Putting out in the cloud
There is an old poker adage that runs along the line ‘once you place your bet into the pot, it’s no longer your money’. It is wise to take the same attitude to data you place ‘in the cloud’ (a horrible marketing term that translates, more-or-less, into the more mundane ‘any data you place on-line’).
Whenever you post to a blog, Facebook, MySpace, or any other forum your data is no longer yours. When you store your backup on .MAC, or any other backup service, when you use DropBox or any of he myriad storage facilities, your data is no longer yours.
At this point I hear cries of, ‘but they say it’s secured’ or ‘but only I have the password’ or ‘I only allow friends to see my profile’. Ah, but here’s the rub. None of these services is truly secure. Not only that, a glance at the license agreements we so blithely click though reveals that we absolve the companies who provide these services of any substantial responsibility to secure out data. Sure, they have a basic duty of care but this is nothing but a fig leaf. Besides, once your data is compromised it’s too late for any restitution.
One interesting issue of placing information in these services is a knotty legal nicety. Suppose you are a married man storing all of you information on Google’s services. All you financial dealing, a spreadsheet recording your income/out-goings for example. Now suppose you were to be divorced. If the information were held on a local PC (rather than on Google) then your spouse would have great difficulty getting access to the information. With it all on Google they can subpoena the information direct from Google, you would not even necessarily know they had that information. And this principle applies to more than messy divorce cases.
Hopefully these services will start to offer proper encryption services. Unfortunately at the moment there are technical issues that make proper encryption tricky if the services are to maintain their ubiquity. No doubt, if demand for proper encryption (that is encryption that makes information practically unavailable to anyone other than the owner) these issues will the resolved.
I am not saying we should not use these facilities. I do. A lot. I am simply saying that people should assume that as soon as they put data onto these facilities it will become public knowledge. This is simply the precautionary principle. It is true that for most of people putting data on-line will never be a problem, but by applying the precautionary principle you ensure that it is never a problem.
No trackbacks yet.