The Macrosite for News, Analysis and Opinion about the Future of the Internet
George Taylor

Surveillance Threatens Cloud's Future

Written by George Taylor
3/12/2013 15 comments
no ratings
DISCUSS     Email This

In December, President Barack Obama signed the renewal of the Foreign Intelligence Surveillance Act Amendment Act (FAA), and quietly started a whole new chapter in the story of the cloud.

The FAA allows interception of cross-border electronic communications between foreign agencies and any US citizen where criminal or terrorist intent is suspected. Originally enacted in 1978 as the Foreign Intelligence Surveillance Act (FISA), it was first amended by the FAA in July 2008.

The renewal in 2012 raised little interest other than from civil liberties organizations claiming the "FAA is unconstitutional." However, the 2008 FAA contained a virtually unnoticeable amendment, which was renewed in 2012. It simply included the words "remote computing services" in the FISA definition of "an electronic communication service provider."

With one pen stroke, this extended the scope of surveillance under the Act beyond interception of communications to include any data held on public cloud servers under US jurisdiction. And the Patriot Act of 2001 just happens to extend that jurisdiction to the servers of US cloud suppliers anywhere in the world.

If this was purely related to criminal or terrorist investigation, it might pass unnoticed. However, definitions within the FAA also make it lawful to conduct political surveillance on foreigners' data held in US clouds. Any data belonging to a non-US individual or organization stored on a cloud server under US jurisdiction is effectively owned by US intelligence agencies.

European data on US-owned servers is simultaneously subject to the FAA and to European data protection law. One authorizes access to the data; the other forbids it. Policymakers in the UK and Europe appeared to be unaware of the impasse, possibly until 2011.

The European Union represents a sizable market for U.S. managed and cloud service providers, a market that lawmakers could be closing. (Source: Wikia)
The European Union represents a sizable market for U.S. managed and cloud service providers, a market that lawmakers could be closing.
(Source: Wikia)

In 2008, the cloud was still at the concept stage. Amazon Web Drive and Apple iDrive only launched in 2011, and Google Drive in 2012. Whoever thought up and inserted that tiny amendment in 2008 certainly had no idea of its impact. And it's unlikely that either the House or the Senate noticed or debated it. But there it is -- and there it will probably stay.

Intelligence agencies and data are like Gollum and the Ruling Ring. Once their hands on it, they are not going to let go without a fight, and no one in the US or Europe is looking for that fight. Except maybe Amazon, or Google, or Apple, or maybe Microsoft, whose global cloud business is being put at risk.

The renewal of the FAA has at last registered on public consciousness on the other side of the Pond, helped by the release of an EU report, "Fighting Cyber Crime and Protecting Privacy in the Cloud," which concludes "that the EU is not addressing properly an irrevocable loss of data sovereignty," a loss which the report considers a greater threat than the cyber crime against which the EU's efforts are largely directed.

There has been some reaction. In September 2011, the Netherlands government excluded US cloud providers from government IT contracts, while in 2012, BAE, the major British defense contractor, backed out of plans to use Microsoft cloud-based services, citing fears that critical national defense secrets could go astray.

Now there are calls from all parties in the UK for restrictions on the use of US cloud providers.

In December, CBS quoted Brian Cunningham, a privacy and data protection lawyer who worked as a legal adviser under President George W. Bush, as saying "governments and institutions ... should, at least for now, stick to storing their own data or, perhaps, implementing national cloud solutions with robust privacy and security protections."

In the absence of any international forum in which the legal conundrums can be resolved, (the US does not recognize the International Court of The Hague), it looks as if the outcome will be a retreat behind national boundaries -- national interest fracturing the idea of the cloud, in the same way that it threatens to fracture the Internet itself.

Internet-based technological developments have (again) made monkeys of our legislators and emphasized the need for new legal processes and concepts at national and supra-national levels. Otherwise, the Net cannot evolve, and may simply become another international battleground.

Related posts:

— George Taylor worked in IT in both the public and private sectors for more than 20 years. He is a Subject of the Crown.

