15 December 2011 by Pelle Neroth
As most people know, the Cloud is a means to allow companies to outsource all their activities on platforms and infrastructure on to the internet. It promises productivity boosts. However, take up has been lower than it might have been. One big concern is the integrity of data held by cloud providers.
Users - businesses and individuals - may be right in their concerns. In a recent Queen Mary university project study, researchers examined the terms and conditions (T&Cs) of dozens of Cloud providers including Amazon, Microsoft 365 and Apple, and found they left something to be desired. Reading the small print carefully, researchers found that compensation is paltry and there are powerful get out clauses if things go wrong.
Another worrying finding: Every single Cloud service provider they investigated reserved the right to disclose information stored by their customers in certain circumstances. Some require a court order, but other Cloud providers base disclosure on a perception of their business interests or what they regard to be the public interest.
That means that they can give up data to law enforcement agencies that ask for it if, for instance, they want to keep in good standing with a government.
Claims about encrypted data should be taken with a pinch of salt. The popular information storage service Dropbox was embarrassed earlier this year when it had to admit its claim that "our staff are unable to access your information" was not quite true. The clarified formulation goes "Staff are prohibited from accessing information". In fact, a few key executives can indeed access customer data - precisely to comply with emergencies like law enforcement agency requests.
There are fears in Brussels that the long arm of US law enforcement, armed with the Patriot Act, will put political pressure on the US Cloud providers (which dominate the market on this side of the Atlantic too) to give out information on European citizens on very easy pretexts.
It has definitely affected the willingness of, for instance, Dutch local authorities to use the Cloud. T-Mobile and other European providers are making hay with the anxiety and are lobbying Brussels for a certification process that would favour them over US providers when bidding for European government cloud contracts. The claim is that Europe-based providers would be more resistant to the US authorities.
So far so good. But are Eurocrats blind to some intrusive legislation in their own backyard?
In fact, another paper by Queen Mary outlines the new European Evidence Warrant and the proposed European Investigation Order could be just as great threat as US initiatives ever could be. The European Arrest Warrant, which has been in use since 2004, has already led to much criticism: that people are being automatically extradited on trivial offences committed in other EU countries.
One carpenter was tracked down in the UK and sent back to Poland because he had fitted wardrobe doors and then removed them when the customer refused to pay him. In another case, a man was extradited for the suspected theft of a dessert. Under EU law, British police cannot refuse the requests on grounds of disproportionality. Military planes fly back to eastern Europe every week.
Will the new warrants mean cops being asked by their EU colleagues to carry out data server seizures on their behalf, no questions asked?
All in all, the Queen Mary reports confirm that users of the Cloud might be quite vulnerable. Of course, users could always take a "accept as is" attitude to the services and, for security, encrypt the data themselves before putting it in the Cloud.
Ultimately the challenge may not be not America, much as Brussels tries its usual game of rallying the troops against it - but extensive EU legislation that is not debated properly, and the informalisation of justice that results from complex legal issues over multiple jurisdictions.
QMUL Cloud Legal Project
Pelle Neroth -- EU correspondent
Posted By: Pelle Neroth @ 15 December 2011 07:46 AM General
FuseTalk Standard Edition - © 1999-2013 FuseTalk Inc. All rights reserved.
"Africa is abundant with engineering opportunity. We look at some of the projects and the problems."
- DECC-EDF makes yet another attempt to fund 3rd Generation Nuclear at any cost [12:04 pm 25/05/13]
- UK just six hours from running out of gas in March [09:02 pm 24/05/13]
- Ideas for a final year university project [05:55 pm 24/05/13]
- Fourth Generation Nuclear: Molten Salt Reactors [10:39 am 24/05/13]
- LED bulb efficiency - its all about the drivers not the LEDs? [09:52 am 24/05/13]
Tune into our latest podcast