NSA PRISM puts "public" cloud in a new light

NSA PRISM puts "public" cloud in a new light

Summary: Can you really trust the public cloud with your data? If you really want to be secure? No.


Like Jason Perlow, I doubt that the NSA is really that into me. It's all those other three-letter acronym (TLAs) organizations, such as the FBI, IRS, and SEC, which might have access to my data that I worry about.

Just because you're paranoid doesn't mean that they're not out to get you. (Credit: CBS Interactive/ZDNet)

Mind you I don't do anything that any of them would care about, but if I were running a major company I'd be worried about government snooping into my business. Perhaps I should also be worried if, say, the cloud storage company I've entrusted my data too-- let's call it MegaUpload--gets into hot-water with the Department of Justice (DoJ, another TLA!) and all my data  is eventually deleted by the Web hosting company. You can't tell me that's not a real worry. 

While David S. Linthicum, senior vice-president of Cloud Technology Partners, pointed out recently that he doesn't see much of a connection between the NSA and cloud computing still "As we migrate to public clouds, the most vocal protesters against this shift also happen to believe the data is at more risk for government monitoring. While you can show them mechanisms and statistics that demonstrate the value of leveraging public clouds, the "NSA scandal" will provide more fuel for the already paranoid of the cloud.

I'm not paranoid, but facts are facts. We don't know exactly how the NSA is watching our domestic communications. Maybe it's by sitting in the Internet's tier one network operating centers (NOCs). Maybe it's by squatting in major tech company data centers.

Yes, yes, I know, I know. The big technology firms have denied that they're turning over information to the NSA, but they're required to deny it by Foreign Intelligence Surveillance Act (FISA) court orders lest they face felony charges.

Let's just take it as a given, if you put information on the public cloud, there's a reasonable possibility that it can be looked at by a government TLA.

But, if you put your infrastructure on a private cloud you dodge this problem. Even a hybrid cloud—where you keep only low-value materials on a public cloud—could still do well by you.

Don't think, by the way, that if you went outside the US for your cloud needs that you'd be perfectly safe. Over in the European Union (EU), many cloud vendors are now proclaiming how much more secure their services are than their American counterparts.

Ah. Hello? You do know what the NSA's real job is right?

No, it's not spying on US citizens. It's spying on non-US-citizens using the telecommunication systems of the rest of the world. You know, places like, oh say, the EU.

Regardless of what the NSA is doing in the US, it's a lead-pipe guarantee that they're trying to collect data in all over the world. And, lest we forget, all those other countries have their own electronic intelligence-gathering organizations as well.

There is no magic safe Internet harbor where your Internet traffic can't be spied on. If your data is on the net, the potential is there for it to be spied on. Deal with it.

Realistically, if someone is really out to dig up your data, you don't want any of it on a public cloud. But, if all you want to do is maximize the safety of your business-critical data while realizing the flexibility and cost benefits of a cloud architecture, a private or hybrid cloud may still be exactly what you need.

If you want more security than that, then keep your data in on-location server rooms or on-campus data centers and keep it all within your intranet. Just remember, however, that when Edward Snowden walked out of an NSA office in Hawaii with sensitive data he didn't send it out on some super encrypted virtual private network (VPN) tunnel or via a TOR proxy. No, he just walked out with it in his pocket on a thumb drive.

You know, maybe there's something to be said for paper records after all!

Related Stories:

Topics: Cloud, Government US, Legal, Networking, Storage

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • You cannot trust the Cloud. Trust the Constitution and Not Politicians

