NSA, PRISM, and Web Hosting Providers
There is no question: the US government is under intense scrutiny by the American people regarding Internet privacy. With information on phone taps, the news released today that the government is, in fact, spying on US citizens using drones, and the revelation that Uncle Sam has been conducting Internet surveillance, one can see why.
The issue was addressed at HostingCon 2013 in a session called ‘The NSA Government Surveillance and You' moderated by the co-founder and chairman of i2Coalition Christian Dawson. Joining him in this discussion: Gregory Nojeim, senior counsel and director of the Project on Freedom, Security and Technology; Jamie Tomasello, policy and investigation head at CloudFlare; Elliot Noss, president and CEO of Tucows; and David Snead, public policy working group chair and co-founder of i2Coalition.
NSA, PRISM, and Web Hosting Providers: Just Say No
“In general when you receive an order or a warrant or a subpoena that you believe is overbroad you can push back,” according to Snead. “You can push back against the investigating agency, the Department of Justice and the courts.”
If you wish to go up against the United States Foreign Intelligence Surveillance Court, you'll have to fight a constitutional battle. You cannot appear in front of this court, said Snead.
Tomasello agreed saying that her company, according to policy, refuses to provide information for a legal policy that appears to have no due process whatsoever. She urges others in the industry to adopt the same policy. “We need, as an industry, to push back where we think is appropriate,” Tomasello said.
NSA, PRISM, and Web Hosting Providers: Customer Trust #1
CloudFlare holds transparency in high regard, considering it a core value. In fact, they intend to release a transparency report later this year according to Tomasello. “Trust is critical to our organization,” she said. “Trust and transparency should be core values of your organization.”
She also points out that who you partner with is equally important. Suppliers and vendors, she said, should all have similar core values, or else they end up being a “chokepoint.”
And what is CloudFlare's policy? If the company receives a subpoena, it alerts its customers. In addition, law enforcement knows that the company does this. In this way, the customers are up to speed, and the police know that the customers are watching.
She points out that law enforcement is used to dealing with ISPs and telecommunications companies. The cloud and shared models are new to them. However, in her experience, these officials understand once CloudFlare explains their business model and policies.
NSA, PRISM, and Web Hosting Providers: Privacy Is Key
She said that customers should always expect a high level of privacy. Yes, policies can protect them in some cases, but the most important method to fight for privacy rights: data encryption.
“Policy and privacy are communicated at the CEO level and pushed down to engineering,” said Tomasello. “It's ever evolving.”
NSA, PRISM, and Web Hosting Providers: What Does The Future Look Like?
Now that we're aware of law enforcement and government covert practices regarding gathering information, what will happen in the future? The panel can not say for sure, but do know that web hosting companies can take action in an effort to protect their customers. One step: obtaining free membership to organizations like EEF, i2C, MAAWG, and more. They are battling hard to protect the online freedoms of businesses and individuals.
Tomasello also said speaking out in a public forum is a great way to let customers know your take on current events. The company blog is a great way to speak to the current events regarding Internet privacy. Above all, assure that you are transparent and you can keep the trust of your customers. These customers will remain loyal no matter what happens, as long as you are always honest.
Do you worry about your privacy on the Internet in the wake of the surveillance information being leaked (NSA)? If you are a hosting provider, how do you address the issue of customer privacy?