Government Intrusion Into The Cloud

Government Intrusion Into The Cloud

Government Intrusion Into The Cloud

The latest revelations about our government’s surveillance of “telephony metadata” is a scandal for some but a yawner for most Americans. 56% said they didn’t mind as long as the information was being used to catch terrorists. The thing is that while Contractor Snowden named names: PRISM, Microsoft, Verizon, Google, he didn’t tell us anything that hasn’t been in the press for years – even decades.

privacy-government

But, what if you run a cloud service, communications network or even an email server, and receive a government demand for customer data? Can you tell your customers? Should you? What is your risk is as a provider?

There are several avenues for the government to access your customers’ electronic records. Ironically, two of them are “privacy” laws designed to put some restraints around law enforcement and the intelligence community: the Foreign Intelligence Surveillance Act (“FISA”) and the Electronic Communications Privacy Act (“ECPA”). But it was the Patriot Act that really boosted electronic surveillance by the FBI through the National Security Letter (“NSL”) statutes. None of these laws are new. The Patriot Act is now 12 years old. FISA turned 35 this year, and the ECPA is 27 years old.

Contractor Snowden’s leaks appear to be related to FISC orders, the secret court authorized by FISA that may issue orders for the surveillance of non-US citizens without their knowledge.

The ECPA came about to give early email users comfort that their mail providers wouldn’t just turn over their email to anyone who might ask. In defense of the ECPA, it requires law enforcement to get subpoenas, search warrants or court orders through normal channels. It also requires the provider to get customer consent to disclose the contents of their communications, but not for disclosure of customer account information.

NSLs have a history of abuse by the FBI and have suffered repeated constitutional challenges with the latest adverse court ruling just in March of this year. A US District Court judge declared the entire statute unconstitutional and told the FBI to stop issuing them. However, in a remarkable reversal a few weeks ago, the same judge ordered Google to turn over most of the requested user information anyway, pending a ruling from the 9th Circuit Court. Stay tuned on the status of NSLs.

So what’s eating Snowden? Has surveillance activity under these laws spiked? Due to the secrecy requirements, we, the general public, get only an annual report on numbers of FISC orders and NSL authorizations. On Monday, The Daily Show reported to outraged laughter that FISC had issued 1788 orders last year. But that’s not the half of it. The FBI issued 15,229 NSLs pertaining to 6,223 different US personsnot including requests for subscriber information only. While this may be shocking, the reality is that the numbers of FISC orders have been reasonably consistent since 9/11, and the number of reported NSLs has dropped 50-70% during the Obama administration.

In the end, what does this mean to a cloud company that gets a law enforcement demand to turn over customer information?

  • A subpoena, search warrant or court order issued under the ECPA may or may not require notifying the customer and getting the customer’s consent prior to disclosure. Make sure it’s validly issued and get consent if necessary before complying. If you follow the law, the ECPA provides you immunity from actions claiming improper disclosure.
  • Check your customer contracts including any confidentiality agreements. It’s common to agree to notify the customer, if allowed by law, prior to disclosing any customer information so that the customer may seek to limit or deny the request. The ECPA doesn’t require secrecy. FISA and NSL authorizations typically do.
  • A FISC order is secret and literally would take an act of Congress to change. However, in 2008 FISA was amended to give immunity to communications providers who follow the law. Now do you understand PRISM?
  • It’s unclear if NSLs are still being issued during the appeal of the Google case, but any NSL bears careful scrutiny before complying. In addition, there is no immunity for communications providers under the NSL statutes.

By Cindy Wolf

(Image Source: Shutterstock)

Cindy Wolf

Cindy Wolf is a Colorado lawyer with more than 25 years experience representing large and small domestic and multinational companies. Her expertise is in helping companies enter the cloud safely, either as providers or users. She also practices in the areas of corporate law and commercial contracting, with an emphasis on international issues. She can be reached at cindy@cindywolf.com.

(*Note - This publication is provided for informational purposes only. It does not constitute legal advice. There is no implicit guarantee that this information is correct, complete, or up to date. This publication is not intended to and does not create an attorney-client relationship between you and the author...)

Latest posts by Cindy Wolf (see all)

Sorry, comments are closed for this post.

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

Cloud Computing Offers Key Benefits For Small, Medium Businesses

Cloud Computing Offers Key Benefits For Small, Medium Businesses

A growing number of small and medium businesses in the United States rely on as a means of deploying mission-critical software products. Prior to the advent of cloud-based products — software solutions delivered over the Internet – companies were often forced to invest in servers and other products to run software and store data. The…

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data Big Data is BIG business and will continue to be one of the more predominant areas of focus in the coming years from small startups to large scale corporations. We’ve already covered on CloudTweaks how Big Data can be utilized in a number of interesting ways from preventing world hunger to…

Big Data Analytics Adoption

Big Data Analytics Adoption

Big Data Analytics Adoption Big Data is an emerging phenomenon. Nowadays, many organizations have adopted information technology (IT) and information systems (IS) in business to handle huge amounts of data and gain better insights into their business. Many scholars believe that Business Intelligence (BI), solutions with Analytics capabilities, offer benefits to companies to achieve competitive…

BYOD Will Continue To Define Workplaces In 2014

BYOD Will Continue To Define Workplaces In 2014

BYOD Will Continue To Define Workplaces In 2014 The bring-your-own-device trend has been the subject of scrutiny ever since its initial formation. Given how quickly personal smartphones and tablets became a fixture in everyday life, it makes perfect sense that these mobile machines would slip into workplaces. While BYOD has caused headaches for many businesses,…

Featured Sponsors

Sponsors

What To Do When You’ve Outgrown Your Basic Business Software

What To Do When You’ve Outgrown Your Basic Business Software

What To Do When You’ve Outgrown Your Basic Business Software You know that feeling. You have multiple business products that aren’t communicating, meaning your employees are doing more work, uploading redundant data into different systems. The software is sluggish and can’t be accessed via browser. You’re paying per user, which is starting to get painful.…

Placement Opportunities - Find Out!

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter