From the Snowden leaks to the recent passage of the Brazilian government “Marco Civil da Internet”, a set of legislation designed to enforce net neutrality, freedom of expression and privacy, there is no mistaking that this is a critical time for the internet and it’s digital citizens.
Cloud and hosting providers need to pay close attention to developing legislation and technologies to address the privacy and security needs of its customers in this fast changing environment.
Shortly after the NSA’s PRISM program was first reported, Forrester Research predicted that US cloud providers could lose up to $180 billion in business over the next three years due to concerns around the scope of surveillance the program enabled.
In a March Ted Talk Snowden said, “The best way to understand PRISM, because there has been a little bit of controversy, is to first talk about what prism isn’t. Much of the debate in the US has been about meta data. They’ve said ‘it’s just meta data, it’s just meta data’ and they’re talking about a specific legal authority called section 215 of the Patriot Act. That allows sort of a warrantless wiretapping, mass surveillance of the entire country’s sort of phone records, things like that…PRISM is about content, it’s a program through which the government could compel corporate America, it could sort of deputize corporate America to do it’s dirty work for the NSA.”
Some companies initially resisted compliance, challenging the NSA in court, but they all lost. Later after the Snowden revelations, a new ruling forced the declassifying of the 2008 Prism decision.
“It was never tried by an open court, they were tried only by a secret court,” Snowden said. “And something that we’ve seen…15 federal judges have reviewed these programs and found them to be lawful, but what they don’t tell you is those are secret judges in a secret court based on secret interpretations of law that’s considered 34,000 warrant requests over 33 years, and in 33 years only rejected 11 government requests. These aren’t the people that we want deciding what the role of corporate America in a free and open internet should be.”
Although the NSA continually tries to explain the measures and secrets as an important part of national security and characterizes its data collection as “only meta data”, it’s having a hard time spinning the Snowden revelations in its favor. Even late night political comedians are picking up on this topic. John Oliver addressed NSA policies Sunday in an interview with former NSA agency chief Keith Alexander which resulted in a funny yet powerful commentary on the organization.
“But there are legitimate pros and cons to the decision to disclose, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences,” Michael Daniel, special assistant to the president and cybersecurity coordinator said. “Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks.”
Discussion and news on privacy, net neutrality and data sovereignty happens daily. Multi- stakeholder governance as a means to address keeping governments out of the internet or at least equally represented is a hot topic. At the two day NetMundail conference last week, guidelines were discussed for future internet governance.
As the discussion continues to evolve it’s important for cloud and web hosting providers to stay informed of the issues and new legislation so they can best serve their customers in whatever part of the globe they happen to be. As cloud services become more prevalent and are hosted in multiple countries, service providers may be facing more restrictions based on where data is physically stored and which country has domain over the data.
The WHIR interviewed Jelle Frank van der Zwet of Interxion at World Hosting Days in Germany. When asked about the need for data centers in foreign countries, he had this to say, “If you want to do business in Germany, you must have a data center and infrastructure in Germany. That goes for Amazon, that goes for any cloud provider, small or large if you want to do business in Germany I recommend you have your infrastructure in Germany. I would say the same for France.”
His comment in the context of the greater discussion about data sovereignty and NSA backdoor access into United States based company’s data underscores the importance of where data is hosted in relation to local laws and policies, a growing concern among cloud and hosting providers. For example, the US Supreme Court ruled Friday that a government search warrant will require American companies providing internet, email, and online storage services to hand over data stored anywhere in the world.
This could have serious implications for American companies interested in doing business outside of American soil. In July, German Interior Minister Hans-Peter Friedrich told reporters in Berlin that “whoever fears their communication is being intercepted in any way should use services that don’t go through American servers.”
The search warrant ruling last week confirms that the US can legally access data residing outside the country.
There are several opportunities to learn more about security, privacy and data policies. The internet and specialty technology publications such as the WHIR are a great source. However, there are also many industry events that give companies and concerned individuals the opportunity to contribute and get more involved in discussions around these issues.
HostingCon 2014 has several panels exploring these issues and more. Join the i2c panels on June 17 to learn more about post-Snowden issues and the future role of the United States in internet governance.