How Your Cloud Dream Is Becoming a Security Nightmare

After extracting a deal from Research In Motion that appears to give state authorities the ability to monitor messages sent over the company’s BlackBerry network — similar to a deal that RIM agreed to with the government of Saudi Arabia — the Indian government has suggested that it may go after both Google and Skype in an attempt to get similar kinds of security concessions.

India’s threat means that this is no longer just about Research In Motion and its specific network or security controls; it’s about gaining widespread and potentially unlimited access to a whole range of cloud-based services. In other words, it means that our growing use of the “cloud” — whether it’s web-based email or web-based voice calls such as those recently launched by Google, or mobile email and data from companies such as Research In Motion — is colliding headlong with the demands of foreign governments to control those services and applications, or at least their demands to monitor them whenever they wish.

It’s not just India and Saudi Arabia making these kinds of moves either. Lebanon, Algeria, Indonesia and several other countries are said to be watching closely what’s been going on with RIM, with an eye towards pursuing similar deals with the company, and with other web and mobile service providers. There have also been unconfirmed reports that RIM has already handed over some form of monitoring ability to the federal authorities in both Russia and China, although it’s not clear what level of access those governments have received. If India goes after Google and Skype for access to its email, instant messaging or other communications, China and plenty of other countries are almost certain to demand the same kinds of access.

India has focused on targeting Skype because of the government’s belief that terrorists and other anti-government forces routinely use the VoIP service as a way of communicating without having their phones tapped — something that could also be a risk with the new voice services that Google has launched. According to reports from Bloomberg and other news sources, the government wants both Google and Skype to set up servers in that country that can be monitored by security agencies, or to provide a means for tracking voice and instant messaging data.

The U.S. government has the authority to subpoena content from the BlackBerry network, but it doesn’t have explicit decryption boxes running on RIM servers inside corporate premises, which is what it sounds like India and Saudi Arabia want: to be able to simply turn on their eavesdropping devices and collect whatever they wish. Will India or Saudi Arabia or China abide by the same rules as the U.S., and provide full legal justification for doing this if and when it happens? Perhaps. Or they might just conveniently forget about such niceties (although the U.S. sometimes goes outside the legal boundaries as well).

Either way, your data could be at risk. If you send messages over the BlackBerry network, use Skype to call overseas, or send email or use the new voice-calling options from Google, theoretically what you say could be monitored by a foreign government, if India gets its way. There’s no reason to believe that these efforts are going to stop with India, or with just RIM or Skype or even Google; Amazon, Facebook and others could be the next to face such government demands for access to their servers and the information stored there. Living our lives in the cloud is appealing in many ways, but how much freedom do we have to give up in order to do so?

Related content from GigaOM Pro (sub req’d): As Cloud Computing Goes International, Whose Laws Matter?

Post and thumbnail photos courtesy of Flickr users AndyRob and Chrissy575


Alcatel-Lucent NextGen Communications Spotlight — Learn More »


GigaOM