Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Does your cloud vendor protect your rights?

Thomas J. Trappler | May 15, 2013
A report reflects that, as with most things in the cloud, vendors vary widely on how they handle third-party requests for access to data.

On March 14, 2013, Judge Susan Illston of the Federal District Court for the Northern District of California ruled that the NSL provisions in federal law violate the First Amendment and the separation of powers principle, and ordered that the FBI stop issuing NSLs and cease enforcing associated gag provisions. This ruling is stayed for 90 days to allow the government to appeal. The appeal is still pending.

Does the cloud vendor defend customer rights in court?
Has the vendor defended its customer's rights by contesting government access requests in court?

Google earned its EFF star for fighting for customers' privacy in court, in part, for its recent efforts to push back on an NSL. According to a March 29, 2013, filing in the case of "In Re Google Inc. (GOOG)'s Petition to Set Aside Legal Process, 13-80063, U.S. District Court, Northern District of California (San Francisco)", Google is challenging a government demand for access to customer data in a national security probe. The results of Google's efforts are still pending.

Twitter earned its EFF star for fighting for customers' privacy in court, in part, for its efforts last year in the case of New York v. Harris. In this case, Twitter was subpoenaed for the records of Twitter user Malcolm Harris who was involved in Occupy Wall Street protests. These Twitter records identify not only the content of the user's tweets, but the date they were sent, and the location of user at the time they were sent. The court ruled Harris had no right to contest this subpoena, so Twitter contested, but lost and then appealed. After waiting on the appeal ruling for seven months, Twitter was forced to provide records on Sept. 14, 2012, prior to results of appeal.

Does the cloud vendor require a warrant?
Does the vendor require the government to produce a warrant supported by probable cause before handing over customer data? The following Facebook policy was cited as being exemplary in this area:

A search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures upon a showing of probable cause is required to compel the disclosure of the stored contents of any account, which may include messages, photos, videos, wall posts, and location information.

Does the cloud vendor publish law enforcement guidelines?
Does the vendor have established policies or guidelines regarding how they respond to data demands from the government? If so, does it make those publicly available? Thirteen of the 18 vendors evaluated received stars in this category.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.