A US government decision to allow companies to publish requests for information under the NSA’s Prism program will not help Australian companies protect data in the Cloud.
That’s according to CipherCloud senior vice-president, Paige Leidig, who believes the US Justice Department decision to allow technology companies to disclose aggregate numbers of orders, as well as national security letters seeking information for investigation, does not go far enough.
Leidig said the enhanced ability to report on government requests for information will give customers more visibility into the risks they incur by adopting cloud services and help them make more informed decisions.
“But the agreement fails to go far enough,” he said.
“Knowing that your Cloud provider has received 1000 requests is one thing, but what are the requests for, and whom do they target?”
Attorney genera,l Eric Holder, and the director of National Intelligence, James Clapper, announced the plans in a joint statement on Monday.
"Permitting disclosure of this aggregate data resolves an important area of concern to communications providers and the public," the statement said.
"While this aggregate data was properly classified until today, the office of the director of National Intelligence, in consultation with other departments and agencies, has determined that the public interest in disclosing this information now outweighs the national security concerns that required its classification."
Apple announced this week it has received 0-249 national security letters in the 1st half of 2013.
That is potentially as many as 249 requests for customer information.
Yet, according to Leidig, Google, Yahoo, Facebook, Microsoft collect far more information than Apple through their cloud email and other cloud applications.
“What is the acceptable number for them?” he said.
Leidig said encryption was necessary to protect information going into the Cloud.
“This point is of particular importance for Australian businesses in eliminating the issue of data sovereignty,” he said.
“In employing encryption solutions in the cloud, even if the data is stored with a US company, any accessible information would essentially be encoded into gibberish.
“If an Australian-owned company holds the encryption keys, it is under no obligation to decrypt the information to serve an NSA request.