The NSA Is Storing Its Data In The Cloud. But Is It Secure?

Philip Bates 15-06-2015

In the wake of the Edward Snowden leaks, the National Security Agency (NSA) is turning to cloud storage for their data. Why? Isn’t that counter-productive? And how secure are the clouds you use?


Edward Snowden, a former contractor at the NSA, leaked files revealing the full extent of surveillance operations worldwide, forcing numerous serious discussions on our privacy and security Avoiding Internet Surveillance: The Complete Guide Internet surveillance continues to be a hot topic so we've produced this comprehensive resource on why it's such a big deal, who's behind it, whether you can completely avoid it, and more. Read More .

For the NSA, it had major impacts: not only are people questioning how and why they’re being spied on Who Is Fighting On Your Behalf Against The NSA And For Privacy? There are several Internet activism groups who are fighting on your behalf for privacy. They are doing their best to educate netizens as well. Here are just a few of them that are incredibly active. Read More , but the NSA Director, Michael Rogers, admits the leaks considerably hampered intelligence gathering.

The agency is taking unexpected steps to stop another leak: they’re putting all their data in one place.

What Are They Actually Doing?


After expansions in their authorities, the amount of data collected by intelligence services expanded, namely covering smartphone metadata Avoiding Internet Surveillance: The Complete Guide Internet surveillance continues to be a hot topic so we've produced this comprehensive resource on why it's such a big deal, who's behind it, whether you can completely avoid it, and more. Read More . Largely stored on servers, much of this data was revealed by Snowden Hero or Villain? NSA Moderates Its Stance on Snowden Whistleblower Edward Snowden and the NSA's John DeLong appeared on the schedule for a symposium. While there was no debate, it seems the NSA no longer paints Snowden as a traitor. What's changed? Read More across 2013 and 2014, most notably PRISM What Is PRISM? Everything You Need to Know The National Security Agency in the US has access to whatever data you're storing with US service providers like Google Microsoft, Yahoo, and Facebook. They're also likely monitoring most of the traffic flowing across the... Read More .


But the whistleblower isn’t the sole reason the NSA are turning to the cloud.

The agency began adopting centralised storage in 2010 in a bid to share information across the United States Intelligence Community (IC). Their clouding system of choice? Amazon Web Services, which links the 17 elements of the IC, including the Central Intelligence Agency (CIA), Federal Bureau of Investigation (FBI), and Office of Naval Intelligence (ONI). As well as its increased capacity, the service boasts speed and cost-effectiveness. Jon Koomey, an energy futurist, told National Geographic:

“When you step into the cloud and replace atoms with bytes, you don’t have to manufacture chips anymore – and that means big savings.”

Data is metatagged for accessibility and accountability: these detail personnel with access to said information, so their actions are all logged. This is paired with compliance regulations, so only those legally authorized to see material can do so.

The NSA’s current cloud consists of two systems: an internal one used by agency employees; and the GovCloud, available across the IC via the Joint Worldwide Intelligence Communications System. Essentially, in the latter, the NSA acts as a service provider to other IC sectors.


Both clouds are set to merge by the end of this year, but full transition will take years to complete.

How Secure Is It?

Utah Data Centre

Much of the wealth of data is currently being stored at, and is accessible through, the Utah Data Centre, a $1.5 billion hub between Great Salt Lake and Utah Lake. The facility was completed last month after power surges damaged equipment causing a year-long delay, and houses servers across four 25,000-square-foot halls.

The NSA admits to collecting Internet searches, phone calls, financial data, and health records, and analysts plough these for operational applications.


The building itself is heavily fortified: obviously only authorized personnel gain entrance through the control centre, and security guards patrol the hub. They’re assisted by CCTV, intruder detectors, and further protection costing over $10 million. Rory Carroll writes:

“A small exit – not marked on ordinary maps – takes you up a curving road. A yellow sign says this is military property closed to unauthorised personnel.

Further up the hill, invisible from the highway, you encounter concrete walls, a security boom and checkpoint with guards, sniffer dogs and cameras. Two plaques with official seals announce the presence of the office of the director of national intelligence and the National Security Agency.”

The complex might be sound, but how secure is the actual cloud?

Former director of the NSA, General Keith Alexander says the strict legal structures to ensure compliance also protect civil liberties, so data that needs to be deleted in a set time limit automatically notifies staff when that period is up.

This accountability is total. Content and personnel are tagged at a cellular level, meaning full records of everyone who has accessed, copied, printed, or altered files – or even single words and names. This is partly enabled using the public-key infrastructure (PKI), whereby data is encrypted and decrypted with public and private key pairs How To Do Encryption, Decryption & Signing Easily With Seahorse [Linux] Learn more about security and encryption using Seahorse in Linux. Read More , and identities are verified by the Certificate Authority (CA). These records are kept on a Certificate Database, Store, and Key Archival Server, and further safeguards against corruption during transit.


Additional security methods understandably have to be kept secret, but Alexander explains:

“[W]e do utilize a variety of security protocols at every layer of the architecture, as well as a robust encryption strategy. The NSA cloud brings together multiple data sets and protects each piece of data through security and enforcement of the authorities that specify its use… In addition to data markings, security is applied throughout the architecture at multiple layers to protect data, systems, and usage.”

How Safe Are The Clouds You Use?

