Cloud Computing: a growing threat to personal freedom and security?
The magic computer in the clouds …
No matter how they spin the story, the major technology companies who are touting “cloud computing” are simply repeating the history of data processing with new equipment, software and communications protocols. The so-called “cloud” concept is as old as “time sharing” when people used terminals to connect to extremely expensive mainframe computers and simply paid for their small slice of time. Since you paid for only the computer power you used, it was a very reasonable price to pay for accessing enough computer power to do the desired job at hand.
Enter the personal computer …
After time-sharing and the introduction of mini-computers, the micro-computer revolution was born. In a period of approximately 27 years, starting approximately in the 1980’s, almost everyone who wanted a personal computer was able to obtain one. Operating systems and applications software steadily improved to the point where they contained so many unused features than only incremental and/or cosmetic improvements could be made. The great fortunes which were made on the need for ever increasing hardware requirements and software upgrades was starting to significantly slow. Especially since personal computer users began to realize that they had their word processors, spreadsheets and databases and that there was little or nothing to gain from continually upgrading either the hardware or the software. They were comfortable with the technology and the software and saw little need to continually invest in new computers and the next whizbang version of the software which did diddly squat to improve their personal productivity.
So, to combat the falling prices of hardware, the increasing uselessness of the next version of your expensive productivity suit (word processor, spreadsheet, slide presentation, database) and the introduction of “open source” equivalents which could be accessed for little or no investment – the major players decided to simply monetize the delivery of software services. That is, return to timesharing, by offering “pay as you go” software services.
Is a major announcement on the way?
In addition to offering “on the web” access to the traditional application suite, rumors now continue to swirl around the possible introduction of a “virtual disk” which would allow a user to store all of their data on a remote computer for little or no cost. Virtually guaranteed (pun intended) to attract an audience who still believes that there is a free lunch and that mega-corporations and the government is willing to provide free services for its citizens without some form of compensation.
Do no evil … (yeah, right)
For those of you in data processing and those who are power users, you may recognize the unofficial mantra of Google: “Do no evil.” Google which has made its fortune (and the fortunes of its investors) on supplying superior search engine technology, is now attempting to use its megabuck capital investment in hardware, software and communications infrastructure to compete with Microsoft’s Windows-brand application software by turning to web-based application programs and the offer of free data storage on their systems. To be sure, Microsoft, having experienced a very slow start in Internet technology, is trying to mount a competitive offer to protect their brand from the Google onslaught. In the process, Google has morphed from a rather idealistic organization into an extremely large behemoth and a corporation that will do anything to keep their position in the pantheon of computing giants.
But let us consider the RAMifications (couldn’t resist the pun) of such developments.
Eventually, you will pay for the computer power you consume …
Someone will eventually pay the piper, and we are betting it will be the end user. No matter what a corporation may say or do, they are still required to produce quarterly profits to support their stock prices. Not to mention paying for all of their employees, hardware, software, power, cooling and everything else that is necessary to offer their services to the marketplace.
Your data is valuable, not only to you, but to a wide variety of commercial and governmental entities. So whether you pay directly or subject yourself to advertising in exchange for access to remote computers, you are paying a price.
The devil is in the details …
Let us consider for a minute, some of the details which will often be buried in the minutia of the EULA, the End User License Agreement.
We guarantee nothing …
Most user agreements covering software services are made on what is known as a “best efforts basis.” That is, we will try our best to provide the services you desire, but we cannot guarantee that your data will not be lost, that our service will always be available, that you will be able to retrieve your data in a timely fashion, that evil-doers will not be able to access your personal data using advanced technology, or that our trusted personnel will not sell your data to the tabloid press. And, if any of these things happen, we are not liable for the consequences of these actions – and if by some chance we are liable, your recovery is limited to the amount of money you have paid us for the month in which the problem occurred. And, by the way, you must enter into binding arbitration and never, never bring a class action lawsuit against us. Of course, it’s not this simple as these conditions are often buried in pages of dense print with references to additional documents which are subject to change at any point in time. Of course, should you choose not to accept these conditions, don’t use our service.
We may troll your data …
We may, to protect ourselves from various and unspecified threats, examine your data for whatever we decide to look for; be it commercial secrets, child pornography, bad mouthing our service and so on. However, we may also sell your data, in aggregated form without personal references or specific data items, to those who want to use this treasure trove of electronically accessible data for research – and possibly to improve our search algorithms to meet your personal needs. Not to mention, delivering more targeted advertising to your eyeballs.
We may sell you out …
Being gutless wonders, we cave at the mere mention of legal action. Should someone file a copyright infringement notice under the DMCA (Digital Millennium Copyright Act), we might disable all or a portion of your account with little or no notice.
Of course, we cooperate with the government and will provide all of your information to them in exchange for little more than a “free pass” also known as an administrative summons.
Again, you can’t sue us or seek redress as we have your signed user agreement that says we told you what could happen.
And before you reply that trusted employees with monitored access would never gaze upon your personal information, let me simply point to the disclosures of non-public personal information to the tabloids by medical personnel – who were subsequently fired after the damage was done.
The increasing danger of XML …
For those who do not immediately recognize the acronym, it stands for “eXtended Markup Language” and provides a set of data tags to identify the components of your data and make these data elements more accessible. The following example should give you an idea of how powerful this technique can be for searching and retrieving data.
