Worries over Patriot Act drives NDP to cloud encryption

Canada’s main opposition party is using cloud-based Salesforce.com in the U.S. to store information about voters and interact with them, but worries that U.S. government snoops could peek at sensitive information under U.S. law prompted the Canadian party to use a strong encryption approach.

Under the U.S. Patriot Act, the U.S. government can compel Salesforce.com to “hand over all data to them, and not tell us about it,” says James Williamson, information technology coordinator for the Canadian New Democratic Party (NDP) in Ottawa, Ontario. The NDP is now the main opposition party to the ruling Conservatives in Canada and holds about 123 million records related to individuals.

In a survey last year by CA Technologies, the U.S. Patriot Act was among the top concerns cited by businesses for their reluctance in implementing cloud-based technologies.

“A big concern in Canada is the provision of a SaaS (software-as-a-service) solution hosted in the U.S.,” Fulton said. “In Canada, there’s PIPEDA (Personal Information Protection and Electronic Documents Act) and in the U.S. it’s the Patriot Act. At CA, we do SaaS provisioning for some of our key solutions,” the report said.

Concerns about privacy prompted the NDP, which earlier this year began using cloud-based Salesforce.com as its platform for voter tracking, e-mail and call-centre contact, to look for a strong encryption approach that it alone would control.

Salesforce is now a main warehouse for the party’s donation and voter data, helping facilitate the flow of e-mail marketing and data use by call agents. Salesforce.com itself does offer an encryption service under which both Salesforce and the customer hold the encryption keys, Williamson says. But he decided he wanted an approach in which only the NDP itself would control the encryption keys to unlock scrambled data. If the U.S. government ever felt compelled to ask Saleforce.com for any data, the New Democratic Party would at least know about any request of this type, Williamson says.”You’d be aware of it.”

The political party selected start-up CipherCloud with its Unified Cloud Encryption Gateway to keep voter data stored at Saleforce.com private.

Varun Badhwar, CipherCloud’s vice president of business development, says the firm provides cloud-based encryption services based on its open API for cloud providers, with the first being connectors specifically for Saleforce.com, Amazon and Box.net. Other CipherCloud security services include anti-malware and data tokenization.

“We’re cloud-application agnostic,” he adds, saying the start-up is looking at doing something similar for Oracle and Microsoft’s Hotmail as well. The idea is that only the CipherCloud customer has full control over any generated encryption key used to keep data private.

CipherCloud basically works as a “reverse-proxy” and back-end application with symmetric-key encryption schemes that can be applied on a granular basis field by field to data elements. The firm also has the intent to come up with a data-loss prevention service in the future.

CipherCloud, which has about 40 employees, was founded last year by CEO Pravin Kothari with funding from a variety of sources, including Index ventures and T-Ventures, according to the company.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.