In the light of recent revelations about the US government's wide-ranging data surveillance programs, many users have been struggling with the realization that Cloud services are not as secure as once believed.
In reality, user's data stored in a Cloud environment may only be secure during transmission to and from the Cloud storage. This leaves the data stored on Cloud servers open to warrants and petitions by governments without the knowledge of the end user. This is a major security flaw for sensitive data.
Secured Transmission, Insecure Storage
It has been reported that Google would like to plug that particular security hole. The search giant's Drive cloud storage system also only encrypts user's data during transmission using HTTPS. This leaves user's data on the Google servers accessible to anyone with access to the servers. To counter this and provide an extra layer of security to user's data, Google may add server side encryption. This would mean that Google would not be able to provide user's data to organizations like the NSA even with a warrant.
However, recent court ruling have also made the surveillance of user's entering passcodes through wiretaps a hot button issue. This form of wiretapping would negate the added layer of encryption on Cloud data and make offsite secure storage ineffective at best.
Battle for Privacy
In the battle for privacy and security of internet data, at least at this moment, government entities seem to be winning. In the US congress as well as in US courts, the privacy of data transmitted and stored remotely continues to be deemed public domain and not under the protection of privacy laws. Email is not given the same protections as paper mail.
Cloud storage is seen as nearly public domain. Governmental entities are allowed to spy on citizens who would normally be protected by privacy laws. As more and more of American daily life becomes digitalized and Cloud based, the idea of privacy begins to look like an outdated ideal.