The NSA PRISM scandal offered cloud providers a number of PR opportunities, including opportunities to provide default encryption to cloud data in flight or at-rest.  Thus they protect their customers, thus they are the good guys.

Just this week we saw Microsoft move to encrypt internet traffic flowing in and out of its data centers.  This, according to a Washington Post report that cites people familiar with emerging Microsoft plans.

“Suspicions at Microsoft, while building for several months, sharpened in October when it was reported that the NSA was intercepting traffic inside the private networks of Google and Yahoo, two industry rivals with similar global infrastructures, said people with direct knowledge of the company’s deliberations. They said top Microsoft executives are meeting this week to decide what encryption initiatives to deploy and how quickly.”

Of course, Microsoft was just one of those cloud providers to declare they are locking their doors.  In August, Google said it would, by default, encrypt data warehoused in its Cloud Storage service. The server-side encryption is now active for all new data written to Cloud Storage, and older data will be encrypted in the coming months, wrote Dave Barth, a Google product manager, in a blog post.  He evens offers Google cloud customers the option to hold their own encryption keys.  Yahoo has similar plans.

The fact is, cloud providers are feeling the pain.  Specifically, those that lag far behind the AWS IaaS cloud powerhouse.  Now they have to contend with enterprises that use the NSA scandal as a good excuse to avoid the move to the public cloud.  Indeed, in a recent Huffington Post article, they called into question the value hit that cloud companies are experiencing right now.

“The venture capital firm Bessemer Venture Partners estimated that public cloud companies are now worth more than $100 billion, and growing. But that growth is threatened by revelations like one in a recent Washington Post article, that the NSA has been tapping into the cloud company databases of Google and Yahoo.”

The primary problem remains: If the government wants your data, they will get your data, no matter what encryption is in place.  The NSA leveraged “secret court orders” that cloud providers had to comply with, which meant the encryption went away.

In some cases, providers can declare that their customers have encryption in place and only the customer has the key.  However, the ability to get at the data is a pretty simple process.  The NSA can use known ways around data encryption, or even go to the customer with a court order and demand the keys to the data kingdom.  At least in the direct-to-the-customer approach, the customer knows what’s going on, rather than having the provider let the government in the back door.

The real solution to this problem is not to announce that new default encryption will exist within the public cloud platforms.  That’s actually something the cloud customer can do themselves, if needed.  The larger problem to solve is pushing back on the legal issues that exist around data protection and privacy, but even those approaches have some difficult tradeoffs.

The NSA clearly has some internal issues, as seen in the recent discloser that, in some cases, NSA employees monitored communications and data from ex-girlfriends, albeit the incidences where isolated.  Indeed, if they had a PR agency, they would be doing full-time damage control for the next several years, and I suspect additional embarrassing stories will emerge.

The laws need to change.  Not to disallow the NSA from looking at private data from time-to-time; in some cases, that may be reasonable.  However, there should be some independent oversight to determine if the monitoring of data is reasonable and justified.  While the government may feel this will cause latency in the war-on-terror, the reaction of the public could end up significantly limiting the overall power of the NSA to gather and analyze information.

The administration is in a difficult position.  They can’t appear as if the actions of Edward Snowden, who leaked the PRISM information, are actually driving policy.  However, if no reform is offered, the reaction of the voting public, and those across the aisle, could significantly damage an administration that’s already suffering from the backlash of the healthcare.gov issues.  Clearly, technology has not been their friend.