Computer Forensics Expert: How to Keep Anyone From Snooping Around Your Cloud

The American Civil Liberties Union, based in New York, NY., reported the U.S. Government claims the right to read personal online data without warrants. This trend is not unique to the U.S. Government. Many governments around the world make requests of these service providers as well.

According to statistics published by Google, it received over 16,000 requests for information affecting over 31,000 users in 2012. Google’s same statistics stated they provided information in over 85% of the requests.

In 2012 Microsoft received over 70,000 requests affecting over 120,000 accounts. While this is a much higher number, Microsoft only produced information on these requests about 2% of the time. Almost 80% of the requests asked Microsoft to divulged subscriber and transactional information only.

Locking the thieves out:
Companies and individuals can take easy steps to prevent thieves, companies and the government from gaining access to online storage which contains private information.

Here are a few basic ways of protecting or encrypting the data to keep prying eyes from viewing confidential and/or personal information:

1) The data can be encrypted before it is stored in the Cloud. Products like TrueCrypt, Privacy Drive and MyInfoSafe allow for the user to encrypt their data. This type of encryption can be done for files as well as folders prior to storing it in the Cloud.

2) Use an “On The Fly” encryption product which encrypts data as it is stored by almost any online storage provider. Products like BoxCryptor, Cloudfogger, SafeMonk, and Viivo integrate with the Cloud Storage provider(s) of your choice encrypting data locally, but seamlessly before it is stored in the Cloud. These services provide encryption completely separate from the storage provider, ensuring even the storage provider employees can’t access data stored in their company’s Cloud.

3) Choose a provider that encrypts the data as part of their service. Storage-As-A-Service companies like SpiderOak, iDrive and Comodo not only transfer your data via an encrypted protocol, these companies also store the data in an encrypted format preventing those who don’t have an access key from easily viewing your data. It is unknown if there is a back door they are able to use to access data stored on their servers.

Businesses are acutely sensitive to government information requests due to their legal responsibilities under privacy laws, such as HIPAA and the Gramm-Leach-Bliley Act. Therefore, in highly regulated industries, such as financial services and healthcare, businesses must strike a balance between government oversight and consumer privacy.

The U.S. Electronic Communications Privacy Act of 1986 was enacted in the early days of the Internet. The act did not require government investigators to obtain a search warrant for requesting access to emails and messages stored in online repositories. In 2001, the PATRIOT Act further added to the authority of the federal government to search records under its “Library Records” provision, offering a wide range of personal material into which it could delve.

We are not suggesting people should try to skirt around the PATRIOT Act. But companies and individuals should do their best to comply with data privacy issues. It should be up to the organization or individual to establish a policy regarding exactly what, when and to whom they disclose information from their Cloud service provider..

Leave a Comment