that trust, we will never truly be able to achieve the opportunity for greatness that the cloud presents.