Wednesday, 15 December 2010

Clouds, chrome and wikileaks

Cloud computing is seductive. And useful.

The moment you find yourself wanting to share data with someone else, or yourself between home and work. you need a location to store it that's accessible by those you're sharing with.

In the old days we stuck our data on a corporate server somewhere inside the firewall, and when we wanted to share data copied our files to a password protected ftp area. And it worked. And the ftp server in time became a web server and it continued to work

But in the meantime something happened. Applications became bigger. Hard disks became bigger, and laptops became more portable, meaning they moved about more including outside the firewall.

And because you couldn't provide an instant always on disk mount across the firewall people started storing documents on their laptops. Good conscientious people always synced them to some sort of central repository, but we're all human.

So organisations started becoming serverless, or more accurately fileserverless. Database servers were always with us but all that unstructured information was on people's laptops.

Not backed up. Not easily shareable.

Cloud computing seemed to be an answer to this. Put your documents on the cloud. Share them as you want. And use the light weight apps provided when you're using a netbook or other low powered machine (eg an ipad) and don't have the editing tools to hand.

And it's truly excellent. No more messing with versions and connections, or finding that the file is on a machine that's powered off. I use and like this a lot.

But ...

One bugbear is security - you're trusting someone else to control access to your data the way you want. This is the nub of Richard Stallman's gripe about chrome. Like a lot of Stallman's gripes, it's undoubtedly true, but as we all can't have a firewalled fully patched server in the garage or the skills or time to maintain it - one has to be practical.

Not being in the habit of storing pornographic images or developing plans to burn down buildings I'm relaxed if the security sometimes gets a little lax. I'm even reasonably relaxed if you saw a pdf of my credit card statement, or bank statement, or phone bill. I'd be angry if you could, but I doubt if much harm could come of it.

Probably all you could tell is that we have a revolving mortgage, we buy food, petrol, books and clothes, make phone calls and have friends in the UK, NZ and the US. The information gained is nothing I wouldn't tell a friend, and I don't think the men in funny shoes could make me into a criminal mastermind on the basis of the online information.

We of course don't keep the user ids and passwords online. We do have an encrypted cd and memory stick of things like that, including scanned passport pages, and a few sentimental documents and pictures, just in case the nature reserve on the hill above us ever caught fire and we had a bushfire emergency. Our escape plan involves grabbing a netbook, cd, memory stick, mobile phone and cat.

I also assume that my doctor and dentist store all my medical data securely.

So, cloud computing is useful and providing one makes a value judgement about the risks, secure. The same goes for the majority of corporate documents online. If you're sensible a security breach is annoying. But then you face the same problem if someone steals your laptop, or a memory stick, or whatever. I remember once having to explain to the bank that there were unencrypted copies of faxes (ok it was a few years ago) with credit card numbers on a laptop that went walkabout. Not a pleasant experience, though the bank were fine about it.

The danger with chrome, and other cloud only solutions, is that everything is online and people might start inadvertantly putting things they shouldn't online.

The question, as in the outsourcing student email question is whether the consequences of a leak are bad, and is it more likely to happen with an outsourced service than an internally run service.

The wikileaks saga shows us something else. It shows us that cloud data can be taken offline by the providers. Most commercial usage agreements say that you can't post nasty stuff and we can take your account offline for a whole lot of reasons. Now we might agree about not breaching copyright, and not posting live chicken action movies, but basically when we give our data to a service provider, we're saying look after this, try not to lose it or share it with anyone we don't like, but otherwise - hey, it's cool.

So wikileaks was taken offline due to external pressure from the US government. That's fine.
All that happens is that wikileaks is so high profile half a dozen mirrors spring up in other jurisdictions, and the US government looks foolish.

Now suppose I'm not high profile, but have outspoken views about conserving native forest. This embarasses the state government so they get a court order to stop me posting pictures of a protest online where not everything was carried out by the book. For example, people were a little more rough than they could have been removing protesters.

And they then go to flickr and the like and ask them to pull my account. Perhaps they suggest I also have an unnatural interest in chickens. And because I'm unimportant my account gets pulled.

And if I have my own local backup of my cloud data I can find someone else to host, make cd's of the pictures and hand them out, or whatever.

If I don't and everything's on the cloud I'm just a bitter and twisted loony ...

No comments: