Government Intrusion Into The Cloud

Government Intrusion Into The Cloud

Government Intrusion Into The Cloud

The latest revelations about our government’s surveillance of “telephony metadata” is a scandal for some but a yawner for most Americans. 56% said they didn’t mind as long as the information was being used to catch terrorists. The thing is that while Contractor Snowden named names: PRISM, Microsoft, Verizon, Google, he didn’t tell us anything that hasn’t been in the press for years – even decades.

privacy-government

But, what if you run a cloud service, communications network or even an email server, and receive a government demand for customer data? Can you tell your customers? Should you? What is your risk is as a provider?

There are several avenues for the government to access your customers’ electronic records. Ironically, two of them are “privacy” laws designed to put some restraints around law enforcement and the intelligence community: the Foreign Intelligence Surveillance Act (“FISA”) and the Electronic Communications Privacy Act (“ECPA”). But it was the Patriot Act that really boosted electronic surveillance by the FBI through the National Security Letter (“NSL”) statutes. None of these laws are new. The Patriot Act is now 12 years old. FISA turned 35 this year, and the ECPA is 27 years old.

Contractor Snowden’s leaks appear to be related to FISC orders, the secret court authorized by FISA that may issue orders for the surveillance of non-US citizens without their knowledge.

The ECPA came about to give early email users comfort that their mail providers wouldn’t just turn over their email to anyone who might ask. In defense of the ECPA, it requires law enforcement to get subpoenas, search warrants or court orders through normal channels. It also requires the provider to get customer consent to disclose the contents of their communications, but not for disclosure of customer account information.

NSLs have a history of abuse by the FBI and have suffered repeated constitutional challenges with the latest adverse court ruling just in March of this year. A US District Court judge declared the entire statute unconstitutional and told the FBI to stop issuing them. However, in a remarkable reversal a few weeks ago, the same judge ordered Google to turn over most of the requested user information anyway, pending a ruling from the 9th Circuit Court. Stay tuned on the status of NSLs.

So what’s eating Snowden? Has surveillance activity under these laws spiked? Due to the secrecy requirements, we, the general public, get only an annual report on numbers of FISC orders and NSL authorizations. On Monday, The Daily Show reported to outraged laughter that FISC had issued 1788 orders last year. But that’s not the half of it. The FBI issued 15,229 NSLs pertaining to 6,223 different US persons – not including requests for subscriber information only. While this may be shocking, the reality is that the numbers of FISC orders have been reasonably consistent since 9/11, and the number of reported NSLs has dropped 50-70% during the Obama administration.

In the end, what does this mean to a cloud company that gets a law enforcement demand to turn over customer information?

  • A subpoena, search warrant or court order issued under the ECPA may or may not require notifying the customer and getting the customer’s consent prior to disclosure. Make sure it’s validly issued and get consent if necessary before complying. If you follow the law, the ECPA provides you immunity from actions claiming improper disclosure.
  • Check your customer contracts including any confidentiality agreements. It’s common to agree to notify the customer, if allowed by law, prior to disclosing any customer information so that the customer may seek to limit or deny the request. The ECPA doesn’t require secrecy. FISA and NSL authorizations typically do.
  • A FISC order is secret and literally would take an act of Congress to change. However, in 2008 FISA was amended to give immunity to communications providers who follow the law. Now do you understand PRISM?
  • It’s unclear if NSLs are still being issued during the appeal of the Google case, but any NSL bears careful scrutiny before complying. In addition, there is no immunity for communications providers under the NSL statutes.

By Cindy Wolf

(Image Source: Shutterstock)

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Ending The Great Enterprise Disconnect

Ending The Great Enterprise Disconnect

Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…

Four Keys For Telecoms Competing In A Digital World

Four Keys For Telecoms Competing In A Digital World

Competing in a Digital World Telecoms, otherwise largely known as Communications Service Providers (CSPs), have traditionally made the lion’s share of their revenue from providing pipes and infrastructure. Now CSPs face increased competition, not so much from each other, but with digital service providers (DSPs) like Netflix, Google, Amazon, Facebook, and Apple, all of whom…

