Six Lines

The Government Cloud

Posted by Aaron Massey on 15 May 2010.

Vivek Kundra, the U.S. Chief Information Officer, recently announced that recovery.gov is moving to the cloud:

Recovery.gov is the first government-wide system to move to the cloud. The move is part of the Administration’s overall efforts to cut waste and fix or end government programs that don’t work. By migrating to the public cloud, the Recovery Board is in position to leverage many advantages including the ability keep the site up as millions of Americans help report potential fraud, waste, and abuse. The Board expects savings of about $750,000 during its current budget cycle and significantly more savings in the long-term.

There are many interesting privacy implications for cloud computing, but most of the study focuses on commercial cloud computing. For example, Christopher Soghoian recently published a paper titled Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era (PDF) in the Journal on Telecommunications and High Technology Law. Part 2 of the paper talks about the risk of criminal breaches of security and privacy for cloud computing. Part 3 discusses how the government can get access to cloud computing data using Third Party doctrine. Both parts would be substantially different for a government cloud. The nature of government data changes the risk and reward calculation for hackers (Part 2), and the U.S. legal system makes some data illegal for the government to collect even though they can request access to it if it is collected by third parties (Part 3). Soghoian’s paper is worth reading, and I recommend considering how things would be different if the cloud provider was the U.S. government as you’re reading it.