Cloud Computing: Who Owns Your Files?
January 13, 2010
GigaOM -
Increasingly, individuals and businesses are entrusting data to to the cloud. As computing moves inexorably from the desktop to the web, more of our information — from emails and personal documents to financial information and even our current whereabouts — sits in the cloud. Gmail, Google Docs, Zoho, Facebook, Basecamp, Flickr, Twitter, Mozy — so much of our data is now kept online. Most people don't stop to think about where that data is stored or how it might be accessed or used. So, who owns your data and who has access to it? How much privacy can you expect?
July 19, 2010
E&T - Attracting users to social networking sites and cloud computing sites is all about building trust. However, if recent news is anything to go by,
consumers would be right to consider that the trust they have put into the Internet companies that run these services has been betrayed.In recent months, it seems that not a day has gone by without another revelation that the
private and personal data, the currency of these websites, has been compromised, misused or surreptitiously collected without the owner of the data's permission.There has also been a concern that these companies have flouted strict data protection legislation that exists in many territories -- and the veil of secrecy surrounding this organisation's business practices are being challenged by politicians, law enforcement and the judiciary in many countries.
Google
Between 2006 and the beginning of 2010, search engine giant Google started a project to map and digitally photograph every road in every major city in more than 30 countries for its product Google Streetview. This car soon became a symbolic hate symbol among privacy and civil rights advocates, who claimed that Google were pushing the envelope on what type of information you could collect and publish on the Internet.
But images, it appears, is not all that the Streetview cars collected. It now turns out that Google collected over 600 Gigabytes of data from users of public and unprotected Wi-Fi access routers -- which included Web pages visited and emails. All this was collected without the prior knowledge or permission of the router owners
All this only came to light when German data privacy regulators investigated Google's Streetview project -- and Google had to admit to collecting the data -- although the company claimed that they were not aware of their own data collection activities until the request was received and that none of this data was used in Google's search engine or other services. Google has said it will not destroy the data until permitted by regulators.
After an audit requested by Germany, in May of this year Google acknowledged that for years it had been mistakenly collecting personal data sent by consumers over wireless networks.
From Australia to the UK to back home in the US, there are now a number of parallel investigations being carried out after customers and consumer advocacy groups voiced concerns over privacy to police authorities and data protection regulators.
In each case Google said it would cooperate with any investigation. But Google is not the only company under scrutiny.
Apple
Even consumer tech companies such as Apple cannot escape criticism from the eagle-eyed German regulators.
Apple must 'immediately make clear' what data it collects from users of its products and for what purposes, Germany's justice minister was quoted as saying by Der Spiegel magazine.
'Users of iPhones and other GPS devices must be aware of what kind of information is being collected,' Sabine Leutheusser-Schnarrenberger told the German weekly.
The minister's criticism was aimed at changes Apple has made in its privacy policy whereby the company can collect data on the geographic location of the users of its products -- albeit anonymously.Leutheusser-Schnarrenberger said she expected Apple to 'open its databases to German data protection authorities' and clarify what data it was collecting and how long it was saving the data.
Germany has some of the toughest data protection laws in the world due to its experience with state surveillance systems once put in place by the Nazis and the former East German Stasi secret police.The justice minister said it would be 'unthinkable' for Apple to create personality- or location-based user profiles.'Apple has the obligation to properly implement the transparency so often promised by (CEO) Steve Jobs,' she said.
TwitterMicroblogging service Twitter recently agreed to a settlement with the US Federal Trade Commission over charges
it put its customers privacy at risk by failing to safeguard their personal information.This agreement stems from a series of attacks last year on Twitter, the service that lets people send short messages to groups of followers.
Lapses in Twitter's security allowed hackers to send out fake tweets pretending to be from US President Barack Obama and Fox News.
Hackers also managed to take administrative control of Twitter and gain access to private tweets, or short messages of 140 characters or less.Between January and May 2009, hackers were "able to view non-public user information, gain access to direct messages and protected tweets, and reset any user's password" and send tweets from any user account, according to the original FTC complaint.
Twitter acknowledged 45 accounts were accessed by hackers in January last year and 10 in April 2009 'for short periods of time'.
Twitter claims the January attack resulted in 'unauthorised joke tweets' from nine accounts. But the company also admitted that the hackers may also have accessed data such as email addresses and phone numbers.
In April, when another incident occurred, Twitter claims to have cut off the hacker's administrative access within 18 minutes of the attack and quickly informed affected users.
'When a company promises consumers that their personal information is secure, it must live up to that promise,' David Vladeck, director of the FTC's Bureau of Consumer Protection, said in a statement following the ruling.
'And if a company allows consumers to designate their information as private, it must use reasonable security to support that designation,' he added.
Under the terms of the settlement, Twitter will be barred for 20 years from 'misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information'.
Twitter must also establish a comprehensive security program that 'will be assessed by a third party every year for ten years', according to the FTC.
Facebook
But most criticism surrounding data privacy is currently reserved for Facebook, which has faced the wrath of a consumer backlash when millions of users suddenly found their private details exposed and searchable on Google, Bing and Yahoo.
Facebook, whose privacy policies have come under attack both at home and abroad, now faces a stiff fine from Germany's Hamburg Commissioner for Data Protection and Freedom of Information for storing non-users' personal data without their permission. Founder Mark Zuckerberg appears to be relenting and is now beefing up security.
The issue came to the fore in recent months amid concern that Facebook's confusing privacy settings were making it possible for Internet stalkers, cyber criminals and even nosy neighbours to gain a wealth of information about its users without their knowledge or permission.
Facebook has now started to roll out changes that would give users more powerful tools to prevent personal information from being accessed by others.
