PRISM, the cloud, and the cost of privacy

  • Not everyone is tracked
  • Direct access to raw data
  • 85% of world data in the US

Attention was recently drawn to PRISM and how US government agencies want to know what you’re up to. Just in case.

The news has now been going around in circles with each player, public and private, attempting to deny or marginalise the impact of this Everest expedition into mining of the world data.

To establish the impact it may have on your technologies, here’s what you must know.

Program brief for PRISM

The Washington Post and the Guardian first published the news that the NSA, FBI and other US and British agencies are directly accessing servers to extract audio, videos, photos, emails and other documents in order to track a target. This is not about tracking everyone, but more about having the facility to track anyone through data from every company involved.

prism-slide-2The world as network connections

This slide from the NSA explains how powerful the connection is between various regions of the world. Source: NSA

Why and who is involved

The program has emerged from the fact that 85% of the world’s communications flow into or through a server under American control. With the appropriate legislation, government agencies are able to access it. Each bit of data is in itself not very relevant, but when properly analysed, and correlated with other sources, it suddenly becomes rather powerful.

No company has admitted being part of the program, but the NSA has confirmed its existence. According to leaked slides, most of the large online players in the US are involved. That’s Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple, and some for over 5+ years.

“Where” are the internet and cloud?

To understand what this all means, you must first know that the Internet is everywhere. In other words, one could theoretically disconnect any country, and it the will keep running. Here the word theoretically is important, because in reality, approximately 85% of digital communications go through the US and as a result, disconnecting them would likely cause “the Internet” to collapse because other countries can not handle the sheer volume of traffic.

To illustrate this, think of reading a UK-hosted website from Melbourne. This may require for the site to be served from Europe, through to the US and then Australia.

The same concepts apply for cloud-based software. While Gmail or Hotmail have servers in Australia, the nature of large scale services means Aussie data can be copied to different servers, elsewhere in the world, just “in case” the local infrastructure was to collapse.

This is where the topic of data sovereignty comes in.

And Australia in all this?

The Australian government has confirmed benefiting from the program to the extent that we have access and store quite a lot of that data,  and are spending serious dollars to store it also.

For Australian companies, compliance regulations for some sectors require that data be hosted in Australia or that the owner of the data knows where it is. Is this a cloud killer? Absolutely not. This only mean businesses must be aware of “what” goes in the cloud, and also “which” cloud.

Finally for individuals, any cloud-based services accessed everyday (think online emails, music streaming, document sharing, social media, online accounting, etc.) could likely be exposed to the PRISM program. In the end it’s convenience vs privacy. The David vs Goliath of the tech era!

Its time, let’s all run from the cloud!

Probably not. Your privacy is not compromised automatically just by connecting to your favourite web mail. If you are a drug baron or warlord on the other hand, then yes, it may be time to resort to snail mail!

Technologies have improved our day to day lives in many ways and you must know that anything electronic can be tracked. Think about all the credit card transactions you have made in the last decade, or the number of times you swipe that Frequent Flyer card around. In the end, the convenience of the service and security of not having to carry much cash arguably outweighs the exposure of the fact that you buy from Woollies twice per week.

Same goes to cloud-software. The convenience of having access to your emails from anywhere, 24/7 and with backups and server maintenance taken care of, arguably outweighs the fact that Google might read an email or two in order to display the right Ad. In other words, who still keeps cash under their mattress nowadays?

Impact on your business strategy and operations

Today? None what-so-ever! Looking forward, just make sure that your “cloud decisions” are educated and not purely based on the latest marketing campaign and hype around the latest piece of cloud software.

This may not be an area where you are comfortable with and this is exactly where EmpireOne comes in, to help! Instead of just pushing you towards a solution, we first understand your usability and also business needs.

Enjoyed this post? Please share it or leave a comment below. Then never miss another piece, subscribe to our newsletter or read us via RSS to have everything delivered to you. Yay!

Written by

Managing Director of EmpireOne Group in Sydney, Sebastien has made a life of understanding both sides of the fence. Born in Canada and educated as a self-started business software engineer, not a single day passes without finding Seb tweaking a process, system or piece of code.