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

Three Factors For Choosing Your Long-term Cloud Strategy

Three Factors For Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Recurring Revenue Business Metrics Recurring revenue is the secret sauce behind the explosive growth of powerhouses like Netflix and Uber. Unsurprisingly, recurring revenue is also quickly gaining ground in more traditional industries like healthcare and the automotive business. In fact, nearly half of U.S. businesses have adopted or are planning to adopt a recurring revenue model,…

Most Active Internet Of Things Investors In The Last 5 Years

Most Active Internet Of Things Investors In The Last 5 Years

Most Active Internet Of Things Investors A recent BI Intelligence report claimed that the Internet of Things (IoT) is on its way to becoming the largest device market in the world. Quite naturally, such exponential growth of the IoT market has prompted a number of high-profile corporate investors and smart money VCs to bet highly…

The Big Data Movement Gets Bigger

The Big Data Movement Gets Bigger

The Big Data Movement In recent years, Big Data and Cloud relations have been growing steadily. And while there have been many questions raised around how best to use the information being gathered, there is no question that there is a real future between the two. The growing importance of Big Data Scientists and the…

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring One of the hottest topics in Information and Communication Technology (ICT) is the Internet of Things (IOT). According to the report of International Telecommunication Union (2012), “the Internet of things can be perceived as a vision with technological and societal implications. It is considered as a…

Fintech Investments Are Seeing Consistent Growth

Fintech Investments Are Seeing Consistent Growth

The Financial Services Cloud Fintech investment has been seeing consistent growth in 2015, with some large moves being made this year. The infographic (Courtesy of Venturescanner) below shows the top Fintech investors and the amount of companies they’re currently funding: Just this week, a financial data startup known as Orchard Platform raised $30 million in…

Cloud Infographic – Guide To Small Business Cloud Computing

Cloud Infographic – Guide To Small Business Cloud Computing

Small Business Cloud Computing Trepidation is inherently attached to anything that involves change and especially if it involves new technologies. SMBs are incredibly vulnerable to this fear and rightfully so. The wrong security breach can incapacitate a small startup for good whereas larger enterprises can reboot their operations due to the financial stability of shareholders. Gordon Tan contributed an…

Battle of the Clouds: Multi-Instance vs. Multi-Tenant

Battle of the Clouds: Multi-Instance vs. Multi-Tenant

Multi-Instance vs. Multi-Tenant The cloud is part of everything we do. It’s always there backing up our data, pictures, and videos. To many, the cloud is considered to be a newer technology. However, cloud services actually got their start in the late 90s when large companies used it as a way to centralize computing, storage,…

Infographic: 9 Things To Know About Business Intelligence (BI) Software

Infographic: 9 Things To Know About Business Intelligence (BI) Software

Business Intelligence (BI) Software  How does your company track its data? It’s a valuable resource—so much so that it’s known as Business Intelligence, or BI. But using it, integrating it into your daily processes, that can be significantly difficult. That’s why there’s software to help. But when it comes to software, there are lots of…

Cukes and the Cloud

Cukes and the Cloud

The Cloud, through bringing vast processing power to bear inexpensively, is enabling artificial intelligence. But, don’t think Skynet and the Terminator. Think cucumbers! Artificial Intelligence (A.I.) conjures up the images of vast cool intellects bent on our destruction or at best ignoring us the way we ignore ants. Reality is a lot different and much…

Ransomware’s Great Lessons

Ransomware’s Great Lessons

Ransomware The vision is chilling. It’s another busy day. An employee arrives and logs on to the network only to be confronted by a locked screen displaying a simple message: “Your files have been captured and encrypted. To release them, you must pay.” Ransomware has grown recently to become one of the primary threats to…

InformationWeek Reveals Top 125 Vendors Taking the Technology Industry by Storm

InformationWeek Reveals Top 125 Vendors Taking the Technology Industry by Storm

InformationWeek Reveals Top 125 Vendors Five-part series details companies to watch across five essential technology sectors SAN FRANCISCO, Sept. 27, 2016 /PRNewswire/ — InformationWeek released its list of “125 Vendors to Watch” in 2017. Selected by InformationWeek’s expert editorial team, the companies listed fall into one of five key themes: infrastructure, security, cloud, data management and…