Law in the Internet Society

Privacy Implications of the Cloud and Possible Alternatives

-- By KirillLebedev - 22 Oct 2012

Introduction

With the dramatic decrease in switching costs over the last years, a new form of storage has emerged as a prominent force in consumer computing. Rather than having to store data locally or on removable media, individuals can store their data in the cloud, through services like Dropbox, Google Drive, and countless others. Such an arrangement provides the obvious convenience of having access to your files on your mobile device or any computer with an internet connection, but comes with the caveat that you grant third parties access and control over documents that could contain private or sensitive information.

But it needn't. Storage is even cheaper than switching, so all people need is some network-attached storage of their own. That would be equally convenient, safer, legally protected, cheaper, and more secure.

Issues with Security

Setting aside privacy implications for the moment, I will first examine the security issues surrounding cloud storage. Both services work by storing files on a central server, and granting users access after they authenticate their identity using a combination of user name and password. Such a scheme is inherently insecure, given how vulnerable the majority of passwords are to a brute-force or social-engineering attack.

Assuming no countermeasures by the service operator. Is that credible?

This problem is complicated by users propensity to utilize the same login/password combination repeatedly, meaning that their entire online identity can be compromised if one of the services they use is insecure.

Assuming no countermeasures by the service operator and no better alternatives than user-selected weak passwords. Is that credible?

In the past, lax data security measures by users were often ameliorated by the requirement that an attacker gain physical access to their files (if you store them on removable media or a removable hard drive), but such "security" is obviously unavailable for items stored in the cloud.

Are you confident in this argument. In the real world, aren't files stored on unprotected Windows computers are far easier to steal than files stored on a credible cloud-storage provider's service?

The security issues with cloud storage are deeper than the inherent problems involving passwords. Even if we assume a knowledgeable user who creates a password that is unique to this service, cannot be brute-forced in real-life conditions, and cannot be obtained via social engineering, his data is still at the mercy of the service provider. Dropbox and Google Drive have had several security issues involving unauthorized parties having access to user files. The one thing in common between these security breaches is that in every case, the user was entirely absent of fault (other than choosing to ignore the risks of cloud storage). Even though the service providers have corrected the issues which led to the breaches, it seems obvious that future exploits are forthcoming. As services like Dropbox become even more prominent, they will present an increasingly enticing target for crackers.

Is the service being attacked, or is some data being stolen? Don't you think you'd want to take a more serious analytical approach to the "information" you just conveyed? If some particular property belonging to a person is stolen from a warehouse, even if the particular target was not at fault, what is the effect on the desirability of using warehouses?

Issues with Privacy

I will now analyze the privacy implications of cloud storage services. As with services like Gmail (also a cloud storage service, even though not generally thought of as such), individuals often utilize them without understanding the privacy implications. The sinister aspects of the service are hidden deep in the Terms of Service, and they become even more troubling given their extremely broad possible interpretations and the misleading commentary provided by the companies about them. The Terms of Service of Google Services grants Google (and "those [they] work with") incredibly broad powers over the data given to them. In exchange for providing the service of Google Drive, Google gets a "worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content." Furthermore, "[t]his license continues even if you stop using our Services." Before the user gets too worried, Google reassures them that this right is limited to "operating, promoting, and improving our Services, and to develop[ing] new ones." Given that Google's primary "service" consists of data-mining and generating advertising revenue, it seems unclear what specifically this limitation would foreclose Google from doing. Rather than limiting itself to reading people's e-mail, Google has now created a mechanism for people to willingly upload gigabytes of private documents to itself.

Have you actually analyzed the meaning of these general terms of service for all services in light of the particular properties of the service involved, which is not like YouTube? in several important respects?

A further privacy concern is who Google will share data with. The Privacy Policy states that among other things, Google will share data with third-parties for "external processing". Even though Google claims that such processing will always be in accordance with their privacy policy, this constitutes a dissemination of user data to third parties over which Google has no operational control.

Is this absence of control stated in the language of the terms? Or are you inferring it from something? If so, what something?

Furthermore, Google is known to collaborate with U.S. intelligence agencies. The privacy policy does not require a valid warrant or subpoena, but merely a good-faith belief that it will "protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law." Such a barrier to disclosure is incredibly low, and does not constitute any sort of substantive protection.

Dropbox has a similar policy of "good faith belief that disclosure is reasonably necessary." As with Google, this does not seem to confer the user with any reasonable privacy, but Dropbox's situation may be even worse for privacy advocates. In the past, Dropbox has repeatedly stated that "All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password." This statement is misleading for two reasons. Firstly, it creates an impression that files are encrypted without Dropbox having the key. Secondly, it is materially false given how Dropbox operates. In order to save space, Dropbox does not upload duplicate files, instead assigning the same file as belonging to multiple users. Such an arrangement likely increases the possibility of server-side security breaches (when the ownership system breaks), and opens up the following privacy exploit.

Alternatives

There seem to be two simple things that a user can do to minimize the risks of using cloud computing. The first is to encrypt their data before uploading it. This alleviates much of the privacy concerns, and also makes the data worthless to an attacker if the account is compromised. If encrypting and decrypting data each time it is needed seems like too much of a hassle, one can create a personal Dropbox analogue using free software. There are obviously similar security concerns with this approach, but it has the benefits of the server's security being in your hands, and of security through obscurity.

You haven't shown there is ever any advantage to security through obscurity, so I don't know what that's got to do with anything. Your "analysis" of the alternatives is grossly incomplete, because it says nothing about differences in legal protection, for example.

The essay seems to me to be misshapen. You spend too much time showing not quite convincingly that there are problems, and no real time showing how to solve them.

Navigation

Webs Webs

r3 - 23 Aug 2014 - 19:31:21 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM