One of Canada's largest political parties is using cloud services from Salesforce.com to store information about voters and interact with them. However, worries that US government snoops could peek at sensitive information prompted the New Democratic Party to use a strong encryption approach.

Under the US Patriot Act, the government can compel Salesforce.com to "hand over all data to them, and not tell us about it," says James Williamson, information technology coordinator for the NDP. The party is now the main opposition party to the ruling Conservatives in Canada and holds about 123 million records related to individuals.

Concerns about privacy prompted the NDP, which earlier this year began using cloud-based Salesforce.com as its platform for voter tracking, email and call centre contacts, to look for a strong encryption approach that it alone would control.

Salesforce is now a main warehouse for the party's donation and voter data, helping facilitate the flow of email marketing and data use by call agents. Salesforce.com itself does offer an encryption service under which both Salesforce and the customer hold the encryption keys, Williamson says. But he decided he wanted an approach in which only the NDP itself would control the encryption keys to unlock scrambled data.

If the US government ever felt compelled to ask Saleforce.com for any data, the New Democratic Party would at least know about any request of this type, Williamson says."You'd be aware of it."

The political party selected startup CipherCloud with its Unified Cloud Encryption Gateway to keep voter data stored at Saleforce.com private.

Varun Badhwar, CipherCloud's vice president of business development, says the firm provides cloud-based encryption services based on its open API for cloud providers, with the first being connectors specifically for Saleforce.com, Amazon and Box.net. Other CipherCloud security services include anti-malware and data tokenisation.

"We're cloud-application agnostic," he adds, saying the startup is looking at doing something similar for Oracle, Microsoft and Gmail as well. The idea is that only the CipherCloud customer has full control over any generated encryption key used to keep data private.

CipherCloud basically works as a "reverse proxy" and back end application with symmetric key encryption schemes that can be applied on a granular basis field by field to data elements. The firm also has the intent to come up with a data loss prevention service in the future.

CipherCloud, which has about 40 employees, was founded last year by CEO Pravin Kothari with funding from a variety of sources, including Index ventures and T-Ventures, according to the company.