8 January 2010 Leave a comment
Over at Ars Technica, there is an article about privacy issues with cloud computing.
Of particular note, the US Federal Trade Commission (FTC) sent a letter to the Federal Communications Commission (FCC) bringing up the need to work together to protect the American consumer during the development of the Broadband plan. The FTC has an entire section of their web site dedicated to Internet Privacy and Security, as well as other areas.
Government access to cloud-based documents can be much easier than getting it from the source; it is all up to the cloud service provider whether to turn your data over or not.
The provider might not even be in the United States, which means a whole new set of rules would apply. The government might have continual monitoring already in place, such as in New Zealand for example.
No matter where the provider is, it is really the location of the data – which servers it lives on – that matters. This could change over time; the data could be in the United States today and in China tomorrow. Thus the laws pertaining to data privacy and protection could change without notice.
The World Privacy Forum has a nice detailed whitepaper titled Privacy in the Clouds that makes for interesting reading. Every business considering moving data to the cloud should read this paper.
There is a nice article on Viodi based on a presentation from Nicole Ozler of the ACLU of Northern California (titled ACLU Northern CA: Cloud Computing – Storm Warning for Privacy?) which describes some of the legal aspects of cloud privacy (in the United States).
A recent article in the MIT Technology Review describes privacy and security in the cloud as well. The article suggests that encryption is one answer, but more sophisticated encryption than we have now: straight encryption removes the ability to work with data online (such as searching), and prevents others from looking at the data (in the case of shared data). The article also suggests that data could be limited to a particular area by the provider (such as being hosted solely within the United States).