The Lighter Side Of The Cloud – Big Broadband
The Lighter Side Of The Cloud – The Migration Strategy
The Lighter Side Of The Cloud – Stuff
Government Intrusion Into The Cloud

Government Intrusion Into The Cloud

Government Intrusion Into The Cloud

The latest revelations about our government’s surveillance of “telephony metadata” is a scandal for some but a yawner for most Americans. 56% said they didn’t mind as long as the information was being used to catch terrorists. The thing is that while Contractor Snowden named names: PRISM, Microsoft, Verizon, Google, he didn’t tell us anything that hasn’t been in the press for years – even decades.

privacy-government

But, what if you run a cloud service, communications network or even an email server, and receive a government demand for customer data? Can you tell your customers? Should you? What is your risk is as a provider?

There are several avenues for the government to access your customers’ electronic records. Ironically, two of them are “privacy” laws designed to put some restraints around law enforcement and the intelligence community: the Foreign Intelligence Surveillance Act (“FISA”) and the Electronic Communications Privacy Act (“ECPA”). But it was the Patriot Act that really boosted electronic surveillance by the FBI through the National Security Letter (“NSL”) statutes. None of these laws are new. The Patriot Act is now 12 years old. FISA turned 35 this year, and the ECPA is 27 years old.

Contractor Snowden’s leaks appear to be related to FISC orders, the secret court authorized by FISA that may issue orders for the surveillance of non-US citizens without their knowledge.

The ECPA came about to give early email users comfort that their mail providers wouldn’t just turn over their email to anyone who might ask. In defense of the ECPA, it requires law enforcement to get subpoenas, search warrants or court orders through normal channels. It also requires the provider to get customer consent to disclose the contents of their communications, but not for disclosure of customer account information.

NSLs have a history of abuse by the FBI and have suffered repeated constitutional challenges with the latest adverse court ruling just in March of this year. A US District Court judge declared the entire statute unconstitutional and told the FBI to stop issuing them. However, in a remarkable reversal a few weeks ago, the same judge ordered Google to turn over most of the requested user information anyway, pending a ruling from the 9th Circuit Court. Stay tuned on the status of NSLs.

So what’s eating Snowden? Has surveillance activity under these laws spiked? Due to the secrecy requirements, we, the general public, get only an annual report on numbers of FISC orders and NSL authorizations. On Monday, The Daily Show reported to outraged laughter that FISC had issued 1788 orders last year. But that’s not the half of it. The FBI issued 15,229 NSLs pertaining to 6,223 different US personsnot including requests for subscriber information only. While this may be shocking, the reality is that the numbers of FISC orders have been reasonably consistent since 9/11, and the number of reported NSLs has dropped 50-70% during the Obama administration.

In the end, what does this mean to a cloud company that gets a law enforcement demand to turn over customer information?

  • A subpoena, search warrant or court order issued under the ECPA may or may not require notifying the customer and getting the customer’s consent prior to disclosure. Make sure it’s validly issued and get consent if necessary before complying. If you follow the law, the ECPA provides you immunity from actions claiming improper disclosure.
  • Check your customer contracts including any confidentiality agreements. It’s common to agree to notify the customer, if allowed by law, prior to disclosing any customer information so that the customer may seek to limit or deny the request. The ECPA doesn’t require secrecy. FISA and NSL authorizations typically do.
  • A FISC order is secret and literally would take an act of Congress to change. However, in 2008 FISA was amended to give immunity to communications providers who follow the law. Now do you understand PRISM?
  • It’s unclear if NSLs are still being issued during the appeal of the Google case, but any NSL bears careful scrutiny before complying. In addition, there is no immunity for communications providers under the NSL statutes.

By Cindy Wolf

(Image Source: Shutterstock)

Cindy Wolf

Cindy Wolf is a Colorado lawyer with more than 25 years experience representing large and small domestic and multinational companies. Her expertise is in helping companies enter the cloud safely, either as providers or users. She also practices in the areas of corporate law and commercial contracting, with an emphasis on international issues. She can be reached at cindy@cindywolf.com.

(*Note - This publication is provided for informational purposes only. It does not constitute legal advice. There is no implicit guarantee that this information is correct, complete, or up to date. This publication is not intended to and does not create an attorney-client relationship between you and the author...)

Latest posts by Cindy Wolf (see all)

Sorry, comments are closed for this post.

Recent

Beyond Gaming: Three Practical Applications For Oculus Rift

Beyond Gaming: Three Practical Applications For Oculus Rift

Three Practical Applications For Oculus Rift  Since the announcement of the Oculus Rift in 2012 gamers and game developers alike have been frenzied trying to both get their hands on the unit or build their own proprietary VR machine. The VR gold rush has since lead to the announcement of Project Morpheus from Sony and…

The Lighter Side Of The Cloud – Due Diligence

The Lighter Side Of The Cloud – Due Diligence

By David Fletcher Please support our comics by sharing, licensing or visiting our cloud sponsors (Below). Your support goes a long way in allowing us to continue to produce our lighthearted comics each week.   About Latest Posts Cindy WolfCindy Wolf is a Colorado lawyer with more than 25 years experience representing large and small…

Popular

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter The city of the future is impeccably documented. Sensors are used to measure air quality, traffic patterns, and crowd movement. Emerging neighborhoods are quickly recognized, public safety threats are found via social networks, and emergencies are dealt with quicklier. Crowdsourcing reduces commuting times, provides people with better transportation…

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring One of the hottest topics in Information and Communication Technology (ICT) is the Internet of Things (IOT). According to the report of International Telecommunication Union (2012), “the Internet of things can be perceived as a vision with technological and societal implications. It is considered as a…

Cloud Infographic – The Internet Of Things In 2020

Cloud Infographic – The Internet Of Things In 2020

The Internet Of Things In 2020 The growing interest in the Internet of Things is amongst us and there is much discussion. Attached is an archived but still relevant infographic by Intel which has produced a memorizing snapshot at how the number of connected devices have exploded since the birth of the Internet and PC.…

Cloud Computing Services Perfect For Your Startup

Cloud Computing Services Perfect For Your Startup

Cloud Computing Services Perfect For Your Startup Chances are if you’re working for a startup or smaller company, you don’t have a robust IT department. You’d be lucky to even have a couple IT specialists. It’s not that smaller companies are ignoring the value and importance of IT, but with limited resources, they can’t afford…

The Cloud In 2015: Eight Trends To Look For

The Cloud In 2015: Eight Trends To Look For

The Cloud In 2015 For organizations of all sizes, in 2014 the cloud emerged as a critical part of the default consideration set when implementing any new application – in large part due to the cloud’s proven ability to handle data storage and processing demands in an elastic manner, improved verifiable standards around data security and…

Sponsored Posts

The Value of Hybrid Cloud

The Value of Hybrid Cloud

The Value of Hybrid Cloud As the “cloud” continues to exert its dominance as the IT technology of the day, the question for many companies focuses on what type of cloud to choose: public, private, or a combination of the two, known as hybrid. Each has its advantages. Private cloud – owned and maintained by…

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising