Computing in the Cloud? I’ll Keep my Data, Thank You

“Computing in the cloud” has been described as a paradigm shift where data processing and other computer activities are moved away from personal computers or an individual server to a “cloud” of computers on the Internet. Examples include Yahoo Mail replacing my old Eudora pop mail system; Google Docs & Spreadsheets replacing the need for me to edit document on my computer and e-mail them to others to make changes on their machine; using del.icio.us to manage my bookmarks online instead of on my computer’s web browser; or relying on companies like Google to store and backup my data on their servers.

There’s been a lot of hype around cloud computing recently: Businessweek had a cover story on it, and the NY Times has a big piece on how Google is headed for a showdown with Microsoft over a new way to deliver applications to computer users. And even Amazon is planning to help move customer’s databases into the ether (I thought they sold books?).

Sounds great — my data can be accessed from nearly any machine connected to the Internet. I don’t have to worry about incompatibilities between software loaded on my computer. I don’t need to keep my software up-do-date.

All I have to do is trust the companies who are storing my data.

Uhoh.

One of the key concerns with cloud computing is privacy and ownership of user data, as explained by the upcoming workshop hosted by Princeton’s Center for Information Technology Policy:

In cloud computing, a provider’s data center holds information that would more traditionally have been stored on the end user’s computer. How does this impact user privacy? To what extent do users “own” this data, and what obligations do the service providers have? What obligations should they have? Does moving the data to the provider’s data center improve security or endanger it?

These are crucial considerations for the viability of cloud computing. I look forward to discussing these issues with the folks at CITP, but luckily, the folks at the ACLU of Northern California have already provided an analysis of the thin legal protections afforded user data stored on third-party networks:

While storing documents online can provide benefits such as backup and remote access to data, it can also cause all sorts of problems you might not see coming.

You might be giving away a lot more privacy than you realize. When you store documents on your home computer, the government needs to obtain a warrant from a judge to come into your house to search your computer.

But, due to some pre-Internet Supreme Court cases such as Smith v. Maryland, if the government wants to access information held by a third party like Google, they just need to ask for it by sending a subpoena.

Google has fought government subpoenas in the past, even when other companies handed over user info with few questions asked. But once you store your information online, you leave your privacy in the hands of Google. The company’s own privacy policy says it will hand over your information when it has a good faith belief that doing so is necessary to “…satisfy any applicable law, regulation, legal process or enforceable governmental request…”

With more and more dragnet government surveillance, such as warrantless wiretapping, you might want to ask yourself what information you really want stored on the Internet for the government to potentially access.

In addition to privacy concerns, when you store your documents online you also might be giving away some rights to those files that you never imagined losing.

Earlier this year, there was a small uproar when sharp eyed users discovered that Google’s legal boilerplate for its Google Docs program granted the company a royalty free license to distribute its users’ files “for the purpose of displaying, distributing and promoting Google services.” Recently Google changed the text to ensure that users retain control of their documents, but the incident remains as a testament to what can happen when you put your data on the internet without reading the fine print.

I think I’ll stick with an external hard drive and USB stick for my data backup and mobility needs. And while I hate using Word’s tracked changes “feature” for collaborative editing, I’m not fully comfortable asking my colleagues to create Google Accounts and login in order to use their (nifty, I admit) web-based word processing platform. Hosting my own wiki pages for collaboration might be a solution, but that can be complicated.

It seems we need more work to ensure sufficient user trust and protection before we all start computing in the clouds…

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s