Privacy in the clouds

March 8, 2009 at 2:00 am 1 comment

Naturally, given my concern over privacy issues, I’m looking at cloud computing very closely. “Cloud computing” refers to your computer’s applications being run in a “cloud” ie on someone else’s server on the internet. So you don’t need to run apps on your computer or store data – it can all be stored on remote servers. So Google Docs is an example. You don’t have to upload wordprocessing software because Google Docs provides this for you.  Flickr is another example.  It’s a smart idea because you get on-demand access to supercomputer-level power for transmitting, storing and sharing data.

Now, you know what I’m going to say: when you hand over control of your information and personal data to someone else, cloud or otherwise, you are at risk. What you would potentially be storing on servers in the “cloud” is personal information such as emails, tax returns, customer records, health records, appointment calendars and so on.

The cloud provider needs to protect your data from hackers, internal breaches, marketing firms,  let alone the Government who could come snooping along with a subpoena. And then I’d be asking: who really owns the data – you or the host of your data? Probably too, hapless users of cloud computing services would get hit with Google ads or other ad-targeting.

A Pew survey found that 69% of Americans use cloud computing – Google Docs, Adobe Photoshop, Flickr etc and 68% said they’d be pretty concerned if their personal data were analysed for targetted advertising purposes.

So the World Privacy Forum has just released a report that examines privacy and confidentiality issues within the cloud computing environment. The law often lags behind technology advances, which the report makes clear:

Legal uncertainties make it difficult to assess the status of information in the cloud as well as the privacy and confidentiality protections available to users. The law badly trails technology, and the application of old law to new technology can be unpredictable. For example, current laws that protect electronic communications may or may not apply to cloud computing communications or they may apply differently to different aspects of cloud computing.”

If this isn’t scary enough, then consider what else the report says:

* When a person stores information with a third party (including a cloud computing provider), the information may have fewer or weaker privacy protections than when the information remains only in the possession of the person;

* Government agencies and private litigants may be able to obtain information from a third party more easily than from the original owner or creator of the content;

* Any information stored in the cloud eventually ends up on a physical machine owned by a particular company or person located in a specific country. That stored information may be subject to the laws of the country where the physical machine is located.

* Information in the cloud may have more than one legal location at the same time, with differing legal consequences. A cloud provider may, without notice to a user, move the user’s information from jurisdiction to jurisdiction, from provider to provider, or from machine to machine.

* A user’s privacy and confidentiality risks vary significantly with the terms of service and privacy policy established by the cloud provider.

* Those risks may be magnified when the cloud provider has reserved the right to change its terms and policies at will.

I’ll blog more on privacy implications when I’ve digested the report. Meanwhile, the World Privacy Forum is also offering Cloud Computing Tips for consumers, business and Government.

Advertisements

Entry filed under: Privacy, Useful resources. Tags: , , .

Google world There are still secrets

1 Comment Add your own

  • 1. Paula Smith  |  November 16, 2009 at 3:19 am

    Hi Kim,

    Interesting article from “The Register” in the UK

    There are 2 cases that have just been before the UK Court of Appeal. In both cases the Court of Appeal has effectively given police officers the right to retain all personal information as long as they see fit:

    Lord Justice Waller has stated, In respect of police judgement on retention of data for operational purposes, (s43): “If the police say rationally and reasonably that convictions, however old or minor, have a value in the work they do that should, in effect, be the end of the matter.”

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Search ThinkingShift

   Made in New Zealand
     Thinkingshift is?

ThinkingShift Tweets

Flickr Photos

 
This work is licensed under a Creative Commons Attribution 2.5 Australia License.

ThinkingShift Book Club


Kimmar - Find me on Bloggers.com

%d bloggers like this: