Government Intrusion Into The Cloud

Government Intrusion Into The Cloud

Government Intrusion Into The Cloud

The latest revelations about our government’s surveillance of “telephony metadata” is a scandal for some but a yawner for most Americans. 56% said they didn’t mind as long as the information was being used to catch terrorists. The thing is that while Contractor Snowden named names: PRISM, Microsoft, Verizon, Google, he didn’t tell us anything that hasn’t been in the press for years – even decades.

privacy-government

But, what if you run a cloud service, communications network or even an email server, and receive a government demand for customer data? Can you tell your customers? Should you? What is your risk is as a provider?

There are several avenues for the government to access your customers’ electronic records. Ironically, two of them are “privacy” laws designed to put some restraints around law enforcement and the intelligence community: the Foreign Intelligence Surveillance Act (“FISA”) and the Electronic Communications Privacy Act (“ECPA”). But it was the Patriot Act that really boosted electronic surveillance by the FBI through the National Security Letter (“NSL”) statutes. None of these laws are new. The Patriot Act is now 12 years old. FISA turned 35 this year, and the ECPA is 27 years old.

Contractor Snowden’s leaks appear to be related to FISC orders, the secret court authorized by FISA that may issue orders for the surveillance of non-US citizens without their knowledge.

The ECPA came about to give early email users comfort that their mail providers wouldn’t just turn over their email to anyone who might ask. In defense of the ECPA, it requires law enforcement to get subpoenas, search warrants or court orders through normal channels. It also requires the provider to get customer consent to disclose the contents of their communications, but not for disclosure of customer account information.

NSLs have a history of abuse by the FBI and have suffered repeated constitutional challenges with the latest adverse court ruling just in March of this year. A US District Court judge declared the entire statute unconstitutional and told the FBI to stop issuing them. However, in a remarkable reversal a few weeks ago, the same judge ordered Google to turn over most of the requested user information anyway, pending a ruling from the 9th Circuit Court. Stay tuned on the status of NSLs.

So what’s eating Snowden? Has surveillance activity under these laws spiked? Due to the secrecy requirements, we, the general public, get only an annual report on numbers of FISC orders and NSL authorizations. On Monday, The Daily Show reported to outraged laughter that FISC had issued 1788 orders last year. But that’s not the half of it. The FBI issued 15,229 NSLs pertaining to 6,223 different US persons – not including requests for subscriber information only. While this may be shocking, the reality is that the numbers of FISC orders have been reasonably consistent since 9/11, and the number of reported NSLs has dropped 50-70% during the Obama administration.

In the end, what does this mean to a cloud company that gets a law enforcement demand to turn over customer information?

  • A subpoena, search warrant or court order issued under the ECPA may or may not require notifying the customer and getting the customer’s consent prior to disclosure. Make sure it’s validly issued and get consent if necessary before complying. If you follow the law, the ECPA provides you immunity from actions claiming improper disclosure.
  • Check your customer contracts including any confidentiality agreements. It’s common to agree to notify the customer, if allowed by law, prior to disclosing any customer information so that the customer may seek to limit or deny the request. The ECPA doesn’t require secrecy. FISA and NSL authorizations typically do.
  • A FISC order is secret and literally would take an act of Congress to change. However, in 2008 FISA was amended to give immunity to communications providers who follow the law. Now do you understand PRISM?
  • It’s unclear if NSLs are still being issued during the appeal of the Google case, but any NSL bears careful scrutiny before complying. In addition, there is no immunity for communications providers under the NSL statutes.

By Cindy Wolf

(Image Source: Shutterstock)

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
When Sci-Fi Predictions Come To Fruition

When Sci-Fi Predictions Come To Fruition

Evolution of Technologies To paraphrase science fiction author Arthur C. Clark, those who make predictions about the future are either “considered conservative now and mocked later, or mocked now and proved right when they are no longer around to enjoy the acclaim.” The one thing we can be sure about, Clark ventured, is that “[the…

Facebook Hopes To Extend Internet Connectivity With Solar-Powered Drones

Facebook Hopes To Extend Internet Connectivity With Solar-Powered Drones

Facebook Inc (FB.O) said on Thursday it had completed a successful test flight of a solar-powered drone that it hopes will help it extend internet connectivity to every corner of the planet. Aquila, Facebook’s lightweight, high-altitude aircraft, flew at a few thousand feet for 96 minutes in Yuma, Arizona, Chief Executive Mark Zuckerberg wrote in…

When Will Women In Tech Become The Norm?

