E-evidence vs confidential computing
The e-evidence regulation is intended to give authorities within Europe express access to evidence (e-evidence) on the Internet in the future. Service providers such as Google and Facebook, but also cell phone providers and even the smallest cloud operators must then hand over user data within a very short time. Otherwise they could face immense fines, according to the proposal of the EU states.
User data is defined as all information available to a cloud service provider about its customers— from the stored content to the metadata regarding the time of data transmission, IP address of the sender as well as the recipient of the data packages.
This draft may be helpful for effective international law enforcement, but the requirement raises fundamental questions about the data security of cloud services.
E-evidence: Cloud providers have access to user data
Technically, access to user data —content data as well as metadata— by the provider is possible! Many cloud services providers can access the data that their customers have stored in the cloud. This means that, in principle, this access can also take place without an official order. An unpleasant idea. Especially when companies handle sensitive data. If the cloud operator can access their customers’ data at any time, who else can?
For some professions that are bound by professional secrecy according to section 203 of the German Criminal Code (such as lawyers and doctors), even taking notes represents a disclosure of secrets under the above mentioned section of the German Criminal Code. “With the requirement for the possibility of official access, certain professional groups are excluded from the use of cloud services from the outset and they are exposed to the economic disadvantages that result from this,” argues Ulrich Ganz, Director Software Engineering at uniscon.
Confidential computing: technology vs order
Companies that want to reliably prevent access by third parties —including the service operator— re already using services that implement the principle of confidential computing. Sensitive data is not only encrypted during storage and transmission, but also remains protected during processing in the cloud. In addition to a general improvement in data security, the aim of confidential computing is also to make the benefits of cloud computing available to those industries that process data that requires protection.
In unison’s highly secure business cloud idgard®, the Confidential Computing approach is realized through Sealed Cloud technology. This way, thorough data encryption and a set of interlocking technical measures in specially shielded server cages reliably exclude any unauthorized access. Only the customer is in possession of the associated key.
A request from a third party for access to this data is therefore futile, since the operator also has no access to it. This technology thus allows professional groups to use cloud services that would otherwise be excluded, such as doctors and clinics, but also tax consultants, auditors and many more.
You found this article helpful and want to stay up to date? Then subscribe now to our free newsletter and receive monthly e-mails with the latest articles, blog posts and tutorials.