We use cloud computing systems for storage and sharing (think DropBox, Apple’s iCloud What Is iCloud Drive and How Does It Work? Confused about what makes iCloud Drive different to Apple's other cloud services? Let us show you what it can do, and how you can make the most of it. Read More , or GoogleDrive How Secure Are Your Documents In Google Drive? Read More ), emailing, and for eCommerce. But this is important to remember: these clouds are different to the one used by the NSA. They’ve got to be. National security secrets are generally considered more important to keep hush-hush than a vast array of selfies 5 Things To Avoid When Taking Selfies Selfies shouldn’t be taken lightly, and there are many things you need to avoid. Read More uploaded to the iCloud.

Nonetheless, your information isn’t exposed for all to see. The core security measures are: preventative (the first line of defence – two-step ID verification What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More , for example); and deterrent (emphasis on consequences for potential hackers); while detective (architectural monitoring) works hand-in-hand with corrective controls (or damage limitation).

Your data may be stored on a different company’s server, but it’s not all about location; instead, it’s how it’s accessed. Solid data encryption is essential, yet far from the only way firms need to secure your information. Compliance data, similar to the NSA’s but certainly not as thorough, could also be employed so details can only be accessed under certain contexts, or identify a breach by auditing applications for unusual activity.

Of course, this isn’t absolute. Apple faced a potentially massive issue last year when the accounts of several celebrities were hacked Apple Investigates Celebrity Nudes, YouTube Introduces Tip Jar, And More... [Tech News Digest] Also, looking forward to the Internet Slowdown, Windows XP edges 1% closer to death, play Star Citizen for free, the new Raspberry Pi Web browser, and the wearables we narrowly avoided. Read More and compromising photos leaked How A "Minor" Data Breach Made Headline News & Ruined Reputations Read More . Apple, however, doesn’t see this as their fault Apple Deflects Blame in iCloud Hack, Yelp Cleared of Extortion, and More... [Tech News Digest] Also, Xbox One expansion incoming, Netflix Likes Facebook, BlackBerry teases something or other, Destiny Planet View, and the ram who hates drones. Read More , but regardless have increased their security Apple Improves iCloud Security, Twitter Kills Twitpic Over Trademark, And More... [Tech News Digest] Also, Rdio goes freemium, Facebook privacy checkups, free Xbox One game offer, iDiots queue for the iPhone 6, and why Google Glass sucks. Read More .

Interestingly, Lucas Mearian argues that clouds aren’t secure – at least not from service providers, and government departments like the NSA. Combine this with the NSA’s claim that they want a “front-door” to your data Tomorrow's Surveillance: Four Technologies The NSA Will Use to Spy on You - Soon Surveillance is always on the cutting edge of technology. Here are four technologies that will be used to violate your privacy over the next few years. Read More via split-key encryption and your data might be safe from hackers, but not from intelligence agencies.

Do You Trust The Cloud?

13334048894_001d3e53d1_z (1)

Cloud computing isn’t perfect, but it certainly has its advantages.

The NSA has adopted it as a cost-cutting measure, sure, but the large-scale accountability is their effort to combat another Snowden-esque leak, acting as preventative, deterrent, and detection controls.

And if you’re still concerned about the security of the clouds you use, you’re not powerless. You can secure your DropBox account Securing Dropbox: 6 Steps To Take For Safer Cloud Storage Dropbox isn’t the most secure cloud storage service out there. But for those of you who wish to stay with Dropbox the tips here will help you maximize your account’s security. Read More , create your own cloud using the open-source Seafile Create Your Own Secure Cloud Storage With Seafile With Seafile, you can run your own private server to share documents with groups of colleagues or friends. Read More – or even explore more encryption methods 5 Ways to Securely Encrypt Your Files in the Cloud Your files may be encrypted in transit and on the cloud provider’s servers, but the cloud storage company can decrypt them -- and anyone that gets access to your account can view the files. Client-side... Read More .

The NSA thinks the cloud is the future. Do you?

Image Credits: Secure Cloud Computing by FutUndBeidl; Snowden on Wired Cover by Mike Mozart; and System Lock by Yuri Samoilov.

Explore more about: Cloud Storage, Encryption, Surveillance.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    June 15, 2015 at 11:24 pm

    Cloud is not safe. So what happened? Something like this?

    1. Major cloud donor approaches senior members of Congress.
    2. Congress asks NSA to do a feasibility study on NSA cloud utilization.
    3. NSA declares it unsafe.
    4. Congressional members declare the particular vendor safe.
    5. NSA deploys cloud.

    But of course, just as soon as NSA gets hacked:

    1. NSA will blame the Chinese.
    2. Congress will publicly rebuke NSA for gross mishandling

  2. Anonymous
    June 15, 2015 at 6:53 pm

    "Do You Trust The Cloud?"
    With apologies to Henry Wadsworth Longfellow, my attitude towards the Cloud can be summed up by:
    I shot my data into the air (the cloud)
    It was saved on server, I know not where.

    "Cloud computing isn’t perfect, but it certainly has its advantages."
    Only if you are the NSA and the Intelligence Community. For everybody else, data in the Cloud is data which they do not have any control over any more, especially when the NSA gets front-door access to all the Cloud servers.

  3. Anonymous
    June 15, 2015 at 6:53 pm

    Of course their data is secure.....they're using iCloud. LOL