Cloud computing faces a clear and present danger

Trust and paranoia seem to walk hand in hand in business. Many organisations walk a fine line between trying to entice customers with a pleasant experience, and protecting their assets.

Companies like Facebook, Google, and Apple have spent billions building their reputations around a particular style of customer experience, that is easy to understand and enjoy, and perhaps even indispensible to customers.

At their core, these interactions rely on the customer deliberately sharing some information to gain a better experience, and trusting that the organisation will keep that information safe.

Now consumers and businesses clearly have very different needs when it comes to technology services, and different legal responsibilities around the sharing of information. Many business have enthusiastically embraced consumer style cloud services, for their own customer interactions, and their internal workflows and IT operations.

This major shift towards cloud services has happened almost entirely in parallel with the “war on terror”. I think many Australians are almost immune to the political chatter surrounding the “war on terror”, and don’t truly consider themselves to be at war. The monotonous wartime rhetoric of politicians in both Australia and the US does actually serve a purpose.

In 1919, an American legal precedent was set in Schenck v United States, determining the basis for situations where the government could overrule constitutional rights, freedoms, and free speech.

“The question in every case is whether the words used are used in such circumstances and are of such a nature as to create a clear and present danger that they will bring about the substantive evils that the United States Congress has a right to prevent.”

“It is a question of proximity and degree. When a nation is at war, many things that might be said in time of peace are such a hindrance to its effort that their utterance will not be endured so long as men fight, and that no Court could regard them as protected by any constitutional right.”

The recent series of Snowden revelations published by the Guardian are just the latest confirmation of a long series of technology based intrusions into the private affairs of individuals and businesses. These intrusions have been justified largely due to the clear and present danger invoked by the “war on terror”.

XKeyscore map
Guardian: Snowden revelations of NSA XKeyscore surveillance capabilities

Snowden is certainly not the first whistleblower in this area, but he is the first to attract more than a few moments of attention amongst mainstream news journalists.

Company directors clearly need to comply with the legal environment their organisation operates within. When a government entity invokes powers to silence company directors about breaches of customer privacy and copying of intellectual property, directors are clearly placed in a truly precarious legal position.

Especially when those directors could be subject to legal proceedings instigated by a party that suffers a loss or damage as a result of data disclosure.

Google is perhaps the most obvious public example. In 2009 and 2010, Google sought worldwide attention announcing that they and several other US IT firms had been attacked by Chinese hackers. The impact of that public disclosure was very significant. It has recently been suggested by a Microsoft employee that those very same attacks were actually targeted at the technology mechanisms used by the NSA to directly access Google and Microsoft customer data.

It is worth remembering that the directors of a number of US based telecommunications companies demanded and received retroactive immunity from prosecution for their participation in NSA surveillance programs. Given Snowden’s revelations of Australia’s deep and active participation in these US NSA surveillance programs, it will be interesting to see whether Australian company directors will ever be extended the same immunity to legal prosecution.

ITIF_US_cloud_losses
ITIF – How much will PRISM cost US cloud services providers Aug 2013

The “war on terror” is a political reality for both Australia and the US, and business leaders clearly need to more broadly consider the risks involved in working with cloud service providers. Cloud services and offshoring style outsourcing arrangements can be a contractual minefield. They are made more complex when the provider is a multinational that operates infrastructure located in multiple legal jurisdictions. Contractual and legal complexities can clearly be simplified when services and infrastructure are located entirely in Australia, and provided by an Australian company.

US based cloud services providers are already seeing some backlash against the use of their products, with German government ministers advising citizens to stop accessing US based websites and cloud services if they don’t wish to be spied upon. The US based Information Technology & Innovation Foundation has projected that US cloud services firms will lose $22 to $35b USD worth of services revenues over the next few years, as businesses place greater focus on data security concerns and risk management.

There is no current end in sight for the “war on terror”. Many organisations have built workflows and asset protection strategies based upon incorrect assumptions surrounding the privacy and confidentiality of their corporate communications and data. Business leaders should carefully re-evaluate risks, and the clear and present danger to their confidential data and customer privacy.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s