Planning for worse case scenarios are generally never good for making policy, but in some situations, they can be very useful in making a point. The recent news about the US government ordering Google to release information on its users is very troubling for multiple reasons. More importantly, it underscores the tradeoff customers (and managed service providers) make for the ease of use and lower cost generally associated with public cloud computing.
No warrants! The case, currently being heard in US federal court, involves the FBI making requests (without a warrant) of Google to release customer information. What type of customer information is not known, but seeing how there is no warrant and no clarification about the nature of the request, you must assume the worst.
No Disclosure. Obviously, now that the court has become involved in deciding the legality of these requests, it is safe to assume the entire world now knows. However, the initial requests were secret, and appear to have been made with the additional mandate that Google not tell the customers whose data was being disclosed.
Can Private Cloud Do Better? Some of you are wondering whether private cloud would solve this problem (assuming you see a problem in governments asking public cloud vendors to give over unknown customer data to an investigative and law enforcement agency). If a legitimate request for information is received, then I’m assuming MSPs (including hosting providers) would have to comply. In fact, this exact scenario is mentioned in the MSPAlliance Code of Ethics. However, if the customer data was on a private cloud, I am assuming that there would be more transparency in this process and more likelihood that the customer would know about the request for data.
It is a delicate balance between having effective law enforcement and a snooping government that can do anything it wants, without the oversight of a court of law. I suppose that is the main issue I am making. If any law enforcement agency (and don’t think other countries may not end up doing this same thing) can make a warrantless seizure of data from a public cloud provider, is that lack of privacy worth the cost savings to your company?
Sign up for MSPAlliance’s Bi-Monthly MSP & Cloud Journal. Follow us via RSS, Facebook, and Twitter. Interested in writing for MSPAlliance? Please contact us for more information.