While you would need to have been vacationing in the Rockies for the last year or so to have missed the stories outlining the US Government’s legal right to obtain data, most people have just come to accept that we have no choice in the matter. Court papers released on Monday show that Microsoft is fighting a
US warrant for customer data stored overseas.
The US is pursuing criminal matters against an individual and has requested emails stored in Dublin Ireland. Microsoft’s theme for their objection to the US warrant is that allowing the obtuse nature of the warrant would "violate international laws and treaties, and reduce the privacy protection of everyone on the planet," as well as "have a significant negative impact on Microsoft's business, and the competitiveness of US cloud providers in general".
In support of this, both Apple and Cisco have filed a
friend-of-the-court brief backing Microsoft's position, this is in addition to ones submitted earlier in the week by Verizon and AT&T. Many international organizations recognize the fact that the
US government has the right to ask and obtain data from a US company or subsidiary customer data no matter where it resides in the world. The problem is that many International companies feel this is a serious risk to doing business with US companies, I guess only in America do we teach of a global economy. Yes it is true that the law exists, and it is true that companies may not do business with a US company because of it, however, if you build a product that they want, they will use it.
Let’s face facts, data in the cloud is subject to risk (so by the way is data behind the firewall, just ask
Target), if it were not, you would see considerably more data stored in the cloud. Having worked both cloud solutions and enterprise software, it is very easy to see the distinction; however it is far more complex when trying to run a business.
We often talk about
Salesforce.com (SFDC), as being a major cloud platform that companies heavily rely on. I mean after all, if your entire customer database is on SFDC, you would really need to trust the cloud, right? Well truth be told, the average sales person will probably do more damage leaving an organization with his contact list than losing data from the use of SFDC.
As companies consume homogenized data, it becomes a commodity; you purchase the integration value, not the protection of the data. Don’t misunderstand, the data must be protected, however, no one believes that a cloud provider could deliver better protection than keeping the data encrypted behind their own firewall. Organizations traditionally move data that would not jeopardize the organization to the cloud. This may also include data that extends beyond the firewall.
The debate will rage on for several more years, our society is very fickle, when bad things happen, we want the government to do their job, when things are okay, we want the government to stay away. But how do you balance this? At some level we must realize that the ability to communicate across thousands of miles in milliseconds puts us all at risk, where do we draw the line? I am not advocating government censorship and I am a firm believer that power corrupts, but is profiling patterns, which is typically what happens with most of our data, the worse thing to give up for our protection?
Do we really believe that the US government is doing anything more than other governments, just because their Snowden hasn't gone public? I remember as a child my father saying to me after I got caught doing something I shouldn't have been doing, “The difference between you and me, is that I did not get caught”, I was about to challenge him on that statement, but having thought about this for a brief second, I realized, to defend myself, would mean I would have to tell him about the other 100 times I got away with it. Do we really believe that spying is a US government anomaly?