Data Proxies for Clients of Cloud Service Providers

Cloud storage offers significant benefits for security and efficiency, but many organizations may be hesitant to adopt it due to the risk of secret disclosure: the practice by which law enforcement can compel cloud service providers to turn over customer data while legally prohibiting them from notifying the customer. To address this concern, in this paper I propose the appointment of a "data proxy," a highly trusted individual (like a retired federal judge) who would be contractually authorized to represent the organization's interests when it cannot represent itself due to a nondisclosure order. 

While this solution isn't perfect, it could be legally viable in at least some scenarios under current law through carefully structured contracts. The data proxy would need to be completely trustworthy, uninvolved in the organization's other activities, and appointed under precise contractual terms established before any law enforcement demands arise. While there are complex legal questions around notice and standing that would need to be navigated, a data proxy arrangement could provide organizations with at least some protection against completely secret seizures of their data, potentially encouraging greater adoption of secure cloud storage solutions. Though legislative support would be helpful, organizations and cloud providers could implement this solution even under current law.

For an in-depth discussion of the paper, listen to this Lawfare Daily podcast episode.

You can read the paper here or below: