The Impact of the NSA Revelations on Cloud Computing
The NSA’s Point of View on Its Spying
The United States government is using the argument that data on third party systems – in this case, the cloud – makes the information public. The federal government says that data in the cloud is not private, and this gives it the right to monitor email traffic, track phone calls, record location data embedded in pictures and save every social media post we generate.
The United States government states that this spying on all citizens will prevent terrorist attacks. The government refuses to spy on mosques for fear of "profiling" and accusations of racism, so it spies on everyone instead.
The irony is that NSA's spying on its citizens, capturing emails, text messages and forum postings, did nothing to prevent massive breaches like the Office of Personnel Management data breach. The OPM data breach by China gave them the entire personnel files of several million former and current federal workers, including private industry defense contractors, everything from performance reviews to SF86 forms that list everything that could be used to blackmail an employee.
All of the spying, too, was proven for naught when they couldn't stop the San Bernadino shooters, Boston Marathon bombers or NYC and NJ 2016 bombers.
A Cloud Computing Firm’s Point of View
Microsoft’s former Chief Software Architect, Ray Ozzie, described this as the 3rd party doctrines being leveraged to gut the Fourth Amendment to the Constitution. He’s not alone in the fear that this destroys any privacy people have when using cloud computing, when the government believes it can access data on the cloud at any time.
Cloud services rely on trust; customers won’t use their cloud storage if it could be perused by curious administrators or used against them in a tax audit. Customers won’t use software as a service if their financial files aren’t secure against theft; if the federal government has copies of their data, it is more secure on the person’s hard-drive. Loss of trust equals lost profits for cloud computing firms.
Cloud computing firms and computer hardware manufacturers were right to fear the impact on their industries. Cisco reported double digit declines in sales to China after Edward Snowden's revelations. European firms are seeking European IT service providers to avoid NSA spying, regardless of their quality compared to giants like Amazon or Microsoft.
The Impact of NSA’s Spying on the Cloud Computing Industry
Cloud computing services may have no privacy at all, with the NSA’s mega-data farm in Utah said to be storing all social media content for analysis when required. If anything that leaves your computer and travels on through an ISP or to a cloud server is considered “public”, then anyone who wants privacy will want the data to remain on their computer.
Even encryption is no protection, since leaks by Edward Snowden reveal that the federal government gives extra scrutiny to encrypted files and efforts to prevent snooping. The revelations that the NSA literally recording all metadata - and possibly all content – will slow the growth of the cloud computing infrastructure in the United States.
The cloud services industry is dominated by United States firms like Microsoft, VMware, Amazon and Citrix. The NSA is monitoring all data travelling on US networks, even if the source or customer is overseas. The European Union is already voicing concerns that using US cloud services will result in the federal government having access to all of the information. Once the federal government has this data, it could be leaked to U.S. contractors like Boeing to help them win bids against French Airbus, sold to well connected firms or stolen by hackers from a government that accidentally posts Social Security Numbers online.
This suggests that any foreign firm that wants to keep its trade secrets a secret cannot use an American cloud services firm. The monitoring of all U.S. internet traffic also prevents Americans from using foreign cloud computing firms, since data sent to and from those providers would also be recorded. However, EU based cloud computing firms will receive a significant boost as customers outside of the U.S. flock to EU cloud services providers – if they can demonstrate that they, too, were not spying on customers.
French cloud computing won’t benefit from a shift to EU firms, since France has apparently had its own version of the PRISM program. The UK reportedly tapped into the same fiber optic network the U.S. did. Or we may see a rise in cloud computing providers in other nations that will prosper simply because they promise to protect data from both hackers and governments. But Huwei expects to see a massive boost in sales as Chinese and other Asian companies buy their products instead of potential compromised hardware from Cisco. And anyone in Asia who can come up with a half-as-good alternative to Microsoft or Amazon's cloud services will see equal demand.
Long Term Effects of NSA’s Spying Will Have on the Cloud Computing Industry
It was revealed in July, 2013 that the government was also monitoring all traffic on fiber optic cables. These cables carry about 99% of the world’s internet and phone traffic. Now that this is none, privacy and security minded firms will switch to other communication methods like satellite connections, wireless satellite connections or a courier carrying a case of thumb drives between corporate locations.
Cloud computing may remain popular for academics, open source groups and individuals that don't care about privacy, but the profits to be made will be much smaller than they appeared before the NSA revelations. Businesses will also slow their adoption of cloud computing, keeping private data private on their corporate networks instead of moving everything to the cloud.
We will also see businesses reverting to old fashioned communication methods. The Kremlin has reportedly switched back to typewriters to prevent monitoring of digital communications. The government may log all letters by their date and sender, but it is not reading the contents, so sending documents via overnight mail is more private than an encrypted email.
More by this Author
Which apps are the greatest risks to your IT security?
ISO 27002 provides a list of hundreds of controls for IT security as recommended by ISO 27001. What does ISO Std 27002 say?
What are the primary types of process improvement projects in IT?
No comments yet.