Feeds

Fed watchdog barks at cloud security

Consumers might get bitten

5 things you didn’t know about cloud backup

The US federal consumer protection watchdog is barking at security and privacy risks posed by cloud computing.

With ever-more products and services asking users to upload personal and sensitive information to centralized online servers in the nebulous (but trendy) notion of "the cloud," the US Federal Trade Commission is pondering whether further steps are needed to protect consumer privacy.

In a letter (PDF) sent to the Federal Communications Commission in December, first uncovered by The Hill, the FTC has outlined some of its specific concerns about the cloud services.

A primary issue raised is that many consumers aren't actually aware of the data security risk involved. "For example, the ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers," the FTC letter states.

The letter continues that the FTC's consumer protection efforts have included close scrutiny on how cloud services handle authentication and credentialing. The agency boasts that it had "encouraged" businesses to strengthen their authentication methods in a report on Social Security numbers back in 2008, and additionally sicced its lawyers on some particularly lax firms to get their authentication procedures up to snuff.

The FTC is also hosting public roundtable discussions on the issue. The first, held in December 2009, considered consumer exceptions of privacy relating to online and offline data collection by advertisers and information brokers. The next will be held on January 28, 2010, and focus on how technology affects consumer privacy and will include specific discussions on cloud computing, identity management, mobile computing, and social networking.

The agency's missive was sent to the FCC, which is currently working on a national broadband plan to be submitted to US Congress in February. The letter is a response to the FCC's notice of inquiry into how broadband issues relate to cloud computing and privacy.

"We believe that strong privacy and data security protections for consumers are critical as the FCC considers technologies such as cloud computing and identity management in implementing a national broadband plan," it states.

And because hey - everyone loves a pat on the back - it also "recommended" the FCC's Broadband Plan include a piece where it will recognize the FTC's law enforcement and consumer eduction efforts over online consumer protection. ®

The essential guide to IT transformation

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.