Should NSA surveillance influence your business cloud buying decisions?

Moderated by David Gewirtz | November 4, 2013 -- 07:00 GMT (23:00 PST)

Summary: Our IT security experts debate the impact that NSA surveillance revelations can have on your business.

Robin Harris

Robin Harris

Yes

or

No

Larry Seltzer

Larry Seltzer

Best Argument: No

74%
26%

Audience Favored: Yes (74%)

The moderator has delivered a final verdict.

Opening Statements

NSA can reveal business secrets

Robin Harris: This is a no-brainer. You have a fiduciary responsibility to stockholders. You have important business secrets. Cloud computing and storage benefits cannot justify the risks of breaching responsibilities or losing secrets.

Yes, you should encrypt all data before it leaves the site, for any provider. But the analytical capabilities of the NSA can connect webs of people, places and activities to reveal corporate plans.

State sponsored industrial espionage has a long history. If the NSA can read your data, travel itineraries, meeting notes, bank statements and research data so can other intelligence services. NSA backdoors have made the Internet less secure for everyone.

Bottom line: if the NSA can steal your data so can others. NSA analysts can be corrupted. By demanding that cloud providers secure their services against the NSA you help insure your security against other intelligence and nonstate actors.

And don't forget to lobby your Congressmen to get the NSA under control.

Blocking NSA is easy: Just lock your doors

Larry Seltzer: So now you've got the NSA to worry about too? No question about it, you have to assume they may come after the data in your cloud too. What should you do about it? Nothing special. Just keep doing the things you should be doing anyway.

In just about every case of sneaky and sophisticated NSA hacking we've heard of, the Agency was exploiting the failure of their target to employ some best practice. Consider the latest new about Yahoo! and Google: Even data over private lines between two private facilities should be encrypted.

But this stuff is complicated and can be expensive, even for Google, so if the NSA wants to get you they probably can. And if you fail at the level Google failed, nobody has any good reason to get that mad at you for it.

Talkback

25 comments
Log in or register to join the discussion
  • It's certainly having an effect on businesses and the intenet.

    "Should NSA surveillance influence your business cloud buying decisions?"

    It's certainly having an effect on businesses and the internet. Lavabit shut down, so did Groklaw (IMO one of the best legal resources in the tech world).

    It's not really down to if it "should" affect your business anymore; there's the real chance that it *will* affect your business, whether you like it or not.

    If there are more cloud provider shutdowns similar to Lavabit, it will very much affect your cloud buying decisions.

    And if the NSA has problems with moles, or if there are any more Snowden-style incidents, you may have an issue with breaches in your data. It's a risk.
    CobraA1
    Reply 9 Votes I'm Undecided
    • Snowden-style incident

      While I'm quite certain that Snowden doesn't have anything on me in which the Chinese or Russian intelligence services would be interested, it should give people pause that those were the countries he fled to. Snowden may not have given anything to China (and he denies doing so), but I'd be very surprised if President Putin (a veteran spook himself) didn't insist that Snowden be *thoroughly* interrogated by a pair of FSB agents (who had better be happy with the answers) before he was granted asylum in Russia.
      John L. Ries
      Reply 12 Votes I'm Undecided
      • No room for patriots in this nation anymore.

        The only reason Snowden had to flee to Russia is because our fascist government wanted to hunt him down like a dog to silence him. So, it's their own fault if secrets end up in the hands of the Russians. A true patriot doesn't just follow orders when he knows something is morally wrong. Snowden stood up against our tyrannical, oppressive government and shed light on some of their many illegal and immoral activities. This is the same type of thing our founding fathers did when they rose up against immoral tyranny to form a new nation. If our founding fathers acted like that today, they'd be labeled "terrorists," hunted like animals, and thrown in Guantanamo permanently. Snowden is far less evil than anyone currently sitting in Washington. He sacrificed everything he had to do what was right. Heck, I'd vote for Snowden for President, except I know the CIA would assassinate him within days/weeks of taking office.
        BillDem
        Reply 10 Votes I'm Undecided
        • So again...

          ...what should the rules be regarding the handling of "state secrets"? Or should there be any at all?

          Unfortunately, professional revolutionaries are notoriously intolerant of dissent, so I'm highly unlikely to trust any of them (that and I strongly disagree with the programs they normally support as unworkable or just plain wrong-headed). So what we really need are more proactive and well informed citizens who can distinguish between news, entertainment, and propaganda (and one should always start with oneself).

          I figure that if the revolution you seem to want happens, that I won't be a free man very long.
          John L. Ries
          Reply 8 Votes I'm Undecided
    • Snowden apparently did it for free...

      but if a deep pocket company wishes to attain data on their competition they can now buy their way in. As if regular industrial espionage wasn't enough to worry about.
      Andrej Petelin
      Reply 7 Votes I'm Undecided
  • And I'd like to put this out there.

    And I'd like to put this out there. Groklaw did an excellent writeup on why we really need to be concerned about this, right before it was shut down.

    http://www.groklaw.net/article.php?story=20130818120421175
    CobraA1
    Reply 20 Votes I'm Undecided
  • If they wanted your data, they're going to get it

    Should this affect your business? No, not unless you are in the habit of selling explosive materials and other black market items and have an uncanny approach to hosting it in the Cloud.

    Are your business practices not of a legal nature? Maybe you shouldn't use any electronic device and wear a tin-foil hat.

    I think all this fuss about the NSA getting at your Cloud data is slightly justified, that is if you're incorporating bad security practices in the cloud and need to "tighten up". Its a good fright lesson, but to go chicken little about it when you are not doing anything against the state and illegal, ridiculous.

    But I'm not saying keep a blind eye, just don't overreact. They will get your data if they need it that bad, cloud or not.

    Besides we use cloud servers for processing GIS data that is publicly available from the government and used for government purposes.

    So should it bother me, not really.

    If I was hosting Chinese/Russian/Terror network secrets, etc....yes.

    Doing something that the government doesn't need to know about, A) keep it off the internet, B) Watch who you hire, C) Burrow underground.
    spdrcrtob
    Reply 5 Votes I'm for No
    • But the government isn't the problem...

      If they can't even keep a lid on Snowden who apparently wasn't paid to leak all this information what makes you think the more business-minded NSA employees won't or aren't already offering to seek out your sensitive business information to the competition? The raw processing power and data processing capabilities of the NSA makes industrial espionage a whole lot easier.
      Andrej Petelin
      Reply 13 Votes I'm Undecided
  • No amount of public outrage is going to hinder the NSA ...

    ... (until, unless) Congress decides that the NSA has gone too far (which will probably be never). Best practices should always be followed without regard to what the NSA can and cannot do. The word privacy is not in the U. S. Constitution. It has been inferred by the courts from the Fourth Amendment:

    "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    But once your personal information is moved to a public conveyance (the Internet, an ISP, a social network), all bets are off. There is no clear definition of your rights once you willingly share this information with Google, or Facebook, or your local grocer in exchange for coupons.

    The bottom line? Unless you want to personally take yourself off "off the grid" if they want to, the NSA can and will find you and everything about you which you have ever put in any electronic format.
    M Wagner
    Reply 14 Votes I'm for No
    • The question is...

      ...how much work is it going to be? At least if a U.S. Marshal serves me with a warrant demanding data off of my server, I'll know about it.

      And the spooks might be able to intercept strongly encrypted e-mail, but it's a lot more work than doing it to plain text.
      John L. Ries
      Reply 9 Votes I'm Undecided