Steve Wozniak, cofounder of Apple, recently expressed his concern over the movement of IT resources (particularly data storage) to the cloud. His sentiments have been met with agreement, skepticism and everything in between. If nothing else, however, his words should give pause to consider whether an all-out move to the cloud is in the best interest of individuals, companies and the IT industry as a whole.
AFP (“Apple co-founder Wozniak sees trouble in the cloud”) quotes Wozniak as follows regarding the cloud: “I really worry about everything going to the cloud. I think it’s going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.” Furthermore, he added, “With the cloud, you don’t own anything. You already signed it away,” referring to terms of service agreements with cloud service providers.
Of course, not everyone shares Wozniak’s concern. An InfoWorld article (“Wozniak is wrong about cloud computing”) responds to this concern by admonishing users to read the contracts they enter into: “You should read your agreement and contracts before uploading critical data to any cloud computing provider, including how the data will be protected and returned if necessary. This kind of documentation is especially important for business-oriented providers.” Conceptually, this is indeed a wise policy. If you sign away your rights, don’t be surprised when you can’t appeal to them later (and, conversely, if the other party to the contract agrees to uphold certain rights, you have a certain level of protection).
Thus, uploading your data to the cloud—even under certain contracts—poses a myriad of potential problems, particularly for those who cannot afford extensive (and thus expensive) legal representation. If you’re an individual or small business and your cloud provider decides to in some manner misuse or steal your critical data, such as a new product design, what are you going to do? If that provider is much bigger than you and employs a vast legal team, you’re virtually out of luck before you begin. The big guy can afford to simply bog everything down in court; you can’t. So, again, contracts and use policies provide theoretical protection of cloud data, but practically speaking, they are less of a safeguard than meets the eye—particularly for the little guy (small businesses and individual consumers).
Possession is Nine-Tenths of the Law
The old adage that possession is nine-tenths of the law may not be legally precise, but it does stand as a warning—one that also applies to cloud computing. When you give (i.e., upload) your data to someone else, you are putting it in that other party’s possession. If a disagreement arises, the burden then falls on you to show that you actually have rights over that data, rather than the service provider. Again, this is particularly troublesome in the case of a vast resource disparity between two parties: one side may be unable to afford adequate legal representation, meaning the battle is lost before it even begins.
Of course, if you’re talking about a Facebook post regarding what you ate for breakfast or some similar level of trivia, the stakes are much lower than if you’re dealing with new product data, content development or trade/business secrets. In the former cases, a breach of a privacy agreement, for instance, might be annoying or troublesome, but it’s usually far from disastrous. A breach of data security or integrity in the latter cases can cost vast amounts of money and can tarnish a company’s reputation.
In many ways, then, wholesale outsourcing of data storage to the cloud—even apart from matters of availability and security—is a recipe for a potential legal mess. And this is likely part of Wozniak’s concern when he said, “With the cloud, you don’t own anything. You already signed it away.” Even if you haven’t signed your rights away legally, you may have done so practically.
Centralization: Nothing New, but Still Dangerous
Previously, The Data Center Journal (“Security, Privacy and the Cloud”) noted that centralization of IT resources in the cloud poses a number of potential risks. Part of the issue that must be examined in light of Wozniak’s remarks is what, exactly, constitutes data ownership? Perhaps a cloud service provider refrains from using your credit card information or critical business secrets for financial gain—but what about the buying and selling of other data, or the mining of data for marketing (or more nefarious) purposes? What does it mean to say you “own” your data when a party that ostensibly doesn’t own it nevertheless uses it for its own gain? These are clearly matters that must be hashed out before one can declare the cloud safe for data owners.
And although matters of data privacy and security among users, companies and service providers are important, they often relate mostly (but not always exclusively) to money: damages are usually denominated in dollars. One cannot, however, ignore the threat from governments (maybe you recall the fourth amendment to the U.S. Constitution?). With the overwhelming number of rules and regulations at the federal level alone (the U.S. Code contains some 200,000 pages and does not include federal regulations) and the increasingly ridiculous mantra that “ignorance of the law is no excuse,” the threat of privacy breaches goes beyond money. With so many rules and regulations on the books, everyone likely breaks the law regularly on any given day (Three Felonies a Day). If a federal prosecutor wants to put you in jail, he or she will—in all probability—find a legal reason to do so. Therefore, keeping your information to yourself (i.e., locally instead of in the cloud) may simply be wise policy for the purposes of avoiding excessive scrutiny by government agencies. And this is particularly important as law enforcement agencies increasingly seek access to private data and as laws enabling these efforts are adopted (“FAQ: Will Your ISP Protect Your Privacy?”).
Thus, the stakes in the cloud can be high. Does this mean we should run from the cloud at all costs? No. We should not, however, embrace the cloud haphazardly, and we should also recognize that the cloud may simply not be the best option for outsourcing all data without forethought to the potential consequences. Sometimes it’s best to keep your own business—and your own data—to yourself. Legal contracts and policies may simply provide inadequate protection. Wozniak’s sentiments may or may not be slightly overblown, but they are certainly worth consideration in light of the ongoing concerns related to the cloud.
Photo courtesy of eschipul