On PRISM, the Cloud and Granularity

Since news of the US data interception program, PRISM, hit the world, there has been the expected firestorm of comments suggesting that this would be the death-knell of the cloud. It’s something of a tradition that whenever anything even remotely related to the internet occurs, open source zealots like Richard Stallman pipe up telling us all that the cloud is an open invitation to the dual threats of total lock in AND unauthorized access to private data. This despite the fact that there is little clarity about what PRISM actually does. The bottom line, as unpalatable as it may be, is that unless we’re prepared to forego any communication developments post about Marconi’s era, we have to accept a degree of risk.

That said, for those of us who have always been a bit blasé about just how pervasive this sort of surveillance is across the internet, it’s well worth watching this presentation given recently by Caspar Bowden, one time Chief Privacy Adviser to Microsoft and now strong advocate for privacy rights. Essentially Bowden details just how expansive the spy network is and just how strongly legislation ignores the rights of non US citizens. It’s a real eye opener and well worth watching Bowden’s presentation below:

Which brings us along to more recent posts suggesting that PRISM is a fantastic opportunity for cloud providers outside of the US to differentiate themselves on the basis of privacy. My friend and German-based industry analyst Rene Bust wrote an excellent post in which he rightly pointed out that PRISM plays directly into the hand of non-US cloud providers. Given his location Bust unsurprisingly pointed out the real fillip it gives to German cloud providers in particular, and European ones more generally.

Cloud granularity is a topic I’ve been banging on about for a few years now – partially because of concerns about US legislation such as the PATRIOT Act, but also because different geographies and workloads have different requirements – be they privacy, latency, local support or whatever, that mean a “one size fits all”, US-centric approach is sub optimal in many situations. Bust puts this purely in terms of the fallout from PRISM when he says that:

European and German cloud computing providers play this scandal into the hands and will ensure that the European cloud computing market will grow stronger in the future than predicted. Because the trust in the United States and its vendors, the U.S. government massively destroyed itself and thus have them on its conscience, whereby companies, today, have to look for alternatives

But I’d suggest it’s a situation that existed long before PRISM was known about, and will continue to exist for multiple reasons into the future. In fact I’d go so far as to say that granular cloud as a foil to PRISM is potentially ineffective. The recent debacle in my own country when MegaUpload founder Kim Dotcom was arrested, potentially outside of the law in this country, but at the behest of the US, gives an indication of the power the US holds globally. It’s not a conspiracy theory to suggest that the US can likely access data stored with non US located cloud providers – the US spy tentacles reach far and likely hold sway in every corner of the globe. Whether it is by way of covert surveillance on foreign territory or via diplomatic pressure on foreign governments – there is no denying the broad power the US enjoys.

So where does that leave us? Well firstly, cloud granularity was a good idea long before PRISM and will continue to be so. PRISM doesn’t call into question the entire cloud, rather it reminds the citizenry of the power we grant to our governments. Finally we’re being naïve if we think PRISM is as far as this thing is going. Watching Bowden’s presentation might chill you if you’re a civil libertarian and you might shrug it off if you’re blasé about all this stuff but one thing is for sure – there’s far more private data under the watchful eye of intelligence agencies than we would have ever believed.

2 Comments
  • Well, Mr. Stallman’s admonitions about the dangers of cloud computing are one thing, and the NSA analyzing all manner of national and international Internet communications traffic is something else. I agree with Ben that cloud service granularity or localization made sense before PRISM and still makes sense. Security and better privacy protections could be motivational reasons for cloud users to abandon US-based cloud services. It is not unreasonable to assume that the NSA is able to analyze a sizable percentage of Internet communications traffic in real-time and keep the stuff they want in their new data centers in Texas and Utah. In that case you better be careful that your cloud service providers are not shipping your data half way around the Earth where it could be subject to NSA “interdiction” and analysis.

  • I’ve had the good fortune to meet Casper Bowden a few times and I am delighted that the deep expertise of a former Microsoftie is now available to us. What revelations – especially how the British press ignored his researches into the vulnerabilities inherent in the EU data protection legislation. I believe that conspiracy theory!

    Thanks very much for sharing, Ben.

  • Pingback: The Granularity | life at the intersection

Leave a Reply