Cloud Security: It’s a matter of trust
Why would anyone – a company, citizen, or even a government – knowingly trust cloud security and the rights to data privacy if it’s subject to the whims of US intelligence? Answer: you totally wouldn’t. But we do every single day. We blissfully give up our cloud security in the name of convenience all the time. And right now (today, as I write this), one of the most important cases in the history of the internet insofar as data privacy is concerned, is underway. And yet, almost no one even knows it.
Microsoft v. US Justice Department
Saying “no” to the gov isn’t usually a great idea but Microsoft did just that. The US Justice Department has served a search warrant on Microsoft to gain access to information being stored in a data center in Ireland as part of an ongoing effort to crush an international drug smuggling ring. Microsoft has flatly refused, placing them in direct contempt of court; very dangerous. So why should you care and what does that have to do with cloud security?
Consider this: An acquaintance sends you an email. Doesn’t matter what it’s about, all that matters is they sent you an email. Could be that you were not even the main recipient; maybe you were only copied in the email. But now that acquaintance is in trouble with the law and it’s not good. Doesn’t matter what they did or if they even did anything at all or even that you have absolutely nothing to do with whatever may or may not have transpired. They are in big trouble, and as a result of that, you find you have been served with a search warrant for your computer because you were a recipient of an email sent by someone of interest. How happy are you about turning over your privately held data? Not very.
That’s what is happening to Microsoft and by proxy, Ireland. The USJD is compelling Microsoft to hand over data stored in Ireland. In the analogy above, you are Ireland. Someone wants to take a look under your kimono for something that you are not even remotely involved in. Microsoft and Ireland are understandably crying foul.
This has massive implications way beyond a traditional search warrant, which happens all the time. But what is out of the ordinary is the US Justice Department is forcing Microsoft to hand over data stored in another country – a country that has its own set of laws and regulations. Therein lies the problem and it begs the question: just what rights does one jurisdiction have over another when it comes to data privacy? Microsoft is digging in their heels on this and your data privacy hangs in the balance.
“Big deal” you say. “What do I care if the US government is going after some international drug ring and they want some emails that Microsoft is housing in Ireland?” Because this case will set a huge precedent. If the government wins, this opens the possibility of them doing this on demand in the future without having the encumbrance of a court of law.
So going back to our analogy above, it’s no longer just the local authorities wanting to look at your email, it’s a foreign government. Uncle Sam wants you AND your data even (especially even) if it is self-incriminating. Bad enough that Bill C51 gives our own government the ability to – without due process – give you the digital equivalent of a colonoscopy, you may well now be subject to a strip search from a foreign entity that can reach right into your living room irrespective of the rights and laws of our own country. Still thinking “Big deal”?
The impact on cloud security
The ramifications of this are far-reaching. The crux of it is this: one of the last pieces of the puzzle preventing greater adoption of the cloud is data privacy. Many businesses that I speak with daily have indicated that they still don’t trust cloud security. People are concerned – rightly so – that once their intellectual property leaves the confines of their building, it’s open season. Cases like this do nothing to instill confidence; this case, and many others like it, is exactly what erodes confidence in cloud security.
Microsoft goes back to court today and I for one will be watching this very closely. We need to have confidence in the cloud companies we trust our data with. We don’t want our governments or anyone else’s having carte blanche with our data just on a whim. Without that trust, we will never truly be able to achieve the opportunity for greatness that the cloud presents.