Jul 13, 2011

How would mandatory laws affect cloud customers?

Police officers are pressuring politicians to increase the amount of time that internet providers have to hold onto logs of customer activity, in order to help law enforcement track down criminals even years after alleged crimes had been committed.
How would this affect your company's log retention policies? Would these laws apply to any company who has a website? If you migrate your companies servers to the cloud, would they all fall under the same jurisprudence?


This sounds like a whole lot of fear-mongering to me. The government is pretty ineffective, and I'm not sure they have the resources or incentives to go after all the businesses on the web, or even all the businesses who run cloud services. And who has jurisprudence over cloud computing? the FCC? The FBI? Congress? ICAAN? Although I would recommend talking to your web admins to make sure they keep their logs, a case could be made for applying an Enron-type "document retention policy" to make sure that the ISP has no idea who connected to a particular IP address at any particular time. It's one thing to pinpoint which node was active on a network; it's another thing entirely to prove that a particular user and device was at that IP address. I wouldn't worry too much about these efforts just yet.

Answer this