Your data in the Cloud is not secure from the US Government

Data stor­age in the cloud is clear­ly the where things are mov­ing just now. Giv­en the pletho­ra of devices peo­ple have — com­put­ers at home, lap­tops and tablets on the move, smart­phones in the pock­et, it makes per­fect sense for all of a person’s devices to use a sin­gle, com­mon repos­i­to­ry for shared infor­ma­tion. Ser­vices such as Apple’s forth­com­ing iCloud at the domes­tic lev­el, and commonly–used ser­vices such as Google’s Google Apps, Salesforce.com and Microsoft’s Office 365 all store your data in their own clouds.

You’d think that this would be done with respect to Data Pro­tec­tion laws. Wrong. If the USA wants your data, the USA gets it. My friends Simon Bis­son and Mary Branscombe have the details: regard­less of Euro­pean pri­va­cy direc­tives and the UK Data pro­tec­tion act, the US see the PATRIOT act over­rid­ing these for US com­pa­nies and EU sub­sidiaries of US com­pa­nies:

That means that US gov­ern­ment can (under the aus­pices of the act) request the data of any indi­vid­ual or com­pa­ny that’s using US-owned or host­ed ser­vices, no mat­ter where that data is actu­al­ly being held. It doesn’t mat­ter if you’ve geo-locked your data, and it only resides in Euro­pean data cen­tres, it can still be req­ui­si­tioned and tak­en to the US. Yes, it’s an issue of nation­al secu­ri­ty, but when results can be found by machine learn­ing and trawl­ing mas­sive data sets (the larg­er the bet­ter), there’s a temp­ta­tion for gov­ern­ments to take all they can and more.

Undoubt­ed­ly this will lead to much hand–wringing in the EU Par­lia­ment. How­ev­er, what can be done? It is unlike­ly that the USA will give up their pow­ers.

There­fore, the only solu­tion is in the hands of indi­vid­u­als and com­pa­nies wish­ing to use cloud ser­vices — only use cloud ser­vices from wholly–EU–owned com­pa­nies host­ing your data inside the EU. While the legal pro­tec­tions you will have in those cir­cum­stances are not huge, they are bet­ter than none at all.

Oh — an after­thought. How hap­py do you now feel, if per­haps you have just giv­en a whole heap of your per­son­al infor­ma­tion to Google, dur­ing the Google Plus sign–up process?

Leave a Reply

Your email address will not be published. Required fields are marked *