The Internet: a dark, cold Cloud
It's since the news about the leaked document showing that Verizon handed over telephone data that there has been a crescendo of noise about it. Then the PRISM scandal came out shortly after just to reinforce the message: your data is not yours any more.
We are very pleased that finally the media covers an issue that affects all of us both in private life and in our business as we don't know how, the data collected, will be used in future against us even if we've never done anything wrong. As we know information can be read and interpreted in different ways.
For us in the IT industry it's all old news, we gave the Guardian just a hint of what is going on, as we are aware that there are products that must comply with some US laws that have been around for the past 20 years. With a simple search you can find excellent examples from Cisco (and its RFC3294) and you can find a nice document from Verizon dated 2009* that details very nicely how its infrastructure and equipment (including very well known brands) are compliant with the Lawful Intercept Architecture. The LIA is described under the CALEA (Communications Assistance for Law Enforcement Act) passed in 1994 but then over the years more laws allowed surveillance agencies to intercept even more data. One of the better known is the Patriot Act which in our opinion rendered totally useless the Safe Harbour agreement.
We always recommended our customer to switch to Linux and Open Source based solutions as they are very often cheaper, more flexible and provide security levels that are higher than those provided by some known Public Cloud services.
Especially when it comes to Public Sector organisations you'll never know if all employees will adhere to the internal guidelines so they should not send sensitive data through e-mail addresses that are not made for it. We warned a few months ago a County Council that move to a specific Public Service would have put its citizens privacy at risk and that they were spending 3 times what they would have done with Open Source based solutions.
So now that the mainstream media talked about it will you still take the easy route or will you choose the right one?
If you think you need a Cloud based solution talk to a local or national Cloud Provider and make sure the data remains on the national territory and that they use Open Source based solutions.
* source: Public Intelligence