Of course, the NSA will argue that it collected all of our metadata to ferret out terrorists. Critics will point out that the potential for abuse is just too great to allow this sort of data collection to go on unchecked. And the latest headlines are proving the critics right, with revelations that the NSA spied on US citizens, the UN and our allies.
Meanwhile, reports are coming out of individual analysts using NSA surveillance capabilities to track former spouses and spy on love interests.
So, the same metadata patterns that could alert an analyst to the fact that a suspect is helping to coordinate a terrorist attack could be used to help a suspicious analyst figure out whether his or her spouse is cheating.
Government snooping has become such a problem that Facebook recently released a report that trumpeted the fact that it denied more government requests for user data than Google did. Never mind the fact that Facebook handed over user data 79 percent of the time when the US government was the requesting party. That's still better than Google, which turned over data 88 percent of the time when the US made the request. I guess that's one way to polish a turd, but it's not terribly convincing.
This all may seem like a mere nuisance, but NSA snooping could hurt cloud providers, big time. To meet their own privacy requirements, European companies may end up being prohibited from using US-based cloud services like Amazon and Rackspace for their big data implementations.
These companies are in a bind due to the US Patriot Act because if, say, Amazon gets subpoenaed, Amazon must turn over not just all of that data (data that can provide a very specific competitive advantage to its owner), but Amazon must also turn over the keys to unencrypt that data, as well.
"Big data in the cloud offers massive scalability and high performance, but for it to truly be embraced by the enterprise, big data solutions must also include fundamental security features like encryption and key management," said Larry Warnock, CEO of security vendor Gazzang.
To address this problem, Gazzang released a new product, CloudEncrypt, which provides data encryption and key management at every stage of the Amazon Elastic MapReduce (Amazon EMR) data lifecycle.
"Amazon EMR enables businesses, researchers, data analysts and developers to easily and cost-effectively process vast amounts of data, and it’s important to our customers that the data inputs and outputs remain secure," said Terry Wise, Head of Worldwide Partner Ecosystem, Amazon Web Services.
CloudEncrypt allows companies to keep their own keys. So, if Amazon gets subpoenaed, the data the government gets is encrypted, and the customer (not Amazon) retains full ownership of the keys.
Thus, the US government has to take that next step and subpoena the target company. The way things are now, the target company may not even know it was a target. By holding onto the keys, the company can get its lawyers on the case and decide whether or not it should fight the subpoena.