    Remember before Microsoft, Facebook, Apple, Google, Yahoo all came out to admit that they were passing sensitive client data to the FEDS, from Secret Court (FISA) Orders, we thought our private information was private and safe because of the Privacy Act and the Fiduciary responsibility of all companies to keep our information protected, even from government agents claiming National and Community Safety concerns.
    North Americans and the world know different today. (NSA PRISM)
    All social media sites are an attempt to get voluntary access to our private information. We sign up and accept our rights being violated in order to get an email address etc… Why are all these companies asking for our private information? Not even the government is by law allowed this information; however lobbying lawyers for these companies have convinced the Senate, Legislature and other law makers to write new laws that truly have no authority and use such laws with no true affect or force to lie to us daily to makes us believe / convince that we must comply (fore go our rights) in order to live and communicate with each other in peace and harmony.
    Doctors, Lawyers, Police Persons, Fire Persons and any government agent will lie to you daily in an attempt to keep you in the dark about your rights. Medical Practitioners are empowered by the government system and thus swear an Oath that makes them accountable to the government and not the Human Beings there service.
    1.) Rights are what human beings are born with (Read the Bible)!
    2.) Privileges and Benefits are given by the Society / Government in which you voluntarily belong.
    3.) BIRTH CERTIFICATE, SOCIAL INSURANCE NUMBER, PASSPORT, DRIVER’S LICENSE, HEALTH CARD, and any other form of Government ID, binds you to Number 2 noted above.
    4.) By rescinding all Identification(s) in Number 3 above. You regain all your GOD GIVEN RIGHTS and no government Statue, Regulation or Rule will bind you.
    5.) Only Common Laws (law of the land) will you be bond to.
    5b.) Do no Harm to Another Human Being.
    5c.) Do no Damage to Another Human Being’s Property.
    5d.) Commit no Fraud to Another Human Being or Corporation / Fictions Entity.
    Everything I wrote about in Section Number 3 is voluntary. You do it because of intimidation and the benefits.
    Would you give up your rights to your offspring (not children) knowing that is what you are doing when you register their births for a certificate?
    Would you volunteer to pay Federal Income taxes when registering for a (S.I.N.) Social Insurance Number knowing that if you did not voluntarily register, that you would not be obligated to pay Federal Income tax?
    Well stop complaining and looking for someone to answer questions you could be doing the research on yourselves. Trust the government to lie to you to keep you compliant.
    When you vote, you re-instill that you want all the 600, 000 Statues, Regulation and Rules to be crushed down upon you.
    When you do your annual Income Tax and sign the form looking for the phantom money you may get back (Each year laws change to ensure you get nothing back or it is now divided up quarterly and dispensed to you) You Re-Instill the acceptance of such Statues, Regulations and Rules by signing that Income Tax document.
    Trust that your company accountants know what they are doing and have taken the proper Federal Income Tax percentage from your weekly of Bi-weekly pay cheque. No need to do your income taxes form and sign your life away.
    Know that if you did a; (Through the United Nations)
    RESCINDED your; Birth Certificate, S.I.N., HEALTH CARD, PASSPORT, DRIVER’s License, FIRE ARMS License, HUNTING / OUTDOORS card, if you Followed the proper legal procedures, that you would indeed be free.
    The government needs you to voluntarily apply/register/sign the Identifications above to effectively enforce “CONTRACT LAW”. Not having signed /rescinded any of these documents makes you sovereign and thus be your own government. Canada is bound to Contract Law and Treaty Law and that is why as a Society they must comply with the legal measures I have outlined in this document.
    If you store anything in the cloud, know that someone is looking at it without your consent.
    Your Identification can always be stolen and your life compromised long before you know it.
    All Social Media companies and Government agencies have all they need to ruin your life!
    Benjamin Franklin said “Those who are willing to trade Security for their Liberties deserve neither”.
    I closed my Facebook account in 2010. I will never go back to anything like it.
    Yes I have an email address at both Microsoft/Skype and Google. I have limited the forms of communications with those and have decided to install my own email server and strongly encrypt all messaging services. It will get intercepted by the man in the middle however 256 Bit encryption will take them a while to crack versus just handing over the information like Chattel (Mindless Cattle).
    • did you

      have a point buried in all that rant? Apart from saying move to a cave without power (or post)
    • Bible and human rights..

      "Rights are what human beings are born with (Read the Bible)!"

      Actually, the idea of human rights does not come from the bible...read your history, chapter renaissance.
      • It's in the Bible too

        The concept of human rights is actually implicit in the concept of morality, which is a major theme in the Bible. That's not to say, though, that the ancient Hebrews had the same ideas about human rights that we do.
        John L. Ries
        • Do you mean rights like

          - stone a woman to death
          - murder your first born
          - torture the people who don't think like you

          Yep ... the "bible" has human rights in it. Because to the bible anybody who doesn't think like you is not human.
          • Let's put it simply

            If God commands people to refrain from oppressing widows, orphans, and foreigners (even if all of the above can be highly profitable), it stands to reason that they have rights. Likewise, if God commands people to love their neighbors as themselves, then the only logical conclusion is that one's neighbors (anyone with whom one might come in contact) have rights by virtue of being human beings (no matter what human laws might say). Indeed, if people are commanded not to "muzzle the ox that treadeth out the corn", then it's an easy inference that animals have rights too.

            We can argue about how far those rights extend, and whether or not the revelation is genuine, but very idea that God would care about how people treat each other and animals implies that both have rights that need to be respected.
            John L. Ries
  • Freedom on the Rocks - Federal Tyranny versus Terrorism

    Google and Facebook are flat-out lying about the depth to which the NSA is "hard-wired" into their infrastructure.

    Want the REAL story about what the NSA is doing with your life and communications, read Freedom on the Rocks - Federal Tyranny versus Terrorism:


  • lets not forget

    What pundits now call the cloud, we named the Internet decades ago.

    The Internet has this specific property that the network as such is dumb and all intelligence is at the end nodes. Therefore, it all depends on you, the "user" operating the end node. Do not forget this.
  • FBI, IRS, and SEC?! Seriously?!

    From the article:
    "if I were running a major company I'd be worried about government snooping into my business"

    China is the entity that major companies are [one would hope] interested in defending their information assets from "snooping". And whether a company uses a private cloud, hybrid cloud or manages their own data center doesn't really matter. China's success rate in stealing information assets from U.S. companies has been quite high.

    As for the public cloud, a given public cloud providers' security processes may be superior to many of its customers. This would be one reason to embrace a public cloud. Or, alternatively, improve ones own security processes.

    As for small businesses (and organizations, more generally), online banking cyber-criminals are a much bigger threat than the FBI, IRS, and SEC.
    Rabid Howler Monkey
    • Missing the Point!

      Their security might be better but, you don't know if they are under a FISA order to provide the information. Right now the US government is trolling your information, you DON'T know how much. Right now they might not have anything they can get you on about your information, but they are keeping it, so what in 5-10 years rules change and you are now in the target range. The people who wrote the constitution would never have accepted the massively power federal government we have now. That's why they put in the Bill of Rights, to protect citizens from a massive federal government like we have now. Too many US Citizens are not doing their civic duty which is why we have the mess that is the Patriot Act. That should never have happened. We have forgotten "Give me liberty or give me death." Put your data on the cloud and let the government have it if they want; you won't know if there isn't a Snowden where your data is stored, because the government will prevent them from telling you.
    • China is only one ... but not the one you should worry about

      Israel is the #1 corporate spy in the world. They would steal and clone anything in the name of "security". They are just not as openly obvious as China.