Expect this headline very soon: "Public cloud used to hack government systems." I'm sure aspects of this are happening right now, and I'm sure we will see more widespread use of public clouds as the platforms for hackery.
What should we do with the public clouds used as hacking venues? Do we seize the physical servers? Shut down the offending data center? All of the above? And if criminals use the same cloud infrastructure as enterprises, how do enterprises know that their data won't get seized along with the bad guys' data?
Ironically, technical issues may make seizures of public cloud servers unappealing to policing agencies. Executing law enforcement searches on public clouds presents two problems, according to the FBI: "First, little, if any, data pertaining to a computer user is found in a single geographic location. Second, and more important, even when the data is recovered, it may not be convertible to a format that's understandable by human readers."
In the United States, most search warrants for the seizure of digital evidence reference a particular location, usually an address. But in the cloud, the bad guys' data could be scattered all over the world. Grabbing up servers at 123 Main Street will do little good. Moreover, the servers are shared, so data belonging to law-abiding companies gets taken along with data that belongs to the accused.
We need much clearer laws on the collection of digital evidence -- not to protect the bad guys, but to protect the rest of us who use the same public cloud infrastructure.
The use of cloud-based services is still in its infancy. We have not yet uncovered clear cases of abuse, but I'm sure we will soon. If these laws are created proactively, we could avoid bad decisions made when a crisis does occur.