|
> > |
META TOPICPARENT | name="FirstPaper" |
Privacy Implications of the Cloud and Possible Alternatives
-- By KirillLebedev - 22 Oct 2012
Introduction
With the dramatic decrease in switching costs over the last years, a new form of storage has emerged as a prominent force in consumer computing. Rather than having to store data locally or on removable media, individuals can store their data in the cloud, through services like Dropbox, Google Drive, and countless others. Such an arrangement provides the obvious convenience of having access to your files on your mobile device or any computer with an internet connection, but comes with the caveat that you grant third parties access and control over documents that could contain private or sensitive information.
Issues with Security
Setting aside privacy implications for the moment, I will first examine the security issues surrounding cloud storage. Both services work by storing files on a central server, and granting users access after they authenticate their identity using a combination of user name and password. Such a scheme is inherently insecure, given how vulnerable the majority of passwords are to a brute-force or social-engineering attack. This problem is complicated by users propensity to utilize the same login/password combination repeatedly, meaning that their entire online identity can be compromised if one of the services they use is insecure. In the past, lax data security measures by users were often ameliorated by the requirement that an attacker gain physical access to their files (if you store them on removable media or a removable hard drive), but such "security" is obviously unavailable for items stored in the cloud.
The security issues with cloud storage are deeper than the inherent problems involving passwords. Even if we assume a knowledgeable user who creates a password that is unique to this service, cannot be brute-forced in real-life conditions, and cannot be obtained via social engineering, his data is still at the mercy of the service provider. Dropbox and Google Drive have had several security issues involving unauthorized parties having access to user files. The one thing in common between these security breaches is that in every case, the user was entirely absent of fault (other than choosing to ignore the risks of cloud storage). Even though the service providers have corrected the issues which led to the breaches, it seems obvious that future exploits are forthcoming. As services like Dropbox become even more prominent, they will present an increasingly enticing target for crackers.
Issues with Privacy
I will now analyze the privacy implications of cloud storage services. As with services like Gmail (also a cloud storage service, even though not generally thought of as such), individuals often utilize them without understanding the privacy implications. The sinister aspects of the service are hidden deep in the Terms of Service, and they become even more troubling given their extremely broad possible interpretations and the misleading commentary provided by the companies about them. The Terms of Service of Google Services grants Google (and "those [they] work with") incredibly broad powers over the data given to them. In exchange for providing the service of Google Drive, Google gets a "worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content." Furthermore, "[t]his license continues even if you stop using our Services." Before the user gets too worried, Google reassures them that this right is limited to "operating, promoting, and improving our Services, and to develop[ing] new ones." Given that Google's primary "service" consists of data-mining and generating advertising revenue, it seems unclear what specifically this limitation would foreclose Google from doing. Rather than limiting itself to reading people's e-mail, Google has now created a mechanism for people to willingly upload gigabytes of private documents to itself.
A further privacy concern is who Google will share data with. The Privacy Policy states that among other things, Google will share data with third-parties for "external processing". Even though Google claims that such processing will always be in accordance with their privacy policy, this constitutes a dissemination of user data to third parties over which Google has no operational control. Furthermore, Google is known to collaborate with U.S. intelligence agencies. The privacy policy does not require a valid warrant or subpoena, but merely a good-faith belief that it will "protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law." Such a barrier to disclosure is incredibly low, and does not constitute any sort of substantive protection.
Dropbox has a similar policy of "good faith belief that disclosure is reasonably necessary." As with Google, this does not seem to confer the user with any reasonable privacy, but Dropbox's situation may be even worse for privacy advocates. In the past, Dropbox has repeatedly stated that "All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password." This statement is misleading for two reasons. Firstly, it creates an impression that files are encrypted without Dropbox having the key. Secondly, it is materially false given how Dropbox operates. In order to save space, Dropbox does not upload duplicate files, instead assigning the same file as belonging to multiple users. Such an arrangement likely increases the possibility of server-side security breaches (when the ownership system breaks), and opens up the following privacy exploit.
Alternatives
There seem to be two simple things that a user can do to minimize the risks of using cloud computing. The first is to encrypt their data before uploading it. This alleviates much of the privacy concerns, and also makes the data worthless to an attacker if the account is compromised. If encrypting and decrypting data each time it is needed seems like too much of a hassle, one can create a personal Dropbox analogue using free software. There are obviously similar security concerns with this approach, but it has the benefits of the server's security being in your hands, and of security through obscurity.
|
|