Feeds

Fed watchdog barks at cloud security

Consumers might get bitten

Choosing a cloud hosting partner with confidence

The US federal consumer protection watchdog is barking at security and privacy risks posed by cloud computing.

With ever-more products and services asking users to upload personal and sensitive information to centralized online servers in the nebulous (but trendy) notion of "the cloud," the US Federal Trade Commission is pondering whether further steps are needed to protect consumer privacy.

In a letter (PDF) sent to the Federal Communications Commission in December, first uncovered by The Hill, the FTC has outlined some of its specific concerns about the cloud services.

A primary issue raised is that many consumers aren't actually aware of the data security risk involved. "For example, the ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers," the FTC letter states.

The letter continues that the FTC's consumer protection efforts have included close scrutiny on how cloud services handle authentication and credentialing. The agency boasts that it had "encouraged" businesses to strengthen their authentication methods in a report on Social Security numbers back in 2008, and additionally sicced its lawyers on some particularly lax firms to get their authentication procedures up to snuff.

The FTC is also hosting public roundtable discussions on the issue. The first, held in December 2009, considered consumer exceptions of privacy relating to online and offline data collection by advertisers and information brokers. The next will be held on January 28, 2010, and focus on how technology affects consumer privacy and will include specific discussions on cloud computing, identity management, mobile computing, and social networking.

The agency's missive was sent to the FCC, which is currently working on a national broadband plan to be submitted to US Congress in February. The letter is a response to the FCC's notice of inquiry into how broadband issues relate to cloud computing and privacy.

"We believe that strong privacy and data security protections for consumers are critical as the FCC considers technologies such as cloud computing and identity management in implementing a national broadband plan," it states.

And because hey - everyone loves a pat on the back - it also "recommended" the FCC's Broadband Plan include a piece where it will recognize the FTC's law enforcement and consumer eduction efforts over online consumer protection. ®

Security for virtualized datacentres

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.