Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Why PRISM kills the cloud

Jonny Evans | June 11, 2013
Recent revelations regarding the US government's PRISM surveillance technology could be the kiss of death to the promising cloud migration.

The migration from desktop computing to the cloud is on every tech firm's playlist this season, with Apple [AAPL] expected to deliver improvements to its iCloud service later today -- but recent revelations regarding the US government's PRISM surveillance technology could be the kiss of death to these future tech promises.

Prism kills the cloud

Security is essential
Think about it: In order for cloud computing solutions to be seen as viable alternatives to more traditional desktop solutions users -- personal and business users alike -- need to be 100 percent certain their data is secure.

It is unlikely too many people want their privacy curtailed in exchange for convenience -- and reports claiming the US can pretty much tap into a user's personal data and information from any PRISM-enabled system installed in locations worldwide undermines expectation of secure data in the cloud.

Competent cloud service provision
US technology firms have attempted to deny the PRISM claims. One Apple spokesperson even claimed Apple "has never heard" of it. Google claims no knowledge of it. In fact, if you listen to the technologists, no one has any knowledge of the highly confidential surveillance tech.

These denials are open to challenge. Take this deconstruction of Yahoo's denial written by security and privacy researcher, Christopher Soghoian. He observes that Yahoo:

"Has not in fact denied receiving court orders under 50 USC 1881a (AKA FISA Section 702) for massive amounts of communications data."

Yahoo's denial stresses the company has never volunteered to share this data with the spooks, adding:

"We deeply value our users and their trust, and we work hard everyday to earn that trust and, more importantly, to preserve it."

Despite Soghoian's poignant analysis, let's give Yahoo and the other big tech firms the benefit of the doubt. Let's assume their denials mean they knew nothing of PRISM. Surely that's OK?

No. That's not OK. That's far, far worse.

You see, if it's true the US government has been routinely monitoring communications ("for your protection") and the big tech firms were unaware of this, then it suggests intelligence services have managed to find a way to access such data without the big tech firms being aware of the transaction.

If that is true then it suggests security flaws exist across all cloud service providers that can be exploited by anyone who knows where they can be found. This means that while the US has been exposed as accessing the data at this time, there's no great guarantee that other intelligence services and even powerful entities outside of government haven't also identified the same security gaps. Which means the presidential reassurances on the matter don't fill me with warm, cosy feelings -- particularly since I'm in the UK.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.