A plan to incentivize companies to use secure cloud storage by ensuring that their interests are represented when the government comes for their data.
.png?sfvrsn=ef3f053b_5 "Data Proxies for Clients of Cloud Service Providers")
Cloud storage offers significant benefits for security and efficiency, but many organizations may be hesitant to adopt it due to the risk of secret disclosure: the practice by which law enforcement can compel cloud service providers to turn over customer data while legally prohibiting them from notifying the customer. To address this concern, in this paper I propose the appointment of a “data proxy,” a highly trusted individual (like a retired federal judge) who would be contractually authorized to represent the organization’s interests when it cannot represent itself due to a nondisclosure order.
While this solution isn’t perfect, it could be legally viable in at least some scenarios under current law through carefully structured contracts. The data proxy would need to be completely trustworthy, uninvolved in the organization’s other activities, and appointed under precise contractual terms established before any law enforcement demands arise. While there are complex legal questions around notice and standing that would need to be navigated, a data proxy arrangement could provide organizations with at least some protection against completely secret seizures of their data, potentially encouraging greater adoption of secure cloud storage solutions. Though legislative support would be helpful, organizations and cloud providers could implement this solution even under current law.
You can read the paper here.
– David Kris is a founder of Culper Partners, with more than 30 years of experience in the private sector, government, and academia. Published courtesy of Lawfare.
