Wozniak and the Cloud

August 9, 2012 2 Comments »
Wozniak and the Cloud

Steve Wozniak, cofounder of Apple, recently expressed his concern over the movement of IT resources (particularly data storage) to the cloud. His sentiments have been met with agreement, skepticism and everything in between. If nothing else, however, his words should give pause to consider whether an all-out move to the cloud is in the best interest of individuals, companies and the IT industry as a whole.

Cloud Worries

AFP (“Apple co-founder Wozniak sees trouble in the cloud”) quotes Wozniak as follows regarding the cloud: “I really worry about everything going to the cloud. I think it’s going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.” Furthermore, he added, “With the cloud, you don’t own anything. You already signed it away,” referring to terms of service agreements with cloud service providers.

In a sense, Wozniak’s sentiments are nothing new: industry observers—as well as companies and individual users—have expressed from the outset concerns about privacy and data security in the cloud. But the Apple cofounder may be expressing a view that takes a slightly different tack than what is in the minds of many: the problem goes beyond hackers, corporate spies and other malicious parties, and instead encompasses the entire system of cloud computing. What, for example, happens when a cloud service provider claims ownership of your data, perhaps pointing to some provision in the terms of service contract or privacy policy?

Of course, not everyone shares Wozniak’s concern. An InfoWorld article (“Wozniak is wrong about cloud computing”) responds to this concern by admonishing users to read the contracts they enter into: “You should read your agreement and contracts before uploading critical data to any cloud computing provider, including how the data will be protected and returned if necessary. This kind of documentation is especially important for business-oriented providers.” Conceptually, this is indeed a wise policy. If you sign away your rights, don’t be surprised when you can’t appeal to them later (and, conversely, if the other party to the contract agrees to uphold certain rights, you have a certain level of protection).

For small businesses (i.e., those that cannot afford a legal team) and individual users, however, this approach is highly impractical. Consider Facebook’s data use policy, for instance; it’s written in fairly simple language (i.e., not legalese), but it’s still long. And a minor detail, down to the placement or misplacement of a comma, can drastically change the nature and extent of users’ rights under such a policy. And this isn’t to pick on Facebook: almost every site you visit has a terms of use policy, privacy/data use policy or something similar, and you’re likely to deal with even more legal documents when you sign up for a paid or even unpaid service. In many of these cases, the legal language can become downright incomprehensible. And even if you think you understood everything, the right lawyer and the right judge can turn it all around on you.

Thus, uploading your data to the cloud—even under certain contracts—poses a myriad of potential problems, particularly for those who cannot afford extensive (and thus expensive) legal representation. If you’re an individual or small business and your cloud provider decides to in some manner misuse or steal your critical data, such as a new product design, what are you going to do? If that provider is much bigger than you and employs a vast legal team, you’re virtually out of luck before you begin. The big guy can afford to simply bog everything down in court; you can’t. So, again, contracts and use policies provide theoretical protection of cloud data, but practically speaking, they are less of a safeguard than meets the eye—particularly for the little guy (small businesses and individual consumers).

Possession is Nine-Tenths of the Law

The old adage that possession is nine-tenths of the law may not be legally precise, but it does stand as a warning—one that also applies to cloud computing. When you give (i.e., upload) your data to someone else, you are putting it in that other party’s possession. If a disagreement arises, the burden then falls on you to show that you actually have rights over that data, rather than the service provider. Again, this is particularly troublesome in the case of a vast resource disparity between two parties: one side may be unable to afford adequate legal representation, meaning the battle is lost before it even begins.

Of course, if you’re talking about a Facebook post regarding what you ate for breakfast or some similar level of trivia, the stakes are much lower than if you’re dealing with new product data, content development or trade/business secrets. In the former cases, a breach of a privacy agreement, for instance, might be annoying or troublesome, but it’s usually far from disastrous. A breach of data security or integrity in the latter cases can cost vast amounts of money and can tarnish a company’s reputation.

In many ways, then, wholesale outsourcing of data storage to the cloud—even apart from matters of availability and security—is a recipe for a potential legal mess. And this is likely part of Wozniak’s concern when he said, “With the cloud, you don’t own anything. You already signed it away.” Even if you haven’t signed your rights away legally, you may have done so practically.

Centralization: Nothing New, but Still Dangerous

Previously, The Data Center Journal (“Security, Privacy and the Cloud”) noted that centralization of IT resources in the cloud poses a number of potential risks. Part of the issue that must be examined in light of Wozniak’s remarks is what, exactly, constitutes data ownership? Perhaps a cloud service provider refrains from using your credit card information or critical business secrets for financial gain—but what about the buying and selling of other data, or the mining of data for marketing (or more nefarious) purposes? What does it mean to say you “own” your data when a party that ostensibly doesn’t own it nevertheless uses it for its own gain? These are clearly matters that must be hashed out before one can declare the cloud safe for data owners.

And although matters of data privacy and security among users, companies and service providers are important, they often relate mostly (but not always exclusively) to money: damages are usually denominated in dollars. One cannot, however, ignore the threat from governments (maybe you recall the fourth amendment to the U.S. Constitution?). With the overwhelming number of rules and regulations at the federal level alone (the U.S. Code contains some 200,000 pages and does not include federal regulations) and the increasingly ridiculous mantra that “ignorance of the law is no excuse,” the threat of privacy breaches goes beyond money. With so many rules and regulations on the books, everyone likely breaks the law regularly on any given day (Three Felonies a Day). If a federal prosecutor wants to put you in jail, he or she will—in all probability—find a legal reason to do so. Therefore, keeping your information to yourself (i.e., locally instead of in the cloud) may simply be wise policy for the purposes of avoiding excessive scrutiny by government agencies. And this is particularly important as law enforcement agencies increasingly seek access to private data and as laws enabling these efforts are adopted (“FAQ: Will Your ISP Protect Your Privacy?”).

Thus, the stakes in the cloud can be high. Does this mean we should run from the cloud at all costs? No. We should not, however, embrace the cloud haphazardly, and we should also recognize that the cloud may simply not be the best option for outsourcing all data without forethought to the potential consequences. Sometimes it’s best to keep your own business—and your own data—to yourself. Legal contracts and policies may simply provide inadequate protection. Wozniak’s sentiments may or may not be slightly overblown, but they are certainly worth consideration in light of the ongoing concerns related to the cloud.

Photo courtesy of eschipul

About Jeff Clark

Jeff Clark is editor for the Data Center Journal. He holds a bachelor’s degree in physics from the University of Richmond, as well as master’s and doctorate degrees in electrical engineering from Virginia Tech. An author and aspiring renaissance man, his interests range from quantum mechanics and processor technology to drawing and philosophy.

Pin It

2 Comments

Add Comment Register



Leave a Reply