Disturbing Problems with the Cloud and Security
No consensus yet on whether data stored in the cloud is your property
March 22, 2013
In some regards, this post is slightly off topic when it comes to SQL Server. In other regards—specifically those relating to data access, security, and 'snooping'—this is well within the realm of something that organizations with data and SQL Server need to be concerned about.
US Government Secretly Spying on Cloud Computer Users
Bruce Schneier (who's commonly regarded as the 'Chuck Norris' of Security), today published a blog post about how the FBI has been secretly spying on online (and other) activities. And the rub is that they've been doing it without the need to get a warrant. Which would typically involve either a judge evaluating the government's case for wanting to snoop on someone against some sort of review of their previous history, standing in their community, the probability that they might be guilty—and so on. Or, under even BETTER circumstances, the need to acquire a warrant would come with the need to pass all of these details past a grand-jury— a group of 12 citizens who would 'weigh' all of these concerns and then issue a warrant as needed.
Only, the FBI, it turns out, has been routinely side-tracking that whole 'Constitutional Fourth Amendment Thing' and bypassing the need to interact with judges or grand-juries by claiming that 'the sky is falling' and getting National Security Letters (NSLs) instead. And one of the interesting aspects of this whole NSL thing is that these letters also come with a 'gag order' that prevents Telcos, Service Providers, etc., from even disclosing that such a letter was even received. (Though, take a peek at this post PURPORTING to describe how GOOGLE 'tells" this to its customers.)
As Schneier reports, however, it does look (at least for the time-being) that there may be a HOPE of removing NSLs on the basis that a Federal Judge in San Francisco ruled they are riddled with "significant constitutional defects."
The Cause for Alarm
Anyone with a pulse knows that the US Government can just as easily 'spy' on US citizens' content and transactions without a warrant (via) NSLs whether the cloud is involved, or not. Or, in other words, since we're talking about the potential abuse of power here, it's NOT like we're talking about them exposing some sort of weakness or problem with so-called cloud services. Instead, it mostly appears that the aggregation of data by these services helps make it easier for the federal government to try and spy on citizens. (Note to true terrorists and bad-guys: Don't use well-known services and solutions—though, I'm guessing you already KNEW that.)
Instead, the bigger worry here seems to be an increasing trend by bureaucrats, government officials, and judges to misunderstand how the 'cloud' works—to the point where there isn't a solid consensus yet on whether your data stored in the cloud is your property, public property, or something else. Or, as one of the commenters on Bruce Schneier's blog pointed out, Chief Judge Alex Kozinski of the Ninth Circuit Court of Appeals recently noted that, at present, it's not safe to consider ANYTHING put in 'the cloud' as private.
For better context, I recommend watching the specific part of his interview where he discusses how information stored on YOUR machine, YOUR hard drive, and so on, is harder for officials to search/seize—but where there's a grey-area is if it's hosted by a third party—then there's an expectation that you have DISCLOSED that information to that third party.
Tell me that what he's describing about how law enforcement gains access to your data (in the cloud), isn't problematic or disturbing?
About the Author
You May Also Like