There are many online services now that offer great feature sets. Even the most paranoid grey-hat security guru is probably using at least one or more cloud services (okay, maybe not Richard Stallman, who eschews even web browsers because he can’t trust them, but that’s a pretty extreme case). There are over a billion people on Facebook, practically everybody with Internet access uses Google as their search engine, and a lot of people are using services like DropBox, Flickr, Instagram, etc. You get the idea.
Many of these companies offer “free” services, and you would be a wise consumer to ask “how are they paying for that?” The answer varies from company to company. Google still makes their money largely on ad revenue. They provided a service that attracts eyeballs, and then stuck ads where those eyeballs were looking. Facebook – same idea. Some services, like Wikipedia, are funded by donations. Some, like Coursera, make money by offering premium services such as certification. Non-profit organizations aside, it’s important to remember that cloud services are offered by businesses, and businesses need to make money. If they are giving you something for free, they must be extracting value from the relationship somehow.
It turns out that for many companies, that value is your information. There has been a lot of talk since the Internet gained popularity about privacy. And we are all big hypocrites on this topic. One moment we are complaining that our primary care doctor can’t just share our medical files with the specialist we need to see, and in the next moment we are decrying the move to provide coordinated care by consolidating medical records. We love the convenience of being able to share information with our friends on Facebook, and then are overcome with worry that Facebook will do something bad with that information. More than likely the thing Facebook will want to do with that information is pretty lame: they will use it to try to target advertisements at you. Google has admitted to mining student information to target ads, even in Google Apps for Education. Target (their name is ironic in this case) used data mining to send targeted coupons to consumers, which, if you think about it, is actually kind of cool. But people don’t like the idea that their behavior can be analyzed and distilled into a statistical algorithm that predicts how likely they are to be interested in buying something.
But there is another kind of privacy concern that maybe has more merit: our own government is getting on the data mining bandwagon (to be fair, data mining has been going on forever; it has just become faster and more efficient with advances in technology). And there is something vaguely and maybe not so vaguely menacing about the government having access to our information about our likes, behaviors, and personal communications. There are plenty of depressing examples of government using national security as an excuse to investigate “domestic threats”.
Okay, finally to my point: cloud service providers will turn over your personal information to the US federal government. All of them. I feel like we have all known this for a long time, but I keep getting hair-on-fire reminders from people both within IT and outside of it. Not long ago, several Telcos and ISPs allowed the federal government to do warantless wiretapping. DropBox admits they can decrypt your files and turn them over to the feds if required to do so, although they say their lawyers review the request and they will advocate for their customers’ rights (I want to believe them). If there is a company out there that refuses to turn over user data, chances are they will be in hot water. That’s not to say I think this is okay. But unfortunately the US Constitution and Bill of Rights don’t include an explicit right to information privacy, unlike some countries who wrote theirs more recently than 200+ years ago.
So what can we do? The answer is: be a little paranoid. Don’t put anything on Facebook that you wouldn’t happily post on the cork board at the public library, or more accurately, on every cork board in every public library in the whole world. If you need to put sensitive data on a cloud file service, encrypt it first (you can use 7-Zip to zip up files and password protect the zip. Office files can be password-protected from within the application). A really paranoid person who has gone to too many security conferences will tell you that encryption can be broken, passwords can be hacked, and so on. But taking a few simple steps is like locking your car doors: you make yourself a harder target, and maybe the bad guys will move on to easier pickings. It’s not a waste of time to be cautious with your data.
I’m sure lots of people have written best practices for protecting your data online. Google that, or ask Richard Stallman to use his script to fetch the webpage with wget and email it to you (for maximum paranoia) and take a little time to protect yourself. Then write to your congressman and advocate for better privacy protections.
- In 2013, Google processed an average of about 6 billion searches per day and had revenue of $16.86 billion.
- As of January 2014, Facebook has over 1.3 billion active users and in 2013 the company’s revenue was over $6 billion.
- As of December 2013, 67.3% of searches are via Google Search and 18.2% were via Microsoft’s Bing.
- In 1999, Richard Stallman advocated for the creation of an online encyclopedia that allowed the public to contribute content called GNUpedia. It was later retired in favor of a similar project: Wikipedia.
- According to Wikipedia, during the federal warrantless wiretapping: “the NSA was provided total, unsupervised access to all fiber-optic communications going between some of the nation’s largest telecommunication companies’ major interconnected locations, including phone conversations, email, web browsing, and corporate private network traffic.”
- Human Behavioral Ecology is a theoretical approach to modeling and predicting human behavior based on social and environmental factors. Check out this review of HBE.
See mistakes or disagree with something I said? If so, let me know in the comments. Thanks!