The CLOUD Act stands for Clarifying Lawful Overseas Use of Data Act, but for most of us mere mortals it provides very little Clarification.
There are ‘Safeguards’ many are open to interpretations, you see legal terms such as “probable cause” and “reasonable belief”
Legislation like this whilst is a powerful an important law enforcement tool, but it could be seen as contradicting GDPR.
The US v. Microsoft Supreme Court Case
Most of us are aware of the U.S. Supreme Court case – United States. v. Microsoft (Ireland) Where Microsoft challenged a warrant from the U.S. federal government requiring it to produce emails stored electronically in Ireland.
For me this is when I realised that my general habit of being a little paranoid was somewhat justified. If you forget the politics of justifications, you realize that illegal access/leakage is one threat vector and legal access is actually just as much an issue. This is particularly relevant in a cloud environment. This is nothing new, and even in the old voice world used to be called ‘Legal Intercept’.
Have you ever noticed the Directed Surveillance?
In Britain we have had a whole spate of what some call ‘Snooping legislation’ for example RIPA, the Regulation of Investigatory Powers Act, one perception of that Law is that it gives almost anyone in a vague position of ‘Authority’ access to personal and confidential data. There has even been well recorded cases of tiny local borough councils, hiring detectives to follow people’s children around and ensure that they are living where they claim to, and are then entitled to go to school. The law was abused almost immediately after it was written.
The CLOUD Act creates a framework under which the United States can enter into agreements with foreign states. Those agreements would allow law enforcement authorities in the United States and the foreign state to make requests directly to local law enforcement and service providers located in the other countries. Therefore, we need to understand what agreements are in place.
Who hold the keys of your data?
Imagine if you really did control who had access to your data? How would you do this? There are technologies available, but they are notorious complex, difficult (Expensive) to implement, they impact the end user experience hugely. Some of these also require the service provider to hold your ‘Certificates’ or keys and your data are stored on their server which has got to be the equivalent of locking the door and leaving the keys under the doormat.
What can we be away from these threats?
So people may need a solution which can help them be away from these threats and:
- Provides a great end user experience, for example Uses the same email address, and you do not have to ‘setup’ each contact or tell them the ‘Key’
- You don’t have to build your own trust infrastructure
- You control the data and the keys
MeSince helps you protect your Email Data
MeSince is a free email encryption client in S/MIME standard, we can automate S/MIME implementation in your email communication system. There is no limitation on using our software, because we do not store your emails in our server. All your data and keys controlled by you, and no other 3rd party can access it.