DISCUSS     Email This
Current display:       newest comments first       display in chronological order
Page 1 of 2   Next >
slfisher
Thinkernetter
Saturday March 30, 2013 8:05:53 PM
no ratings

there's already plenty of non-US companies that won't allow their data to be stored on clouds in the U.S. or owned by US companies because of the data sovereignty issue. If this starts happening with every country, basically we'll have each company limited to its own country to store data -- unless you end up with some digital Monacos (like Iceland is trying to be, IIRC) that refuse to give information to anybody.

dcawrey
IQ Crew
Tuesday March 19, 2013 8:58:30 AM
no ratings

I don't think that Amazon, Google, Apple or Microsoft will be putting up a fight against cloud surveillance. We can already see with Google's transparency index that the number of requests are going up, yet I don't see how the company can do anything about it. 

When you think about it, there's a strange scenario going on here. These companies have no choice but to comply because it is now part of their standard operating procedure. They can sue, but that can get wrangled up in court for years. Really, what can these companies do?

Tobyd
IQ Crew
Saturday March 16, 2013 1:03:03 PM
no ratings
So that is an interesting question. There are standards which appear to prohibit housing the data where it is subject to the sort of privacy violations which the patriot act stipulates. However so far it remains all a bit vague so no one wants to take a risk on it.
George Taylor
Thinkernetter
Friday March 15, 2013 11:31:48 AM
no ratings

Disturbing thought Tobyd.  If local governement are ahead of Whitehall on this, it could mean that our all-wise leaders are paralysed with fear of upsetting the "special relationship".  Does not bode well.

Kim Davis
Thinkernetter
Thursday March 14, 2013 12:37:09 PM
no ratings

Toby, is that a unilateral decision by the client, or are there government guidelines which which the vendor doesn't comply.

There are cloud security guidelines in the US for federal agencies looking for vendors, but I don't believe they're mandatory.

Tobyd
IQ Crew
Thursday March 14, 2013 5:50:44 AM
no ratings

Here in the UK a local government client of mine has already advised me they will not consider using a large vendor of SAAS and IAAS for the very reasons described in your article. It is a big piece of business that will NOT be awarded to a US based firm even though they have good products on offer. Some big guns need to take this one up to the hill.

Michael P. Kassner
Thinkernetter
Wednesday March 13, 2013 5:21:53 PM
no ratings

I felt the same way, but the further I got into it, I began wondering where the oversight was -- particularly companies not being held to any kind of regulation. 

Kim Davis
Thinkernetter
Wednesday March 13, 2013 4:49:01 PM
no ratings

That's an excellent piece on CISPA, Michael.  I had been inclined to think there was a lot of scare-mongering going on, but it's given me food for thought.

Kim Davis
Thinkernetter
Wednesday March 13, 2013 4:46:35 PM
no ratings

Who will protect our privacy from the government?

That's where the checks and balances are supposed to come in.

Kurtkeys
IQ Crew
Tuesday March 12, 2013 6:31:58 PM
no ratings

c'est la guerre

Page 1 of 2   Next >
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
previous posts from George Taylor
George Taylor
George Taylor   5/20/2013   10 comments
Has China stolen a march on the West, developing an Internet architecture that is not only based on IPv6, but is also inherently secure from both internal and external attack?
George Taylor
George Taylor   3/28/2013   25 comments
Civil libertarians are loudly protesting Congress's renewed deliberations of the Cyber Intelligence Sharing and Protection Act (CISPA). The bill is intended to facilitate sharing cyberthreat information between government and the private sector to protect the nation from cyberattack.
George Taylor
George Taylor   2/7/2013   29 comments
A new generation of start-up enterprises has arrived in the business world. Riding a crest of maturing technologies, they are deploying new business funding and models in their mission to turn big-data into big-money.
George Taylor
George Taylor   11/5/2012   19 comments
Having established their alpha-male credentials on their own ground, Amazon and Rakuten Ichiba, Japan's top Internet trader, are beginning to tread on each other's toes.
5
of
Beau Brendler
Terrorism Expert Says US Gave Away Stuxnet Tech
4|4|12   |   3:29   |   9 comments

US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Ann Cavoukian
Privacy Is Everyone's Responsibility
11|1|11   |   4:01   |   17 comments

Ontario's privacy commissioner offers advice to businesses and users for protecting privacy online.
Wisdom of the Big Chair
IT Losing the Security Battle
1|7|13   |   3:15   |   No comments

