Computer Clouds, Promise and Perils

1213107_various_cloud_formationsJonathan Zittrain has a superb Op-Ed in The New York Times on the various risks attendant to cloud computing.  He writes:

The cloud, however, comes with real dangers.

Some are in plain view. If you entrust your data to others, they can let you down or outright betray you. For example, if your favorite music is rented or authorized from an online subscription service rather than freely in your custody as a compact disc or an MP3 file on your hard drive, you can lose your music if you fall behind on your payments — or if the vendor goes bankrupt or loses interest in the service. Last week Amazon apparently conveyed a publisher’s change-of-heart to owners of its Kindle e-book reader: some purchasers of Orwell’s “1984” found it removed from their devices, with nothing to show for their purchase other than a refund. (Orwell would be amused.)

Worse, data stored online has less privacy protection both in practice and under the law. A hacker recently guessed the password to the personal e-mail account of a Twitter employee, and was thus able to extract the employee’s Google password. That in turn compromised a trove of Twitter’s corporate documents stored too conveniently in the cloud. Before, the bad guys usually needed to get their hands on people’s computers to see their secrets; in today’s cloud all you need is a password.

Thanks in part to the Patriot Act, the federal government has been able to demand some details of your online activities from service providers — and not to tell you about it. There have been thousands of such requests lodged since the law was passed, and the F.B.I.’s own audits have shown that there can be plenty of overreach — perhaps wholly inadvertent — in requests like these.

The cloud can be even more dangerous abroad, as it makes it much easier for authoritarian regimes to spy on their citizens. The Chinese government has used the Chinese version of Skype instant messaging software to monitor text conversations and block undesirable words and phrases. It and other authoritarian regimes routinely monitor all Internet traffic — which, except for e-commerce and banking transactions, is rarely encrypted against prying eyes.

With a little effort and political will, we could solve these problems. Companies could be required under fair practices law to allow your data to be released back to you with just a click so that you can erase your digital footprints or simply take your business (and data) elsewhere. They could also be held to the promises they make about content sold through the cloud: If they sell you an e-book, they can’t take it back or make it less functional later. To increase security, companies that keep their data in the cloud could adopt safer Internet communications and password practices, including the use of biometrics like fingerprints to validate identity.

And some governments can be persuaded — or perhaps required by their independent judiciaries — to treat data entrusted to the cloud with the same level of privacy protection as data held personally. The Supreme Court declared in 1961 that a police search of a rented house for a whiskey still was a violation of the Fourth Amendment privacy rights of the tenant, even though the landlord had given permission for the search. Information stored in the cloud deserves similar safeguards.

But the most difficult challenge — both to grasp and to solve — of the cloud is its effect on our freedom to innovate. The crucial legacy of the personal computer is that anyone can write code for it and give or sell that code to you — and the vendors of the PC and its operating system have no more to say about it than your phone company does about which answering machine you decide to buy. Microsoft might want you to run Word and Internet Explorer, but those had better be good products or you’ll switch with a few mouse clicks to OpenOffice orFirefox.

You can read the rest of the Op-Ed here.

Stock Xchange Image

You may also like...

3 Responses

  1. Bob Gellman says:

    Two links on CC and privacy.

    A letter about LA’s plan to move all its documents into the cloud:
    http://www.worldprivacyforum.org/pdf/WPFLetterLA_July172009fs.pdf

    A report on CC and privacy:
    http://www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf

  2. Danielle Citron says:

    Thanks so much, Bob! I look forward to seeing you at another Privacy gig soon. So great to see that you are a reader. Danielle

  3. Holmes Wilson says:

    Hi there,

    Saw you’d written about the Amazon / 1984 flap, and I thought you might be
    interested in the petition we launched yesterday:

    http://defectivebydesign.org/amazon1984

    We have over 1400 signatures already, and signers include Lawrence Lessig,
    Clay Shirky, Cory Doctorow and other notable authors, librarians, and
    scholars.

    The petition opens:

    “We believe in a way of life based on the free exchange of ideas, in which
    books have and will continue to play a central role. Devices like Amazon’s
    are trying to determine how people will interact with books, but Amazon’s
    use of DRM to control and monitor users and their books constitutes a clear
    threat to the free exchange of ideas.”

    Please have a look, and if you support the cause or think it would be
    interesting to your readers, a blog post would be great!

    Thanks,

    -Holmes Wilson
    Free Software Foundation