The Register® — Biting the hand that feeds IT

Feeds

Fed watchdog barks at cloud security

Consumers might get bitten

By Austin Modine, 6th January 2010
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

The US federal consumer protection watchdog is barking at security and privacy risks posed by cloud computing.

With ever-more products and services asking users to upload personal and sensitive information to centralized online servers in the nebulous (but trendy) notion of "the cloud," the US Federal Trade Commission is pondering whether further steps are needed to protect consumer privacy.

In a letter (PDF) sent to the Federal Communications Commission in December, first uncovered by The Hill, the FTC has outlined some of its specific concerns about the cloud services.

A primary issue raised is that many consumers aren't actually aware of the data security risk involved. "For example, the ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers," the FTC letter states.

The letter continues that the FTC's consumer protection efforts have included close scrutiny on how cloud services handle authentication and credentialing. The agency boasts that it had "encouraged" businesses to strengthen their authentication methods in a report on Social Security numbers back in 2008, and additionally sicced its lawyers on some particularly lax firms to get their authentication procedures up to snuff.

The FTC is also hosting public roundtable discussions on the issue. The first, held in December 2009, considered consumer exceptions of privacy relating to online and offline data collection by advertisers and information brokers. The next will be held on January 28, 2010, and focus on how technology affects consumer privacy and will include specific discussions on cloud computing, identity management, mobile computing, and social networking.

The agency's missive was sent to the FCC, which is currently working on a national broadband plan to be submitted to US Congress in February. The letter is a response to the FCC's notice of inquiry into how broadband issues relate to cloud computing and privacy.

"We believe that strong privacy and data security protections for consumers are critical as the FCC considers technologies such as cloud computing and identity management in implementing a national broadband plan," it states.

And because hey - everyone loves a pat on the back - it also "recommended" the FCC's Broadband Plan include a piece where it will recognize the FTC's law enforcement and consumer eduction efforts over online consumer protection. ®

Cloud based data management

COMMENTS

House Rules Send Corrections
All Reader Comments (8)
Highly Rated
Eddie Johnson

Nice Headline

Your headline is right on target because as this plays out we will undoubtedly find out their bark is worse than their bite. As Fred says, there is too much money involved here, the corps and the lobbyists will gut any attempt to regulate this the same way the mass marketers turned the CAN-SPAM bill into a license to spam people silly. Those in government are all either too stupid or too corrupt to realize how their corporate sponsored advisers and consultants mislead them.

Remember, in the US "government of the people by the people for the people" is an obsolete and empty slogan. It now is "Government of the people by the corporations for maximum profit."

1
0
John Franks

Most People and Organizations Enjoy "Security" as a Matter of Luck

Anyone else here reading “I.T. WARS”? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has a great chapter on security. Just Google “IT WARS” – check out a couple links down and read the interview with the author David Scott. (Full title is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium”).

0
0
Steen Hive

Understatement of the year

"larger amounts of data may be used by entities in ways not originally intended or understood by consumers,"

Consumers haven't a damned clue about how *any* of their data is stored and used full stop. Use of personal data should be under mandatory licence and it's misuse should constitute assault on the person.

0
0

More from The Register

breaking news
Jailed LulzSec hacker Cleary coughs to child porn images, will be freed soon
Some images of infants as young as six months
68
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
BBC lied to Parliament about doomed £100m IT monster, thunder MPs
Axed DMI ballooned and burst while watchdogs sang Kumbaya
50
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
98
Not just telcos, THOUSANDS of companies share data with US spies
It's all perfectly legal, trust us
68
breaking news
Google donates £1m to child abuse charity ahead of Whitehall meeting
Well if someone has to censor the interwebs...
21
Silicon Valley digiterati to brainstorm at 30,000 ft
Nothing spurs creative thinking like 11 hours in a flying tube
13
Confidence in US Congress sinks to lowest level ever recorded
So why the %$#@! do we keep re-electing the same politicians?
101