Legal considerations are an important part of cloud security, especially when it comes to how government agencies can demand data stored in cloud providers’ networks.
The protections from search and seizure that data has when it is held directly by its owners is different from the protections it has if the data is stored in the cloud, according to presentations at last week’s Black Hat security conference.
Data stored on PCs in their owners’ homes can’t be demanded without a subpoena being served to the owners, they said. The same data stored in a service provider’s network can be demanded from the provider without going through the owner, the Black Hat speakers said.
So the data, which could remain available to the owner of it, might also be copied to law enforcement authorities, but the owner wouldn’t know it. Service providers might tell the owners, but wouldn’t have to, they said, and they might be prevented from telling.
“You have massively less protections with cloud computing that with your own network,” says Alex Stamos, a partner on iSec Partners, who spoke at the conference.
If police issue a subpoena for data, the recipient has the chance to fight it legally before the data is turned over, he says. That option is gone if the data is in the cloud. “You lose the serving of the document,” he says. “You lose the right to fight it before seizure.”
The message here is keep physical possession of data you want protected by the full measure of the law It doesn’t guarantee nobody else will get hold of it in the end but it does maximize the protections you do have.