<Name>John Q. Public</Name> <PersonalIdentificationDetails SocialSecurityNumber = “555-55-5555” DateOfBirth = “01/01/1980” DriversLicenseState = “WA” DriversLicenseNumber = “ZZ4049585” DriversLicenseExpiration = “01/01/2012” />
<MedicalCondition DiseaseCode = “9999” DiseaseName = “Horrible Disease” />
<ComputerAccessCode> 4543-AC37-EF56-8494 </Computer AccessCode>
As you can see, a computer search would be able to easily separate out critical information that would be of interest to insurance companies deciding whether or not to insure you or the government wanting to link your data to a particular computer, communications IP address, date and time.
And lest you doubt the power of XML data tagging, consider that the default mode of Microsoft’s latest Office Suite is tagged XML – note that the familiar extensions now are .docx, .xlsx, etc.
And even worse, courtesy of the Hollywood media moguls who want to keep their offerings under lock and key, all electronic output produced on your computer (including documents, graphics, and audio-visual files) is likely to contain embedded GUIDs (Globally Unique IDentifiers) which can be associated with your software purchase and computer use during the registration process.
Encryption?
The smartest thing when storing information on foreign servers that are under control of others is to use heavy encryption. However, I can point with absolute certainty to encrypted data which can be hacked with no more than a commercial program costing less than $100. Consider also that certain encryption algorithms used to protect computer data have already been compromised and there are those who believe that some of the most stringent encryption algorithms may have mathematical backdoors – ones that require the type of massive computing power of federal agencies.
And, one must consider that XML tagging in and of itself increases the vulnerability of protected works as the data tags are well-defined, universally available and comprise a surprisingly large portion of the data being encrypted. For those who routinely decrypt data, knowing something about the data being protected is always a leg up in the process.
It gets worse …
Very few people have heard of CALEA , the Communications Assistance for Law Enforcement Act. It is a United States wiretapping law passed in 1994 (Pub. L. No. 103-414, 108 Stat. 4279, codified at 47 USC 1001-1010). In its own words, the purpose of CALEA is:
- ”To amend title 18, United States Code, to make clear a telecommunications carrier's duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes.”
Considering that those companies who are offering Internet computing services are often considered to also be telecommunications carriers, the extension of CALEA to data services is a given.
Your choice …
Whether or not you choose to use Internet-based software or store your information on remote computers not under your control is up to you.
What can YOU do?
Read the licensing agreement and make sure that you understand the limits of the offering company’s liability if something should go wrong.
Should you choose to use “cloud” computing, it is suggested that you consult legal counsel to determine if your data, which may contain NPI (Non-Public Personal Information) such as names, account numbers and financial details, is subject to the Gramm-Leach-Bliley Act, the FTC Safeguards Rule or your state’s privacy initiatives.
If the information is of a critical nature, determine a fail-safe method for backing up the data and preserving it in a format that can be used in an emergency. Remember: any major natural disaster is likely to disrupt or delay access to your data. One need only remember the big institutions who were left without their web sites when 4 out of 10 diesel generators failed to respond to a start command.
For those who want to access their computers over any available Internet connection, it is suggested that you investigate using a VPN (Virtual Private Network) or use one of the commercially available remote access services. Again, security precautions are required to protect you, your data and the innocent parties which may also be involved.
It is my personal position that you never want to mix personal and professional data on any single server and that your professional obligations may preclude using systems and software which you do not directly control.
In all cases, demand that your legislators pass a personal privacy law that unequivocally protects your financial and medical data – as well as mandates stiff criminal penalties and civil compensation for any and all security breaches.
If you are interested in the protection of your personal privacy, you might want to consider joining the Electronic Frontier Foundation (www.EFF.com) which is a solid bulwark against those who would electronically compromise our freedoms.
At one point in time, I was a great believer in the efforts of our government to act ethically and to pursue and prosecute those who would interfere with our Constitutionally-guaranteed rights. Unfortunately, we are now experiencing a hyper-politicalization of government agencies. When media concerns mean more than justice. Where document classification is used to hide mistakes and surveillance techniques used against political enemies. And worst of all, friends are rewarded and enemies punished.
Unless we start electing honest politicians, the America we know will simply disappear into the cesspool of third-world nations.
-- steve
A reminder from OneCitizenSpeaking.com: a large improvement can result from a small change…
The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane. -- Marcus Aurelius
Reference Links:
WIRETAP IMMUNITY: BEYOND CALEA? |One Citizen Speaking
LOSING OUR PRIVACY ONE DEVICE AT A TIME (PART II) |One Citizen Speaking
Danger: The SINGLE most important key to protecting your health records! | One Citizen Speaking
“Nullius in verba”-- take nobody's word for it!
"Acta non verba" -- actions not words
“Beware of false knowledge; it is more dangerous than ignorance.”-- George Bernard Shaw
“Progressive, liberal, Socialist, Marxist, Democratic Socialist -- they are all COMMUNISTS.”
“The key to fighting the craziness of the progressives is to hold them responsible for their actions, not their intentions.” – OCS "The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius “A people that elect corrupt politicians, imposters, thieves, and traitors are not victims... but accomplices” -- George Orwell “Fere libenter homines id quod volunt credunt." (The people gladly believe what they wish to.) ~Julius Caesar “Describing the problem is quite different from knowing the solution. Except in politics." ~ OCS