Speaking at a cloud computing panel on Wednesday, an Amazon executive said the company contacts customers when it gets government requests for data stored in Amazon Web Services and will help customers fight such requests.
“Customer and data privacy is one of the single most important things at Amazon,” said Terry Wise, head of global partner ecosystem for Amazon Web Services. “If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena. We will do that proactively and help the customer in any way to comply with the subpoena or fight it.”
Data security has been in the spotlight as news unfolds about a U.S. National Security Administration system, known as Prism, for collecting data about phone calls. Both AWS and Rackspace, also part of the panel discussion hosted by Reuters, said they are not part of Prism.
One way that AWS advises customers to protect their data is to use its encryption offering. In the AWS model, the customer controls the encryption keys. “They are in total control of the encryption. AWS doesn’t have access to that,” Wise said. “That’s the best practice of any customer that’s worried about security and privacy of data.”
If Amazon faced a subpoena that required it to keep the order secret, such encryption would be useful to customers. “If the data is encrypted, all we’d be handing over would be the cypher text,” he said.
UPDATE: Rackspace didn't go quite as far as AWS in saying it will help defend customers. It just sent along this statement, attributed to Perry Robinson, vice president and associate general counsel at Rackspace, about its policies:
“Rackspace reviews any orders to determine that they are lawful and have been issued in accordance with the 4th amendment. We are prohibited from accessing and disclosing customer data stored on their servers or storage devices in our data centers without a properly issued, lawful request from a court with jurisdiction over both Rackspace and the data sought. In the event Rackspace receives a court order for customer data that does not adhere to the 4th amendment, Rackspace will oppose the order.”
Rackspace CTO John Engates, who participated in the panel, noted he’s not a lawyer and didn’t know exactly how Rackspace handles such requests, but offered up another solution: build a private cloud. Companies with private clouds could still face government requests for data but releasing that data is under their control. There isn’t a scenario in which their data might be released without their knowledge.
He suggested private clouds could help companies outside of the U.S. that are increasingly concerned about the U.S. government snooping on their data. “Are people concerned about doing business in the U.S. and what the U.S. could do with their data? I think the answer is yes, people do have concerns. It’s something we have to figure out – how to allay the fears about having data transit through the U.S. That’s one reason why people are gravitating to the idea of private clouds,” he said.
At the same time that AWS says it will help resist government pressure, it is also keen to attract government business. Wise declined to offer more details about AWS’s bid to build a cloud for the CIA but he did comment on the fact that the deal would represent a totally new model for AWS because it would involve building an on-premise cloud. “In certain cases we’re open to different models if it meets the needs of customers. There are certain customers where that type of deployment might make sense. We’re open to that but it’s not something we’re doing at scale at this point,” he said.
IBM has challenged the CIA contract with AWS.
Read more of Nancy Gohring's "To the Cloud" blog and follow the latest IT news at ITworld. Follow Nancy on Twitter at @ngohring and on Google+. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.