HIPAA Omnibus Rule Takes Effect; Now What?September 27, 2013
How Secure is The Data on Your Phone?October 3, 2013
Recent statements made by NSA’s director of information insurance have many wondering; Can we trust the NSA?
The pre-9/11 America we all knew and loved is gone forever. Even 12 years later, our collective fear is ever more prevalent. Agencies like the NSA (National Security Agency) work to defend this country against cyber-attacks; this is a good thing.
However, recent announcements made by NSA’s director of information assurance, Debora Plunkett during a New York tech conference have many questioning: Can we trust the NSA?
The NSA wants tech companies to cooperate in an effort to automate built-in defense mechanisms within cloud infrastructures.
Put even more bluntly, the NSA wants to gradually erode encryption services so it’s easier to spy on us. This same level of transparency has already infiltrated the walls of our nations data centers but stands to threaten the US Cloud market as well, of which, leads the world in cloud spending.
National security is one thing but so is our right to privacy – both in the workplace and in our personal lives. If US tech companies are to partner up with the NSA, we may just lose our economic edge.
For one thing, the job of an ISP or cloud provider is to create a secure networking environment for consumers. Companies looking for secure cloud providers, take for example, Google or AWS (Amazon Web Services) might just choose to go overseas to a country that has strict privacy laws. Bottom line: the US loses money, if not slowly over the course of 10-15 years. Not good! Furthermore Civil liberties and specific rights to privacy are at risk. Yes, it’s true, there are terrible people who wish to inflict harm on the United States, but US residents still have rights otherwise they wouldn’t be living and/or doing business here.
Edward Snowden might have saved us a lot of face; before the scandal broke the Obama administration was getting ready to sign off on wiretaps. Now, the administration is backing off such initiatives for fear of public backlash. For now, it seems as though there is nothing to worry about. Besides, it is not that easy for the government to hack into a data center to retrieve encrypted information, which is precisely why they are asking tech companies to cooperate. Unless, they had the encryption keys to unlock security protocols in highly automated networking environments. Is that how they do it?
An Overheated Debate
Security experts argue that when it comes down to it, the NSA has little control over encryption services. If they want access, they’re going to have to get it the hard way: through use of force, or better yet, hack into the system. All cloud providers have to do is stick to the protocol; implement proper encryption keys across all visible access points. At the very least, cloud providers should not make it easy on the NSA. That is just asking for trouble. Again, if you were a customer of Cloud Company A, then suddenly learned that they were willingly turning over confidential information, would you be apt to walk away from your contract?
Likely so, especially if you valued your privacy. And where would you go? To cloud company B in Switzerland, where privacy laws are much more stringent? The point being cloud companies have little incentive to work together with the NSA, other than for the sake of national security.
They might realize that it is not in their best interest to willingly cooperate with the NSA’s wishes once they start losing cloud customers. Again, the forecast is just a prediction of what could happen – and customers have a right to question whether or not US cloud providers have best interests in mind. Until push comes to shove, it’s best if US tech companies not hop into bed with the NSA. Doing so could have brash economic consequences.