Government Intrusion Into The Cloud

Government Intrusion Into The Cloud

Government Intrusion Into The Cloud

The latest revelations about our government’s surveillance of “telephony metadata” is a scandal for some but a yawner for most Americans. 56% said they didn’t mind as long as the information was being used to catch terrorists. The thing is that while Contractor Snowden named names: PRISM, Microsoft, Verizon, Google, he didn’t tell us anything that hasn’t been in the press for years – even decades.

privacy-government

But, what if you run a cloud service, communications network or even an email server, and receive a government demand for customer data? Can you tell your customers? Should you? What is your risk is as a provider?

There are several avenues for the government to access your customers’ electronic records. Ironically, two of them are “privacy” laws designed to put some restraints around law enforcement and the intelligence community: the Foreign Intelligence Surveillance Act (“FISA”) and the Electronic Communications Privacy Act (“ECPA”). But it was the Patriot Act that really boosted electronic surveillance by the FBI through the National Security Letter (“NSL”) statutes. None of these laws are new. The Patriot Act is now 12 years old. FISA turned 35 this year, and the ECPA is 27 years old.

Contractor Snowden’s leaks appear to be related to FISC orders, the secret court authorized by FISA that may issue orders for the surveillance of non-US citizens without their knowledge.

The ECPA came about to give early email users comfort that their mail providers wouldn’t just turn over their email to anyone who might ask. In defense of the ECPA, it requires law enforcement to get subpoenas, search warrants or court orders through normal channels. It also requires the provider to get customer consent to disclose the contents of their communications, but not for disclosure of customer account information.

NSLs have a history of abuse by the FBI and have suffered repeated constitutional challenges with the latest adverse court ruling just in March of this year. A US District Court judge declared the entire statute unconstitutional and told the FBI to stop issuing them. However, in a remarkable reversal a few weeks ago, the same judge ordered Google to turn over most of the requested user information anyway, pending a ruling from the 9th Circuit Court. Stay tuned on the status of NSLs.

So what’s eating Snowden? Has surveillance activity under these laws spiked? Due to the secrecy requirements, we, the general public, get only an annual report on numbers of FISC orders and NSL authorizations. On Monday, The Daily Show reported to outraged laughter that FISC had issued 1788 orders last year. But that’s not the half of it. The FBI issued 15,229 NSLs pertaining to 6,223 different US persons – not including requests for subscriber information only. While this may be shocking, the reality is that the numbers of FISC orders have been reasonably consistent since 9/11, and the number of reported NSLs has dropped 50-70% during the Obama administration.

In the end, what does this mean to a cloud company that gets a law enforcement demand to turn over customer information?

  • A subpoena, search warrant or court order issued under the ECPA may or may not require notifying the customer and getting the customer’s consent prior to disclosure. Make sure it’s validly issued and get consent if necessary before complying. If you follow the law, the ECPA provides you immunity from actions claiming improper disclosure.
  • Check your customer contracts including any confidentiality agreements. It’s common to agree to notify the customer, if allowed by law, prior to disclosing any customer information so that the customer may seek to limit or deny the request. The ECPA doesn’t require secrecy. FISA and NSL authorizations typically do.
  • A FISC order is secret and literally would take an act of Congress to change. However, in 2008 FISA was amended to give immunity to communications providers who follow the law. Now do you understand PRISM?
  • It’s unclear if NSLs are still being issued during the appeal of the Google case, but any NSL bears careful scrutiny before complying. In addition, there is no immunity for communications providers under the NSL statutes.

By Cindy Wolf

(Image Source: Shutterstock)

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comics
What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about three hours of service outage. The attack was orchestrated using a botnet of connected devices including a large number of webcams…

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the adoption of new technologies such as the cloud. Keeping data on-premise has long-been considered to be the more secure option;…

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services or healthcare providers have stringent compliance requirements. As a key stakeholder, your recommendation or decision impacts the degree of adoption…

Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this question: how in the world do you eat cloud software? Cybersecurity today seems to have an unfortunate Catch-22. You want…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw in 2014 to a whopping $84 billion global market by 2019. Hybrid cloud environments offer companies the resilience and scalability…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around the goal of finding a cure for cancer. President Obama put his second-in-command, Vice President Joe Biden, in charge of…

Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society’s most important functions, teaching can still seem antiquated at times. Many schools still function similarly to how they did five or 10 years ago, which is surprising considering the amount of technical innovation we’ve seen in the past decade. Education is an industry ripe for innovation and more recent technological advances, such as use of the cloud, have began to make their way into schools. Teachers…

The Key To Improving Business Lies In Eye-Interaction Tech

The Key To Improving Business Lies In Eye-Interaction Tech

Eye-Interaction Technology Analysts at Goldman Sachs predict virtual reality revenue will surpass TV within the next decade. More than just some gaming fad, VR represents a whole new way for organizations to train, research, and explore vast amounts of data. Despite its popularity, however, VR is still not in the hands of the majority, and business on a large scale cannot function without all business partners having access to the technology. But with eye interaction…

Technology Influencer in Chief: 5 Steps to Success for Today’s CMOs

Technology Influencer in Chief: 5 Steps to Success for Today’s CMOs

Success for Today’s CMOs Being a CMO is an exhilarating experience – it’s a lot like running a triathlon and then following it with a base jump. Not only do you play an active role in building a company and brand, but the decisions you make have direct impact on the company’s business outcomes for years to follow. The role of Chief Marketing Officer (CMO) has evolved significantly in the past several years. Previously, the…