A cottage industry is growing up around virtual padlocks that consumers can place on cloud services so that the vendors themselves can't get to the information — even if the government wants access.
New documents obtained by the ACLU from the FBI and U.S. attorneys' offices revealed startling realities around the government's email surveillance practices. In March, the ACLU also obtained documents showing that the IRS does not always get a court order to read citizens' emails.
Who has your back?
Auerbach said using cloud services is not black and white in terms of what you can trust them to store.
"A lot of people may not mind that the [cloud service] company may pass some of their data to the government," Auerbach said. "Other types of data they may be more concerned about."
For example, if you're a consumer and you're storing photos, videos, digital music or innocuous documents on a cloud storage service, you may not mind that a hacker or the government gets access to it. If you're a company that is archiving non-sensitive historical records — financial statements, presentations, news releases or marketing materials — again, there may be no concern about who sees it.
But it is good to know whether a service provider will try to protect your information from government intrusion.
"There are also companies that have friendlier policies...that demonstrate they fight for users and try to push back against unreasonable government requests for data," Auerbach said. "Who's got your back? Does this company require a warrant for customer data? We give companies stars based on whether they meet that criteria."
The EFF, a privacy advocacy group, has filed a lawsuit challenging the NSA's spy program. It has also created a website that rates 19 of largest Internet companies on how hard they try to protect your data. The EFF site " Who Has Your Back" awards companies gold stars based on each of six criteria:
- Requires a warrant for content;
- Tells users about government data requests;
- Publishes transparency reports;
- Publishes law enforcement guidelines;
- Fights for user privacy rights in courts;
- Fights for user privacy rights in Congress.
For example, Apple, AT&T and Yahoo received only one gold star out of six. Dropbox, LinkedIn and Google all have five out of six stars. Twitter and ISP Sonic.net were awarded six out of six gold stars for their efforts to protect user data.
"Ultimately, if you are really are worried about your data going to the government, given there are streamlined legal processes by which they can get access to your data these days, it's good for users to keep data stored locally and only in the cloud in an encrypted way," Auerbach said.
Sign up for CIO Asia eNewsletters.