For instance, Facebook will allow users to block all third parties from accessing their information without their explicit permission. It will also make less information available in its user directory and reduce the number of settings required to make all information private from nearly 50 to less than 15.
Even still, Facebook's default settings will continue to make it easy for users to obtain information about each other as its business walks a tightrope between protecting its user's privacy and promoting social networking. Users will have to opt out of default policies by which much of their data is publicly available.
The nonprofit Electronic Privacy Information Center, which has asked the US government to investigate Facebook's privacy policies, said that the new efforts do not go far enough.
'We think it's time for Congress to update the privacy laws. We can't be dependent on Facebook to decide on how much privacy people on the Internet will have. That's something that has to be established in law,' said EPIC executive director Marc Rotenberg.
Consumer powerWhat all these companies deal in is trust. Without trust, we would not allow them access to our private information. Therefore, it's important that they maintain our trust.
The tech companies that are least trusted at the moment are the social networking companies, according to a recent poll in the US.
Most Americans trust technology heavyweights such as Apple, Google and Microsoft more than social networking sites like Facebook and Twitter, according to the poll.
Nearly half of 2,100 adults questioned in a Zogby Interactive survey,
said they trusted the big three technology firms 'completely' or 'a lot', compared to 8 per cent for Twitter and 13 per cent for Facebook.Young adults aged 18 to 29 had slightly higher trust levels in Facebook with 20 per cent and Twitter with 15 per cent, compared to the levels of adults of all ages which were 7 per cent lower for both companies.
The back tracking by Internet companies on how they use our private data has demonstrated that they cannot take our trust for granted. If social networking becomes increasingly important to companies such as Google, Apple and Microsoft, they will have to be careful not to violate their users' trust in the future.
August 21, 2008
NPR - Do you have a Yahoo e-mail account? Maybe a Gmail account? Do you put up pictures on Flickr? Perhaps you've started keeping your schedule online. If so, then you are using cloud computing —
that's what tech companies call it when people work and store information on the Internet.Because it enables users to access their documents anywhere, cloud computing is very convenient.
But it's also creating a whole new set of worries.Abel Habtegeorgis, 23, learned recently how it can all go wrong. Habtegeorgis is pretty typical for someone his age; he stores the most important documents of his life — from family photos to conversations with his mother — online using Gmail and Flickr.
"It's easier in a lot of ways," says Habtegeorgis. "It's so amazing to have access to so many pictures and everything. Pretty much my life is up there."
Until it wasn't: One day, Habtegeorgis typed in his password and found that it didn't work."I type [the password] again and again and again, and I realize something is wrong with the company itself or the server or the e-mail account," he says.
Habtegeorgis couldn't get to his photos of his nephew. He tried to reach someone at Google, but couldn't.
Suddenly, he realized that he had no idea what kinds of rights he had over those e-mails, because he never did read that user agreement when he signed up."Nobody reads the user agreements," he says with a laugh. "You don't read that 90-page document."
(After NPR mentioned his problem to Google, Habtegeorgis finally got back into his account. The company says there was some sort of security issue.)
Business On The CloudHabtegeorgis isn't alone in his reliance on the cloud; Yahoo alone boasted 261 million active e-mail users in the month of June, and the company's photo sharing site, Flickr, reports that it hosts 2.5 billion photographs.
Increasingly, Internet companies are offering online services that appeal not just to individuals, but also to businesses. Samantha Sullivan is part of Scary Cow, a small film company in the San Francisco Bay Area. The company can't afford its own offices, so everyone works from home with help from Google's growing number of Internet applications, including online schedules for setting up meetings, shared spreadsheets for budgets, and Google documents for script collaboration.
The applications allow the employees to work together in real time.
But despite the fact that her company stores crucial documents — including scripts, video footage and working documents — online, Sullivan laughingly admits to never having read the user agreement.Harry Lewis, a computer science professor at Harvard,
says what's in those agreements may turn out to be no laughing matter. He warns that most online companies reserve the right to shut users down if they are accused of storing something illegal — whether or not the accusation is justified."If it's easier for them to just kill your account than it is to fight back against this complaint ... they might just find it easier to make you go away," Lewis says.
Lewis says that part of the problem is that there aren't any rules governing life on the cloud."We're all kind of used to the idea that if you don't pay your telephone bill, you know they're not going to shut off your phone while you're off on vacation. There are laws about how quickly they can shut off your telephone service," he says. "But [for] your cloud storage service, there's no rules."
The contents of the user agreement that most people don't read can be surprising.
For example, when you put up your Facebook page, you pretty much give the company the right to do whatever they want with it. According to the user agreement, Facebook can "use, copy, publicly display, publicly perform, reformat, excerpt and distribute it."The March Toward The CloudDespite potential problems, tech companies see consumers inevitably marching towards cloud computing. Several companies, including Hewlett Packard, are making cheap portable notebook computers with small hard drives that will rely on the cloud for storage.
Microsoft, Amazon and Apple now all provide online services.Sam Schillace, part of the team designing online applications at Google, waxes on enthusiastically about the convenience it provides."The data's always where you can find it," he says. "Your laptop crashes, the hard disc gets erased — your data's still fine."
Life on the cloud can be wonderful — except when it's not. Recently, 20,000 paying customers of a small cloud storage company called Linkup lost large amounts of information when the company shut down. But for most companies, Schillace says, cloud computing is too important to mess up.
"It's something we have to get right, or the model won't actually work," he says. "It's got to be your data that follows you around when you give your credentials to a Web site. You've got to be able to do what you want to do with your data on that Web site."
As we turn on our BlackBerrys, iPhones and laptops and expect the convenience of having our information anywhere we are, cloud computing seems unstoppable. Just be sure to read that user agreement before you click the "accept" button.An introduction to cloud computing