Hey! You! Get Offa My Public Cloud!
Is America safe for cloud-sharing?
“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit.”
That was the opening line of a letter posted on August 12 by Ladar Levison, the owner of Lavabit, a secure email service with some 350,000 subscribers that used a patented encryption program to shield private communications. One of those subscribers was Edward Snowden, the CIA computer analyst who leaked top-secret documents. About a month prior to Levison's abrupt shutdown, Snowden, exiled in Russia, sent invitations to members of the media to attend a press conference at Moscow's Sheremetyevo airport where he promised to detail an “unlawful campaign” being waged against him by the United States government. The email came from email@example.com. A month later, Lavabit was out of business. What happened?
“The first Amendment is supposed to guarantee me the freedom to speak out in situations like this,” Levison wrote. “Unfortunately, Congress has passed laws that say otherwise.”
Media pundits surmise that Levison was served with a warrant that included a gag order. The week before Lavabit's demise, another encrypted communications company, Silent Circle, shut down, also suggesting government intervention as the reason.
What's this got to do with you? It's more about what it's got to do with your proprietary customer data. Rumor has it that several foreign governments, one of them Canada's, are taking themselves off U.S.-based public clouds, not trusting U.S. spies to keep their hands off their data. Will marketers at public companies be next? Levison thinks they should be.
“Without Congressional action or a strong judicial precedent,” Lavabit's ex-chief concluded his letter, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.” Just for the record, Lavabit was based in Texas.
Apparently it's already happening. “What is undeniable, according to reporting from the Financial Times, is that the cloud computing market in the U.S. is looking at losing $35 billion in revenue,” says Charles Weaver, CEO of the International Association of Cloud & Managed Service Providers (MSP Alliance). The group's 20,000 members are providers of cloud or managed services.
The losses, he notes, are mostly U.S. losses. “If you look at EU countries, the public cloud is fine,” Weaver says. “Anything from our country, however, may not be. You need to go to court and get a subpoena to seize a server, but this is, ‘I'm not going to tell you. I'm just going to scoop up your data.'”
Weaver predicts a retrenchment on the part of companies that use the public cloud as a panacea for IT management. Companies cannot expect public clouds to give iron-clad guarantees that their proprietary data won't be broached. The public clouds use shared infrastructure and shared storage.
“I can go to Amazon and sign up for EC2, and I can pick a hemisphere, but it's not like I can do an audit,” says Weaver. “I can't go to Amazon and say, ‘Show me were my data is.'”
Weaver says that small companies can economically gain access to private clouds, as long as they are discerning about what needs to be kept private. Storing images in a private cloud, for instance, could be cost-prohibitive for marketers on a budget. “Scoop your data into two buckets,” he advises. “For less precious data, maybe third-party data, stay with the public cloud. For more crucial data, think private cloud,” he says.
“I hate to say it,” Weaver relents, “but the conclusion I draw is that things are looking up for IBM, Cisco, and the other companies that offer private cloud solutions.”