Will terrorism make personal data in the cloud less secure?

Online security vs privacy

With the UK suffering from an unprecedented number of terrorist attacks in recent weeks, the debate about online security vs privacy is very much back on the agenda.

Increasingly, the security services rely on intercepting online traffic to find evidence of planned terror attacks, helping them prevent atrocities. Indeed, many major attacks have been prevented in exactly this way.

To help the security services, the UK’s so-called ‘Snooper’s Charter’ insists that hosting providers leave ‘back doors’ in their encryption, allowing the security services to decode messages. Over in America, the US is aiming to pass laws that mean all data stored by American companies is unencrypted and accessible by law enforcement agencies – wherever in the world that data is stored. Add to this the many information-sharing agreements between security services in different countries and you can see that the pendulum is quickly swinging away from privacy and firmly towards security.

That’s not to say that the privacy issue is going to go away. We now use the cloud to store so much sensitive personal and commercial data, largely because – at its best – it is secure, cheap and convenient. But would you really want anything other than the best encryption for your financial records, sensitive business documents, customer records and other sensitive data?

Will your sensitive data be safe?

The answer is likely to be a resounding ‘no’. But much of the Cloud and the internet’s infrastructure is run by US companies, so what happens if they have to switch to unencrypted data? If the UK is demanding a ‘back door’ to encrypted data, what’s to stop hackers with criminal intentions forcing open that door and accessing your information?

Yet if you choose to store your data in a country that allows both encryption and does not have reciprocal data-sharing agreements with other countries, you face a major Catch-22: nothing is more calculated to bring you to the attention of the security services.

Few people would deny that the security services need to be able to intercept communications that lead them to prevent terrorist attacks. But at what point does the benefit of relaxing privacy laws outweigh the benefits, innovation and wealth creation that come with secure cloud services?

One thing’s for sure – cloud service providers are going to be thinking long and hard about not only how they store our data, but also where they store it. It would just be a shame if the opportunities the cloud offers became diminished in the process.