ITRC found that more than 600 security breaches took place in 2012. Flaws were found in some of the nation's most respected companies: Apple, Citibank, and Wells Fargo. So, it seems the bad guys are doing better than the men in the white hats.
Second Shooter
Cisco & Linksys: A Problem at the Edge
1|4|13   |   2:15   |   No comments

Cisco's rumored sale of Linksys suggests we may have problem with innovation and profit at the edge of our Internet, and that could be critical to the evolution of many Internet-delivered services.
Mary E. Shacklett
Watch Your Business Secrets on Multi-Tenant Clouds
11|26|12   |   1:56   |   1 comment

Multi-tenant clouds assure security for clients, but not necessarily for their ideas. Here's one thing you should discuss with your cloud provider before you sign on.
Second Shooter
US at Risk of Internet Leadership Loss
11|6|12   |   2:07   |   No comments

The new Network Functions Virtualization (NFV) initiative of operators is being run out of Europe's ETSI and not here in the United States, even though the issues have been here for five years. The US needs to step up; otherwise, it's surrendering leadership.
Mitch Wagner
A Humbling Lesson From Libya on Why IT Matters
9|17|12   |   3:09   |   5 comments

Sean Smith, a US Foreign Service IT manager, gave his life in service of his country and the world. His life and death are a humbling example for all of us who work in IT.
Kim Davis
Assange's Day of Reckoning Approaches
5|31|12   |   2:48   |   21 comments

Whether it be sexual assault charges in Sweden or espionage charges in the United States, Julian Assange will one day have to face the music.
Mary E. Shacklett
Law Will Define Next-Gen Privacy
4|25|12   |   1:48   |   7 comments

The plan for unmanned police drones to patrol traffic and other city conditions in Seattle has sparked a new set of legal concerns about privacy. Law traditionally lags technology, but we can expect now to see a new round of activity in the courts as legal definitions begin to emerge on what "next-gen privacy" will look like.
Rachel Schiff
Multnomah County: Migration & Blogging
4|9|12   |   1:15   |   2 comments

Multnomah County's Web content specialist discusses migration and communication on the Multco Commons project.
IETV: the thinkerNet on film
5
of
Kim Davis
Big-Data Can’t Always Sell Wine
5|21|13   |   2:23   |   4 comments

Whole Foods Global Wine Purchaser Doug Bell told me about some of the constraints on using analytics in the US wine market.
Paul J. Fleuranges
Digital Signage Keeps NYC Subway Straphangers on Track
5|6|13   |   3:51   |   No comments

New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
Kim Davis
Fast Forward to the Future
4|23|13   |   2:29   |   20 comments

A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
Mitch Wagner
Google Launches Its Most Depressing Service Yet
4|15|13   |   2:59   |   10 comments

Google's new Inactive Account Manager lets you control how Google disposes of your accounts when you die.
Second Shooter
Argument Over Top-Level Domains Is 'Stupid'
4|11|13   |   2:07   |   3 comments

The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Kim Davis
Ladies, Your Tablet Awaits
3|21|13   |   2:22   |   37 comments

ePad Femme is the world’s first tablet “made exclusively for women.”
Wisdom of the Big Chair
NFC Moves Into the Mainstream
3|20|13   |   2:16   |   No comments

While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Brian Baron
How Edmunds.com Collects Customer Information
3|18|13   |   1:15   |   No comments

Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Brian Baron
How Edmunds.com Uses Analytics to Customize Site
3|14|13   |   0:47   |   No comments

The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
an IBM information resource
sponsored content
big blue blog
Todd Watson
an IBM information resource
sponsored content
Expert Integrated Systems: Changing the Experience & Economics of IT
In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator.
READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!
REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com
Internet Evolution – not for thickies
Keep Critical Data With a Knowledge Management System
Taimoor Zubair
Fortune 500 companies lose at least $31.5 billion a year by failing to share knowledge. A Knowledge Management System (KMS) can help companies significantly reduce these costs.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
Is Your Site .Com or .Irrelevant?
Dan Cypra
Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
CLICK FOR MORE
IT Helps Companies Find the Water
Matt Heusser
I've been writing about how the next evolution of the Internet might just be an advertising revolution, and how corporate IT can stay involved as the enablers and providers of the technologies that make this possible.
CLICK FOR MORE
Is Your Site .Com or .Irrelevant?
Dan Cypra
Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
Is Your Site .Com or .Irrelevant?
Dan Cypra
Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
CLICK FOR MORE