When Will Women In Tech Become The Norm?

Tech Diversity It is well known that the technology industry has been dominated by men, but it is also clear that the industry is working to change that. Diversity in the tech industry, especially where it applies to women in tech, has been a topic of discussion for years. Recently the Washington Technology Industry Association…

Four Keys For Telecoms Competing In A Digital World

Four Keys For Telecoms Competing In A Digital World

Competing in a Digital World Telecoms, otherwise largely known as Communications Service Providers (CSPs), have traditionally made the lion’s share of their revenue from providing pipes and infrastructure. Now CSPs face increased competition, not so much from each other, but with digital service providers (DSPs) like Netflix, Google, Amazon, Facebook, and Apple, all of whom…

Edtech and Virtual Reality – Exciting Learning Environment

Edtech and Virtual Reality – Exciting Learning Environment

Customizing Edutech Customized edtech learning solutions are becoming more commonplace as the education industry recognises their potential and begins transforming the traditional structures so as to incorporate innovative developments. From textbooks to tablets, chalkboards to virtual reality, edtech promises not only dynamic and exciting learning environments but better learning strategies and solutions. Virtual Reality and…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

5 Ways To Ensure Your Cloud Solution Is Always Operational

5 Ways To Ensure Your Cloud Solution Is Always Operational

Ensure Your Cloud Is Always Operational We have become so accustomed to being online that we take for granted the technological advances that enable us to have instant access to everything and anything on the internet, wherever we are. In fact, it would likely be a little disconcerting if we really mapped out all that…

How You Can Improve Customer Experience With Fast Data Analytics

How You Can Improve Customer Experience With Fast Data Analytics

Fast Data Analytics In today’s constantly connected world, customers expect more than ever before from the companies they do business with. With the emergence of big data, businesses have been able to better meet and exceed customer expectations thanks to analytics and data science. However, the role of data in your business’ success doesn’t end…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

Are CEO’s Missing Out On Big Data’s Big Picture?

Are CEO’s Missing Out On Big Data’s Big Picture?

Big Data’s Big Picture Big data allows marketing and production strategists to see where their efforts are succeeding and where they need some work. With big data analytics, every move you make for your company can be backed by data and analytics. While every business venture involves some level of risk, with big data, that risk…

Why Small Businesses Need A Business Intelligence Dashboard

Why Small Businesses Need A Business Intelligence Dashboard

The Business Intelligence Dashboard As a small business owner you would certainly know the importance of collecting and analyzing data pertaining to your business and transactions. Business Intelligence dashboards allow not only experts but you also to access information generated by analysis of data through a convenient display. Anyone in the company can have access…

12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services Business Intelligence (BI) services have recently seen an explosion of innovation and choices for business owners and entrepreneurs. So many choices, in fact, that many companies aren’t sure which business intelligence company to use. To help offer you a solution, we’ve compiled a list of 12 Business Intelligence companies…

Mobile Connected Technologies – The Future Of The Healthcare Industry

Mobile Connected Technologies – The Future Of The Healthcare Industry

Mobile Connected Technologies Clinics, hospitals, and other healthcare facilities are embracing new mobile technologies in order to be more efficient in their daily tasks. With faster communication and better collaboration, clinicians can spend much less time handling medical devices and more time administering care to their patients. Industry experts are stating that mobile connected technologies…

The Future Of Cybersecurity

The Future Of Cybersecurity

The Future of Cybersecurity In 2013, President Obama issued an Executive Order to protect critical infrastructure by establishing baseline security standards. One year later, the government announced the cybersecurity framework, a voluntary how-to guide to strengthen cybersecurity and meanwhile, the Senate Intelligence Committee voted to approve the Cybersecurity Information Sharing Act (CISA), moving it one…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…