Servers

The cloud is getting more secure, except from the government

Cloud computing is poised to be the next "disruptive technology" on the scene. It's a powerful concept, but the price may be your privacy. A little known provision of federal law allows officials to snoop into data stored at an ISP without taking the trouble of narrowly scoped warrants based on probable cause presented to a judge.

Cloud computing is poised to be the next "disruptive technology" on the scene. It certainly has the potential to give a lot of power to companies big and small, power that is far too expensive for smaller companies to afford on their own. High availability, virtually unlimited storage space, and scalable processing power are premiums that enterprise-class organizations have the resources to implement, but small and medium-sized businesses simply do not have the money for redundant systems, massive SAN systems, and separate servers for every application. The cloud aims to make these services available to anyone willing to pay a reasonable fee.

Will Cloud Computing Transform IT? (Seattle Post Intelligencer)

One major improvement in the cloud is the recent addition of SSL security for Gmail accounts, which has not been widely reported but removes a major obstacle to businesses that want to outsource their e-mail. However, the cloud is not only for smaller businesses, Amazon reports that:

...the biggest customers in both number and amount of computing resources consumed are divisions of banks, pharmaceuticals companies and other large corporations who try AWS once for a temporary project, and then get hooked.

Unfortunately, there is a major price for these services, as a little-known provision of federal law allows officials to snoop into data stored at an ISP without taking the trouble of narrowly scoped warrants based on probable cause presented to a judge. Current rules allow a "general warrant" based on "reasonable grounds to believe" (a far lower standard than "probable cause") that a suspect may be involved in illegal activity.

Why You Should Turn Gmail’s SSL Feature On Now (Webmonkey)

Cloud Computing - Predominantly an IT Operation Outsourcing Trend (Eclipse Developer's Journal)

Get Off My Cloud (Security Focus)

I am an unapologetic supporter of the cloud concept. I believe that the cloud holds the potential to transform many industries in dramatic ways, most notably the small business. As usual for me, though, I do have serious reservations about the security of my data. Until today, I was mostly worried about the security of my connection to Gmail and other cloud services, but now I am just as worried about the government's ability to look at my e-mail without even having to tell me that they are looking. So, though I do support the concept of the cloud, in practice it will have to wait until I can trust that my business data is safe from all prying eyes. What is your opinion of the cloud?

16 comments
GreyTech
GreyTech

All the comments so far seem to assume that all the cloud computing will be nationally based. I work in the UK, do I have to consider which government might have access to my data. Does Google store my data in the UK or USA or Australia or Taiwan? How can I tell. Neon Samurai perhaps had it right by considering business cloud computing for business, but isn't this just going back to the old Mainframe Computing approach? There is a case for some applications to be of that nature but many need to be at a personal or departmental control level.

Neon Samurai
Neon Samurai

That was one of the first thoughts I had about Cloud when it first started to be the hip term. "but, are we not just returning to the mainframe and thin/dump terminal model again?" But it's all branding and rebranding. Calling it mainframe/terminal or centralized computing isn't nearly as cool and new sounding as "The Cloud". (now why does the imperial march play though my head every time I see that term..)

seanferd
seanferd

IBM is saying the mainframe is back, again. :D OK, ads, not news.

mickey
mickey

It was sad when the 1st hacker forced law enforcement into the mix. When the Bush administration started violating the Constitution and Bill of Rights it became intolorable. It is trully a sad day though when we need protection from the law enforcement agencies themselves.

Tony Hopkinson
Tony Hopkinson

Can't remember the exact date, but it was when Ug the chief, made his son Ugson sheriff. You do know it's your belief in law that's being used to manipulate you?

santeewelding
santeewelding

Think free-for-all and noble savage. Loosen your tie. You look uncomfortable.

Andy J. Moon
Andy J. Moon

I am extremely uncomfortable with rules that allow the government to bypass longstanding rules regarding warrants and probable cause when investigating crimes. My personal data is one thing, I mean who is really going to sift through my spam in order to find out which cat pictures from icanhascheezburger.com I think my wife will think are cute. Business data, however, needs to be safe from any prying eyes. There are reasons that government officials are required to follow onerous procedures to pry into our lives. There should be probable cause to get a warrant from an impartial judge before anyone should be able to go through data, even if it is in the cloud. What do you think?

santeewelding
santeewelding

That cloud of hackers maligned as crackers may yet serve as indispensable allies in the biggest fight of all. One may have to become one.

Neon Samurai
Neon Samurai

For personal use, The Cloud is not an option. I prefer to keep some delusion of privacy and security. For business use, in a business network hosted cloud not open to the outside network; absultely. It's there data in the first place and storing it along with business apps in an application server makes as much sense now as it has since the the start of shared systems. It's nothing new beyond rebranding but it's still a good consideration for a business.

seanferd
seanferd

not open to the outside network Government and business network engineers, prick up your ears.

seanferd
seanferd

The government should need to follow onerous procedures whenever it wants to look at something that doesn't belong to it. Since it is already tapping the tubes, why should it have to be any easier for it to look through neatly stored files? There are some things I don't like about The Cloud. One, it needs to be operating at five nines or better to even be a consideration. There has been a respectable amount of failure to do this over the past year. Two, I don't want to see The Cloud evolve to the point that it is the only way to do things. I like having a desktop box, with local storage, and the ability to do what I want with my hardware and software. I can see the return of the internet appliance, with no market to support the production of actual computers available for purchase by the average consumer. It may be a long way off, or it may not, but I won't like it one bit. Three, privacy and security need to be pretty darn absolute, free from meddling busybodies, criminals, and governments. Good article, by the way. :)

JohnMcGrew
JohnMcGrew

...doesn't mean they're not out to get you! The "Cloud" really is big-government's wet dream. Imagine, no more need to bother judges for warrants, or even travel to a site to find and collect hardware and then do digital forensics to pull hidden or encrypted data. Everything they might want on anyone is a few keystrokes away.

seanferd
seanferd

Paranoid, cynical, or just accustomed to disappointment, the reality is that there are so many ways for it to fail. Snoop Gov, being all the rage that it is, has the potential to make oh so many things fail for anyone concerned with their basic rights and privacy. It's the trumped-up half of the Cold War all over again. I'd love to be shocked and awed by seeing The Cloud become more useful, without over-reaching, and without invasion of privacy from any vector, including the governments.

boxfiddler
boxfiddler

and I agree with you re: all three points. The notion that my business/personal data is secure outside my personal purview is nonsensical. My responsibilities belong within my aegis. Your number two is of particular interest, in that should the dumb terminal become the standard, yet another layer of dependency is added to the already cumbersome layers currently in place. What happens when the road crew cuts a necessary cable? How many are cut off from that which sustains them? While external communications failure occurs in either circumstance, where data is maintained onsite, it is at least still available allowing any number of internal functions to continue. Not so if it's all 'in the cloud'. Nothing to add to number three. Concise, self-explanatory. Clouds - here today, gone tomorrow.

seanferd
seanferd

Now I feel that I need to be convinced that it isn't. Dreading severe weather, hoping for sun. Where do DNSSEC and IPv6 fit in here? The Cloud and RIA are going to be depending on better and expanding network. ISPs can be mysteriously cranky. Malware, ...ugh. Web 2.0 stuff depends on the tubes to run at five nines as well. Keeping my fingers crossed.

Editor's Picks