Data surveillance puzzle remains unsolved
Yet more transparency in data collection is needed to support cloud computing, warns Paige Leidig
Ed Snowden's revelations of government surveillance into ordinary citizens' and companies' internet use and communications have become a staple of the news headlines. But so far, governments have seemed unwilling to compromise on how much of our data they feel entitled to see.
It seems as if that might be changing now. Last month the Obama administration said it had agreed to allow technology companies more freedom to disclose government requests to them for information.
The Wall Street Journal reported that the agreement, negotiated between US deputy attorney general James Cole and the Google, Yahoo, Facebook, Microsoft and Apple legal teams, will allow disclosure of the numbers of data requests they receive from the Foreign Intelligence Court and the FBI, in increments of 1,000 or, in a modified option, increments of 250.
Companies may also give estimates of how many customer accounts have been affected by the reported requests. This could help companies fight against the perception that huge numbers of customers may be affected by government surveillance practices.
Under the terms of this agreement, Apple disclosed that it had received up to 249 national security orders in 2013's first half, affecting a similar number of customer accounts.
But its business may not rely on collecting large amounts of personal data about customers – Google, Yahoo, Facebook and Microsoft collect far more information thanks to their extensive cloud email and communication applications.
The agreement fails to go far enough. Knowing that your cloud provider has received 1,000 requests for information is one thing, but what are the requests for, and whom do they target?
That said, a move towards transparency is a positive step. One of the most damaging effects of the Snowden revelations is that it has reinforced views that vast numbers of internet users are being spied on.
That perception could continue to damage cloud companies, tarnishing all of them with the same brush. Perhaps concrete figures could help dispel that perception, giving customers more visibility into the risks of cloud services and helping them make better-informed decisions.
But what is an acceptable threshold for government requests? Customers and the market will both demand more detailed information before they can feel comfortable with cloud.
Unfortunately, it may be some time before we are given that information, if ever. Meanwhile, the cloud is here to stay, and government spying or not, financial services and other businesses that decide to avoid cloud may find themselves falling behind their competitors in terms of business agility and operating expenses.
That is why added cloud information protection is necessary. If data is encrypted before it even enters the cloud and businesses retain exclusive control of the encryption keys, government surveillance may become much less of a threat.
Government agencies might get their hands on your customers' data, but they would be less likely to be able to read it without your customers' knowledge and consent.
Paige Leidig is senior vice president at CipherCloud