I’ve briefly described my attempt to get all of my “cloud” data moved to personal servers that I directly control. Part of my reasoning for doing this is the simple fact that I like having complete control over my property (and I consider my data personal property). The other reason is I don’t like the idea of federal agents being able to obtain my personal information without my knowledge. At the very least if the feds want to take my personal data now they will have to alert me when they come to take my server out of my dwelling (and since the data is all encrypted they’ll need my key to access anything… which will really frustrate them when I claim my fifth amendment right instead of giving over my encryption keys).
Some people have claimed another solution for this is to put your data in a foreign country. I never found that solution viable because the government of the country where your data is stored likely has access to it and will hand it over if the United States government puts in a request. Well Microsoft has confirmed that your data isn’t safe anywhere:
Organisations should be wary when entrusting their data to Cloud providers based in the U.S.
Microsoft, one of the first Cloud providers to come clean, have revealed that the U.S. authorities have the right to access any data stored by them, even if that data resides within the EU.
In addition, Gordon Frazer CEO of Microsoft admitted that customers would only be informed “whenever possible” with respect to authorities extracting data.
Such an example is where the FBI has the ability to issue a ‘National Security Letter’ demanding a company’s data. Frazer stated that in this case he wouldn’t even be able to admit he had received such an order.
Many people forget that those subject to “National Security Letters” are legally prohibited from even saying they received such a letter (note to the feds: if you hand me one of those letters I’m telling everybody, fuck you and your attempt to shit on the first amendment). This means if the feds to take your data you’ll never be notified because the company hosting said data will be legally muzzled.
I feel the best option in regards to your data is to maintain it all on systems that you have direct control over. Unless you have that direct control you can never be sure who is rummaging through your data (I’m not just talking about government agents at this point) or for what purposes. If you control the systems then you control who does and doesn’t have access to anything on that system.