Cloud privacy and cybercrime legislation
Tue, 19/02/2013 - 14:02
Cloud services have come a long way in the past 5 years and organisations are now almost unanimously open to at least considering storing some of their data in the cloud. After all, cloud computing offers a very long list of benefits not least of which is the potential to drastically reduce costs and increase operational agility.Due to a number of high profile consumer cloud security lapses, the measures taken by providers to protect against unauthorised data access is still an area of key concern for those organisations considering cloud services. In spite of this, many of those organisations comparing cloud services remain ignorant of legislation which they should be factoring into their decision making process.The US legislation is especially worth examining as was highlighted in a recent study released by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE). The report highlights two pieces of US legislation namely the Patriot Act and the US Foreign Intelligence Surveillance Amendment Act of 2008 as being particularly worthy of note. While a fair amount has been written of the Patriot Act already, comparatively little has been said of the Foreign Intelligence Surveillance Amendment Act (FISAA) of 2008.§1881a of the FISAA specifically grants powers to conduct surveillance of the data of non-US persons located outside of the US whose data is in range of US jurisdiction. The scope of surveillance has also been specifically extended to include data which resides in public cloud computing. Many major cloud service providers are US based and therefore subject to US jurisdiction, the implication being that regardless of whether the data is stored in the US, the legislation applies.To summarise the above, it is perfectly legal in the US for political surveillance to be conducted on any data including foreigners’ data stored in US clouds and as a result, the list of cloud service providers that can be relied upon to keep your data truly private is immediately much shorter once this legislation has been taken into account.Redstor’s cloud services including online backup, backup for schools, cloud storage and e-safeguarding were designed with these issues in mind. We’re UK headquartered and our datacentres are located in the UK. We can guarantee your data will never cross borders. Perhaps most importantly, everything we store is encrypted before it leaves your premises and we don’t have the ability to decrypt it, only you do, so although it sits in our datacentres, we can’t read it.It’s perhaps unsurprising we’re trusted by 98 local authorities to protect the data of around 10,000 schools across the UK. We’re also trusted by many thousands of commercial organisations operating in industries with the strictest data storage and protection legislation.