Cloud
7/12/2011
09:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Have You Heard Of The Patriot Act?

Let's get this straight: Every cloud provider is obliged to follow the law and respond to court orders -- even Microsoft

Sometimes our propensity to find scapegoats and shoot messengers gets the best of us. For that reason, I am not going to call out the name of the poor soul at Microsoft who got flamed for stating something I had believed to be common knowledge, but apparently was not.

You see, Mr. MS-X got into trouble for stating that Microsoft is obliged to obey the law. OK, it is a little more nuanced than that, and the law in question is the U.S. Patriot Act.

The Patriot Act, of course, is the law enacted post-9/11 as a terrorist-fighting tool. Provisions of the law allow authorities in the U.S. to demand information, which can include a broad range of personal communications, as part of an investigation. Proponents claim it updates wiretapping legal processes for today’s digital world, while opponents claim it is a dangerous increase in governmental surveillance of the Internet.

I want to state right now that fighting terrorism is way above my pay grade, and I am not qualified to comment on the act’s effectiveness or whether information gathered under this act has been used unscrupulously. No cloud provider has marketing people insane enough to brand their services as “Patriot Act Compliant,” but in reality they all are -- in the U.S., anyway. If you were bored enough to read privacy policies in your free time, then you would see that any online business collecting personal information reserves the right to give your information to a government that follows the appropriate legal processes, which include subpoenas, warrants, and other instruments of legal investigation.

Mr. MS-X got into hot water for essentially connecting the dots, i.e., admitting that the Patriot Act is one of these laws applicable to an online provider’s privacy policy. What got me inspired enough to actually blog about this event was the fact that news headlines actually implied this was unique to Microsoft and was going hurt its particular cloud services.

So let’s get this straight: Every cloud provider is obliged to follow the law and respond to court orders. A subpoena is a subpoena, and whether it is the Patriot Act in the U.S. or the authorities in any other country, they can and will demand personal information in this way. Whatever your opinion is of the Patriot Act, I don’t think anyone can disagree that there are several countries that have a much more streamlined approach in how their police gather information from online providers. Certainly companies often fight against unreasonable searches and seizures, but unless Microsoft’s worthy competitors all want to announce tomorrow that they give the Patriot Act the middle finger, we should probably give Mr. MS-X a break.

Jim Reavis is the executive director of the Cloud Security Alliance, and president of Reavis Consulting Group.

Jim Reavis is the President of Reavis Consulting Group LLC, where he advises organizations on how to take advantage of the latest security trends. Jim has served as an international board member of the Information Systems Security Association and was co-founder of the ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8243
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2014-8244
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.