As the US Senate heads toward their recess, the Cybersecurity Act of 2012, sponsored by Sen. Joseph Lieberman, is receiving a substantial amount of additional amendments. The Republicans want security standards to be voluntary as opposed to mandated by the government and the Democrats want to protect consumer privacy. In the end where does the Government belong in data protection and access? What happens if a cloud provider stumbles across plans to blow up a building in the US? Do they have an obligation to turn the data over to authorities? If they do, are they violating their agreement with the consumer?
Now you may be able to argue that something like this violates the company’s terms and conditions, but what if is a writer doing research for a book they are publishing? Do we want the government to have access to our data if it means that we are better protected but some people’s rights will be trampled in the process? This of course is an age long debate and does not always apply to cloud data, there are plenty of other examples where this occurs, but ultimately we as the people, must decide how much freedom we are willing to give up to remain protected.
For those of you who are totally against government tracking via GPS phones, let me ask you this, let's say your child was kidnapped and the person that kidnapped your child had a GPS phone, but the phone company was unwilling to provide the GPS coordinates because it violated the kidnappers rights? Now let’s alter the story, what if this was a divorced parent who picked their child up from school and the other parent forgot to tell the baby sitter, who then reported the child kidnapped by the police?
These stories will go back and forth and for every positive reason to do it, there will be a negative consequence. With that said, this is not just an issue for consumers, the fact is that the Patriot Act grants US authorizes the ability to view data stored in cloud providers under certain conditions. In fact it has been a long standing argument with Europe that Data hosted by US companies (either in the US or in Europe) are subject to the Patriot Act, This became a hot button last year when Microsoft admitted in London during their release of Office 365that data they host could be subject to the Patriot Act no matter where they host it.
The reality is that all Governments, not just the US, are able to access data hosted in the cloud. A recent white paper by Hogan Lovells analyzes different governments and their access to data, based on their research, they claim, “The White Paper reveals that every jurisdiction examined vests authority in the government to require a Cloud service provider to disclose customer data. It explains why the access provisions of the USA Patriot Act are narrower than commonly thought.”
A summary chart of the White Paper's findings is below:
So where do we draw the line, do we give up certain rights in order to increase the protection of all? Once again this is not an easy question and one that will evolve and change over time.
Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.
Wonderful post. your post about Cloud Data is very well written and unique. Thank you for sharing this post here. cloud training in bangalore
ReplyDeleteThanks for publishing such great information. You are doing such a great job. This information is very helpful for everyone. Keep it up. Thanks. cloud computing houston tx
ReplyDelete