How Confidential Is Data in the Cloud and What Are The Implications?

Hal Steger : Thinking Out Cloud
Hal Steger
Vice President of Worldwide Marketing at Funambol. 20+ years of marketing & product management experience at high-growth, innovative global software companies.

Thinking Out Cloud

| This blog is about personal cloud solutions, technology, trends and market developments. Its scope is to comment on and discuss several aspects of personal clouds.

How Confidential Is Data in the Cloud and What Are The Implications?

June 3, 2013

A federal judge recently ordered Google to comply with FBI requests to make customer data available, without a warrant. You can google the story (seems ironic to google a story against Google) or view it at:
 http://www.mercurynews.com/business/ci_23365503/google-ordered-turn-over-data-fbi

In this case, the FBI can present National Security Letters to Google requesting access to customer data, and Google must honor the requests by allowing access. National Security Letters do not require a warrant, they can be issued without judicial due process. The FBI could issue a letter when they suspect someone and want to check their Gmail or Google Drive account.

National Security Letters are presumably limited to the pursuit of national security, which in my view is a good thing. But the recipient of these letters (in this case, Google) cannot reveal they have received the letters or that they have provided the FBI with access to user data. This access of user data happens in the dark.

I do not ascribe to government conspiracy theories, although like many people, I have a healthy dose of skepticism about matters such as this. It goes without saying that the U.S. government and others can probably access almost any info that they want that is stored in Google or other cloud services.

What is the implication of knowing that cloud data is not confidential? For example, what's to prevent a rogue person from abusing the ability to review user data and siphon off potentially valuable or damaging information? There is no check-and-balance as it happens without people's awareness.

For people who are law abiding citizens, this is the price of living in a society with government oversight to protect the public's interest. If you are in the good graces of the law, you have little to worry about. Unless someone taps into your personal information and uses it to commit identity theft, or worse, but for the most part, the chances of this are slim to none.

If you are a business that stores data in the cloud, not just Google but perhaps a financial institution, this implies that your business data could be at risk. People could view information they should not see. It is easy to understand why companies would be concerned about storing data in the cloud.

What is the upshot for personal clouds? Again, if you are law abiding, you most likely have little to worry about. If you are not, you might want to think twice (chances are, you are not reading this blog :)

Personal clouds deployed by mobile operators in countries outside the U.S. generally do not need to honor requests from U.S. government agencies, so in this respect, these clouds may be more secure. Countries outside the U.S. have their own laws that may be more or less protective than U.S. laws, but there is the perception that people's data in certain countries and thus their clouds are safer. Whether this is true is a topic for cloud security experts and lawyers to discuss.