Law in the Internet Society

Locked in the Cloud

-- By JohnStewart - 22 Oct 2012

Rise of the Cloud

Cloud-based internet services such as Gmail, Dropbox and iCloud have been steadily on the rise in recent years. As consumers are increasingly willing to hand over sensitive private data to be stored by a 3rd party serious questions regarding user privacy are raised. Cloud services have been touted as a convenient way to store and access a user’s information across devices without the need to actively back up data. For the sake of convenience consumers have voluntarily surrendered their own privacy – a closer look at whether the trade-off is worth it is necessary.

Why are these three commercial products, which are from a technical and privacy point of view completely different, being conflated? Why is network remote storage called "the cloud"? Wouldn't it be more sensible to use specific terms that indicate technological arrangements rather than nonspecific labels that don't disclose any functional information?

When we are storing our data in other places, what data it is and how we are storing it will be important to an understanding of the risks and consequences. If you don't show sensitivity to the facts that matter, you show yourself at a disadvantage.

The “Cloud” Isn’t New

Cloud services are often touted as new and cutting edge services. Larry Ellison has long criticized the concept of the cloud arguing that the hype is simply much ado about nothing – that is cloud computing isn’t actually new. Businesses and consumers have long relied upon computing services that utilize centralized computing resources, such as a server, and access the data stored on it or that utilize the computing power remotely. The fundamental difference is that now companies like Google, Apple and Amazon, in an effort to promote their products, have championed many new web-based products as “cloud” services.

There has been a shift in recent years towards increased concentration of user data in the hands of a few corporations. Users have migrated towards these services giving companies more and more data they are looking to turn into revenue. Amidst marketing hype and buzz around “cloud” services, often offered for free, consumers should take a step back and examine the real value proposition.

Examining the Value Proposition

Free isn’t Free

The services and products consumers have embraced over recent years such as Gmail, Google Maps and iPhone are also those that pose the greatest threat to user privacy. Gmail is “paid” for by serving highly targeted ads to users after scanning their e-mail. Google Maps poses its own set of privacy issues, especially when accessed via a mobile device. The app is constantly tracking a phone, and thus the user. The tracking allows services like the traffic layer in Google Maps to function (by tracking the relative speeds of phones in the cars on the road) but it also hands over more intimate data – your every location – to a single company than a user likely has to anyone in their lives. Coupled with the fact that Google has been caught in the past collecting vast amounts of data over unencrypted wifi networks, and suddenly the benevolent services like free Gmail and Google Maps do not seem like such a good bargain.

In the realm of mobile operating systems a fault line has developed between the more open Android OS and the closed ecosystem of iOS by Apple. As an open source product Android does offer more flexibility than iOS, however that does not change the privacy issues that Google has shown we should be worried about. The closed nature of iOS is illustrative of another problem of movement to the cloud.

Only once "the cloud" has become so general a term that it has fuzzed up even issues of free and unfree software. Android is partially free software; it would also help (if this is really part of your story at all, which is uncertain, because the analytic connection is unclear) to explain how mobile software lockdown actually works.

Loss of Control

When consumers utilize cloud services they are opening themselves up to serious privacy threats and they are also at the mercy of the companies when it comes to control. For example when Amazon discovered “Animal Farm” was offered through their online store by a company that did not have the rights to the book, Amazon removed the book from consumer’s devices remotely. This is indicative of the larger problem that users face when they are locked into a company’s eco-system or otherwise choose to rely on a 3rd party to store their data or content.

Hollywood and other media distributors have pushed the concept of a digital locker in the past. Again, while the product or service may seem to offer increased convenience to the consumer in increased ease of access across devices or locations, the ultimate aim of the companies is to regain control of their content by setting limits on the number devices that can be authorized to playback the content, or set limits on the length of time a user can retain the content. The degree of this control has ebbed in certain respects. iTunes dropped digital rights management from songs offered via it’s platform in 2009, but this represents a small victory.

Apple exercises tight control over app approval as well hardware. The result is that an Apple consumer is often at the whim of Apple’s decisions over what is and is not an acceptable or desirable app. However this misses the forest for the trees. A significant segment of the country uses internet products that can be described as the “cloud” – namely an iPhone or a Google product such as Gmail. These products represent a significant threat to user privacy and remove control from the hands of the user in a far more fundamental way than an inability to install non-appstore apps.

These aren't "cloud" issues at all, again: they're issues about lockdown of client hardware and software. By being technically vague, you impede any actual discussion of remedies, technical or regulatory.

Flight from the Cloud

Pushing for a new normal in consumer internet services does not have to be painful. Convenience is likely a major impediment to transitioning users away from products that represent a threat to their privacy – however if users were truly informed about the hidden sacrifices of user privacy and control a transition might be more likely.

There are glimmers of hope that users do care. In the past when Google has changed its privacy policies to allow it to combine and share data from across its products people voiced their opposition. While Google did ultimately proceed with the change the more the public becomes aware of the implications of using these services the less enthusiastic we will hopefully be to embrace the cloud or the next hyped product.

A transition will not happen overnight. Indeed the move to the cloud is a step in the wrong direction. However by making users more aware of the privacy and control that has already been ceded we hopefully are better prepared to take them back in the future.

You seem to think that we should reject "the cloud." But you don't discuss the technology enough to show either why or whether we can. You might have made things much simpler by talking about remote network storage, when to use it and when to be reluctant or unwilling. You might have explained that using a file storage intermediary for encrypted data is not like receiving all your (unencrypted) email chez some data miner. You might have explained the difference between network remote storage and utility computing. You might have described how "the cloud" could allow you to store all your personal data under your bed, while still making it available, under your control, to precisely whom you want to have it, when and how, in real time, all over the world. The opportunity to make sense of the technical changes going on is still open: the route to the best possible revision is to learn enough about the technology to give someone else shrewd and effective advice about how to attain the privacy you and she both want.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r2 - 06 Jan 2013 - 21:00:24 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM