Your data in the Cloud is not secure from the US Government

Data stor­age in the cloud is clear­ly the where things are mov­ing just now. Giv­en the pletho­ra of devices peo­ple have — com­put­ers at home, lap­tops and tablets on the move, smart­phones in the pock­et, it makes per­fect sense for all of a per­son­’s devices to use a sin­gle, com­mon repos­i­to­ry for shared infor­ma­tion. Ser­vices such as Apple’s forth­com­ing iCloud at the domes­tic lev­el, and commonly–used ser­vices such as Google’s Google Apps, and Microsoft­’s Office 365 all store your data in their own clouds.

You’d think that this would be done with respect to Data Pro­tec­tion laws. Wrong. If the USA wants your data, the USA gets it. My friends Simon Bis­son and Mary Branscombe have the details: regard­less of Euro­pean pri­va­cy direc­tives and the UK Data pro­tec­tion act, the US see the PATRIOT act over­rid­ing these for US com­pa­nies and EU sub­sidiaries of US com­pa­nies:

That means that US gov­ern­ment can (under the aus­pices of the act) request the data of any indi­vid­ual or com­pa­ny that’s using US-owned or host­ed ser­vices, no mat­ter where that data is actu­al­ly being held. It does­n’t mat­ter if you’ve geo-locked your data, and it only resides in Euro­pean data cen­tres, it can still be req­ui­si­tioned and tak­en to the US. Yes, it’s an issue of nation­al secu­ri­ty, but when results can be found by machine learn­ing and trawl­ing mas­sive data sets (the larg­er the bet­ter), there’s a temp­ta­tion for gov­ern­ments to take all they can and more.

Undoubt­ed­ly this will lead to much hand–wringing in the EU Par­lia­ment. How­ev­er, what can be done? It is unlike­ly that the USA will give up their pow­ers.

There­fore, the only solu­tion is in the hands of indi­vid­u­als and com­pa­nies wish­ing to use cloud ser­vices — only use cloud ser­vices from wholly–EU–owned com­pa­nies host­ing your data inside the EU. While the legal pro­tec­tions you will have in those cir­cum­stances are not huge, they are bet­ter than none at all.

Oh — an after­thought. How hap­py do you now feel, if per­haps you have just giv­en a whole heap of your per­son­al infor­ma­tion to Google, dur­ing the Google Plus sign–up process?

Leave a Reply

Your email address will not be published. Required fields are marked *