Do you really know the Cloud? What are your rights to privacy when it comes to the Internet? Our new white paper reveals five hidden facts about cloud computing. Some may surprise you. Some may scare you. You need to know all of them.
2. What is the Cloud?
With all the recent headlines and revelations about privacy and security of the cloud, users are
becoming more and more concerned about what’s happening to their files and who really has access to
them. We wanted to share some important facts about the cloud that you may not be aware of.
But first, let’s define “The Cloud”. In the simplest terms, cloud computing means storing and accessing
data and programs over the Internet instead of your computer’s hard drive. This would obviously
include cloud storage providers, but what some people don’t realize is that the Cloud also includes email
service providers, photo and video sharing sites, and social media sites.
With that in mind, here are five things you need to know about the Cloud:
1. Multiple copies are created in the Cloud
Have you ever thought about the number of copies created for everything you put
in the Cloud? Let’s start with something as simple as sending an email attachment.
Most people tend to think they attach a file to an email, send it to someone and
that person opens it. However, there’s much more to it. First, that file is in a folder
on your computer. When you attach it to an email, a copy is made in your email
program. Another copy is stored online by your email service. They also make a
backup copy. Then it goes to the inbox of the recipient and one or two copies are
stored online before it is opened in the recipient’s email program, which makes
another copy. If the recipient decides to keep it, he will save it somewhere on his
computer. That’s seven or eight copies right there. If he sends it to other people,
the whole process gets repeated. The bottom line is there’s no way for you to
control the number of copies created, or how and where they are circulated.
2. Storing files on the Cloud may not be as private as you think
Every email
attachment
you send
creates 7 or
more copies
of your file…
“With the Cloud, you don’t own
anything. You already signed it
away through the legalistic
terms of service with a cloud
provider that computer users
must agree to.”
Steve Wozniak, Co-founder,
Apple
Another often overlooked fact about the Cloud lies in the privacy
policies of the cloud providers. Some services are more liberal than
others about using and sharing your information. The privacy policies
were not created to protect the users; these policies were created to
protect the cloud providers.
Many of the policies and terms-of-use conditions grant the cloud
providers a broad license as to their usage and control over your
media. Some even state that you are giving them exclusive rights to
your files when you put your files on their systems.
Here is a quote from the Terms of Service of a popular social media
site:
3. You hereby grant us and our contractors the right to use, modify, adapt,
reproduce, distribute, display and disclose content posted on this service solely
to the extent necessary to provide the service or as otherwise permitted by these
terms.
If you haven’t read the privacy policies and Terms of Service of your cloud storage provider or favorite
social media sites, you may be giving away copies of your files without knowing it.
3. Files don’t always get deleted
The next point we’d like to share involves file deletion. Computer networking relies heavily on
redundancy and backup capabilities to ensure the networks remain trouble free and provide quick
access and navigation to files and stored media. Consequently it should come as no surprise that when
we try to delete a file that’s hosted on a web server, other copies almost certainly exist and will continue
to do so.
Your original file (center) may be deleted,
but copies still remain on backup servers.
Many providers even state in their terms and conditions that copies of your media will remain on their
servers and in their backup facilities after you’ve deleted your originals. Here are excerpts from the
published terms of some providers:
It typically takes about one month to delete an account, but some information
may remain in backup copies and logs.
Please note that there might be a latency in deleting information from our
servers, and backed-up versions might exist after deletion.
So remember, just because you don’t see it anymore doesn’t mean it’s gone.
4. 4. Where in the world are your files?
The fourth thing you should know concerns the physical location of the files stored in the Cloud. All we
know is that our media is on a provider’s server, but we don’t know where the servers are. The fact of
the matter is that most services have multiple networks interconnected in various states and countries.
It’s literally impossible to tell exactly where your files are stored.
Realizing that your media could potentially be stored anywhere, the next logical conclusion is that it will
be subjected to and governed by differing rules and regulations, depending on the geographic location
of the server hosting it. Rarely do consumers know where their files are stored, when they are moved to
a different location, or how that may affect the security of their files.
Did you know that most cloud storage providers don’t actually have their own servers? You may agree
to the privacy policy of your provider, but do you know what policies are in place for the company that
owns the servers where your data is actually stored? It might be unclear if their policy is the same as
your storage provider’s, who can see your files and what your rights are in the end.
The World Privacy Forum sums it up like this:
Indeed, it may be impossible for a casual user to know in advance or with
certainty which jurisdiction’s law actually applies to information entrusted to a
cloud provider. These uncertainties complicate the ability of a user to determine
the protections that apply to data entrusted to a cloud provider.1
5. Who has access to your files might surprise you
Finally, one of the largest concerns is, “Who has access to the files we
store online?” Not knowing where your media is – coupled with the
varying laws, rules and regulations governing it – creates a number of very
serious questions.
Given some of the policy statements and terms of use we’ve discussed,
how can you be certain that your files are secure and not being accessed
by someone you don’t know and have not given permission to get into
them?
Privacy advocates have long been speaking out in regards to our rights to
privacy for media and files we store on the internet. The general
consensus among legal officials is that our rights to privacy don’t typically
apply to media stored outside of our home.
“The Fourth Amendment does
not protect communications
held in electronic storage such
as email messages stored on a
server, because internet users
do not have a reasonable
expectation of privacy in such
communications.”
World Privacy Forum
1
World Privacy Forum, Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing, 2009