The American Civil Liberties Union, based in New York, NY, reported that the US government claims the right to read personal data online without court authorization. This trend is not unique to the United States government. Many governments around the world also request these service providers.
According to the statistics published by Google, it received more than 16,000 information requests affecting more than 31,000 users in 2012. The same Google statistics indicate that it provided information in more than 85% of the requests.
In 2012, Microsoft received more than 70,000 requests that affected more than 120,000 accounts. While this is a much higher number, Microsoft only produced information about these requests about 2% of the time. Nearly 80% of the requests asked Microsoft to disclose only subscriber and transaction information.
Businesses and individuals can take simple steps to prevent thieves, businesses, and the government from gaining access to online storage that contains private information.
Here are some basic ways to protect or encrypt data to prevent teary eyes from viewing sensitive and/or personal information:
1) Data can be encrypted before being stored in the cloud. Products like TrueCrypt, Privacy Drive, and MyInfoSafe allow the user to encrypt their data. This type of encryption can be done for both files and folders before they are stored in the cloud.
2) Use an “on the fly” encryption product that encrypts data as stored by almost any online storage provider. Products like BoxCryptor, Cloudfogger, SafeMonk, and Viivo integrate with the cloud storage providers of your choice and encrypt data locally, but seamlessly before it’s stored in the cloud. These services provide encryption completely independent of the storage provider, ensuring that even the storage provider’s employees cannot access your company’s cloud-stored data.
3) Choose a provider that encrypts data as part of their service. Storage-as-a-Service companies like SpiderOak, iDrive, and Comodo not only transfer your data via an encrypted protocol, these companies also store the data in an encrypted format, preventing those without an access key from easily viewing your data. It is unknown if there is a back door that they can use to access the data stored on their servers.
Businesses are highly sensitive to government requests for information because of their legal responsibilities under privacy laws such as HIPAA and the Gramm-Leach-Bliley Act. Therefore, in highly regulated industries such as financial services and healthcare, companies must strike a balance between government oversight and consumer privacy.
The US Electronic Communications Privacy Act of 1986 was enacted in the early days of the Internet. The law did not require government investigators to obtain a search warrant to request access to emails and messages stored in online repositories. In 2001, the PATRIOT Act further added the federal government’s authority to search records under its “Library Records” provision, offering a wide range of personal material you could delve into.
We are not suggesting that people try to circumvent the PATRIOT Act. But companies and individuals must do everything they can to comply with data privacy concerns. It should be up to the organization or individual to establish a policy regarding exactly what, when and to whom they disclose information from their cloud service provider.