It's true that keeping your data in-house doesn't guarantee it's security. However...I'd suggest that the more layers and people you put between you and your data the inherently less secure it becomes. The employee may not be 100% trustworthy but at least I know who they are. I have personally met each and every person with a key to our datacenter because I'm the one who handed them their keys.

Every additional contractor, sub-contractor, sub-sub-contractor means more hands and eyes with access to my data and increasingly they are hands and eyes that I don't know, have no direct control over, can't even monitor. That's not security.

That's true, though the government we have is a lot better than the government most people in the world have to endure. That's not to suggest that it couldn't be improved, just that flawed though it is, it's still better than most.

There's a reason why millions of people around the world still risk life and limb to try and come here and it's not because of American Idol.

Yes, I know why they have these clauses. My point is that these clauses specifically allow them to ship your data off to unnamed third-parties who may be located anywhere in the world.

And that is a potentially serious issue for people storing confidential and/or mission-critical data in the cloud. Especially when they thought they were storing it with a domestic provider, only to discover later perhaps that their data was actually shipped off to a 3rd party in another part of the world.

Actually my point was that rather than being worried about keeping it out of the U.S. he should probably be more focused on keeping it IN Canada.

ANY country other than your home country exposes your data to laws and risks that are likely unfamiliar to you. At least at home you know what you're dealing with.

And I'd suggest that the U.S., while far from blameless (hence the thread) is actually one of the better ones. At least the government here is at least sort of transparent. In some countries they don't tell you what they're doing and they shoot you if you ask.

Yes, certainly they should need a reason...but at assumes that the 4th Amendment applies at all. I believe that the 4th Amendment SHOULD apply to electronic communications, including in the cloud, but what I believe and what the U.S. Government does aren't always the same things.

But now that I have THREE(?) separate cloud providers to run a single application, where is my advantage over just hosting it in my own data center? How many different 3rd parties am I going to pay to touch my confidential data before all of the promised cost-benefits of the cloud disappear?

And if something goes wrong in my 3-headed cloud won't each provider just point at one (or both) of the other two and claim it's their problem?

The problem is that the abstracting ends when and where the government of the country wherein the server exists decides it does. Note the whole China/Google kerfluffle. In the utopian view of the Internet Google and their searches roam freely across the landscape, unencumbered by quaint political systems.

In reality the Chinese government actively restricts (or at least tries to) what passes into and out of their country by land, sea, air and cyberspace. Other countries have intervened on the Internet as well - jailing people for political postings, actively monitoring traffic, even trying to shut down the Internet (in their country) during times of crisis.

Whether we want to believe it or not, the Internet only rises as high as those political entities allow it to and that means that having the protection of the 4th Amendment is still important.

So you'd be happier if your data was stored in China, where there's a decent chance it's being actively monitored?

No, and that is exactly what I consider to be one of the biggest issues of the Cloud. The Terms of Service of many, if not most, Cloud Computing/SaaS providers explicitly allow them to outsource their storage (or either primary data or backups or both) to unnamed 3rd parties. Where are these mysterious 3rd parties located?

Like all businesses keeping costs down helps them keep profits up and since Cloud Computing IS largely sold as a low-cost solution (we can discuss price vs. cost later) we know that keeping costs low is imperative. As we know the Internet crosses International borders (most of them anyhow) effortlessly. Is there any reason to think that a Cloud/SaaS provider wouldn't gladly outsource their storage to a cut-rate data center in another country? Maybe even a country that isn't very friendly to the U.S.?

The 4th Amendment means nothing in Malaysia or China or Venezuela or ...you get the idea.

How do you install TrueCrypt on a Cloud server? Do you suppose the company that owns that server might object

This appears to only affect sites that don't use encryption. Otherwise this would be really scary for companies who are increasingly locating their sensitive and mission-critical data "in the cloud". Who knows what sort of confidential documents, messages or financial info might be inadvertently exposed through this otherwise.

Google Docs, I note...DOESN'T always use encryption. Seems to me that puts them on the list of sites that COULD be vulnerable.

Anybody else notice the irony of having a thread about how few people encrypt their mobile devices just a couple of stories below a story about the government seizing laptops?