Yes, certainly they should need a reason...but at assumes that the 4th Amendment applies at all. I believe that the 4th Amendment SHOULD apply to electronic communications, including in the cloud, but what I believe and what the U.S. Government does aren't always the same things.

But now that I have THREE(?) separate cloud providers to run a single application, where is my advantage over just hosting it in my own data center? How many different 3rd parties am I going to pay to touch my confidential data before all of the promised cost-benefits of the cloud disappear?

And if something goes wrong in my 3-headed cloud won't each provider just point at one (or both) of the other two and claim it's their problem?

The problem is that the abstracting ends when and where the government of the country wherein the server exists decides it does. Note the whole China/Google kerfluffle. In the utopian view of the Internet Google and their searches roam freely across the landscape, unencumbered by quaint political systems.

In reality the Chinese government actively restricts (or at least tries to) what passes into and out of their country by land, sea, air and cyberspace. Other countries have intervened on the Internet as well - jailing people for political postings, actively monitoring traffic, even trying to shut down the Internet (in their country) during times of crisis.

Whether we want to believe it or not, the Internet only rises as high as those political entities allow it to and that means that having the protection of the 4th Amendment is still important.

So you'd be happier if your data was stored in China, where there's a decent chance it's being actively monitored?

No, and that is exactly what I consider to be one of the biggest issues of the Cloud. The Terms of Service of many, if not most, Cloud Computing/SaaS providers explicitly allow them to outsource their storage (or either primary data or backups or both) to unnamed 3rd parties. Where are these mysterious 3rd parties located?

Like all businesses keeping costs down helps them keep profits up and since Cloud Computing IS largely sold as a low-cost solution (we can discuss price vs. cost later) we know that keeping costs low is imperative. As we know the Internet crosses International borders (most of them anyhow) effortlessly. Is there any reason to think that a Cloud/SaaS provider wouldn't gladly outsource their storage to a cut-rate data center in another country? Maybe even a country that isn't very friendly to the U.S.?

The 4th Amendment means nothing in Malaysia or China or Venezuela or ...you get the idea.

How do you install TrueCrypt on a Cloud server? Do you suppose the company that owns that server might object

This appears to only affect sites that don't use encryption. Otherwise this would be really scary for companies who are increasingly locating their sensitive and mission-critical data "in the cloud". Who knows what sort of confidential documents, messages or financial info might be inadvertently exposed through this otherwise.

Google Docs, I note...DOESN'T always use encryption. Seems to me that puts them on the list of sites that COULD be vulnerable.

Anybody else notice the irony of having a thread about how few people encrypt their mobile devices just a couple of stories below a story about the government seizing laptops?

That would probably be the percentage who mistakenly think that randomness is more important than length when it comes to passwords.

I see orgs all the time who think that "X7Y^i!6" is an awesome password. They force their users to create passwords they can never remember, despite the fact that they're only 6 or 7 characters long.

In fact they're far better off using pass PHRASES that the user can remember and are longer, and setting an intelligent account lockout policy. The phrases don't need to be written down on a post-it and they're more secure anyhow.

No backups of confidential data? You're kidding, right?

Since confidential data tends to be among the most mission-critical data (in most organizations) I'd argue that it's the data MOST in need of backing up. The backups can (and should) be encrypted and stored in a physically secure location. But backups are essential.

If you don't back it up then you don't deserve to have it.

Our company has a really cool product that we sell to our customers for recovering data in the case of a drive failure. It's called a "backup".

It's been in the papers, you should check it out. ;-)

What about bank account info? Account numbers and balances? Saved passwords to financial sites or corporate resources? What about customer data? Credit card numbers? We see data in customer sites every day that shouldn't be exposed outside the organization. Granted it's not always found on portable devices but sometimes it is.

Whole disk encryption is really not difficult to do and it's a heck of a lot easier than having to apologize to all of your customers because you lost an unencrypted laptop with their information on it.