As a company NinerNet is — and I personally am — a bucker of trends, a refuser of “the easy way”, an anti-”fashionista”, and an advocate of low-level simplicity. This can, at times, make us look like Luddites, but we’re not quite that bad. For example, we’ve joined the trend over the last few years of using the new electric light rather than burning torches to light the office.
The trend we haven’t joined is that of entrusting every scrap of data to “the Cloud”. And this is where what I call “low-level simplicity” comes in. Sure, it might be “easy” to set up a Gmail account, or to use Google Apps to host email on your company domain, or to use Blogger (also owned by Google) or WordPress.com to host your blog. It may even eventually be true, as one client told me recently, that websites are passé and have been replaced by Facebook! (Heaven help us if that prediction ever comes true!) But is it really easier?
In evaluating any course of action, one has to conduct a cost-benefit analysis. Even getting out of bed in the morning involves a cost-benefit analysis, so choosing where to store your private email and sensitive company documents certainly does too. But the costs and the benefits are not confined to the beginning of the endeavour; the costs and the benefits run the entire life of the course of action, from set-up to tear-down — whether or not that tear-down is voluntary and planned.
So if you want to entrust all of your data to the Cloud, please be my guest. Just remember to consider what might happen to that data once it’s beyond your control, how you might deal with the situation if the company you’ve entrusted it to loses it or disappears, what your losses will be if the company decides to give access to your data to someone (e.g., a government or someone undesirable who gains access to the data illegally or through a company takeover), and how you’re going to deal with the situation (and how much it’s going to cost) when you decide to switch systems. So it was free and easy to set up, but will it be free and easy to take down?
The paradigm shift, in my opinion, seems to have been the move from keeping all of your data locally and backing it up remotely (even if it involved driving back-up tapes to a warehouse across town), to keeping all of your data remotely and backing it up … where? Locally, or on another remote system, probably owned by the same company where your data is primarily stored? Good questions. Many of these systems (Cloud and otherwise) that are supposed to “help” you and make your life “easier” with respect to technology really just add a higher-level layer of complexity on top of lower-level simple protocols that have been running the Internet (just fine, thank-you very much) for decades.
Anyway, this is a long-winded introduction to Two honest Google employees: our products don’t protect your privacy. In that article security and privacy researcher Christopher Soghoian explodes the myth — if, in fact, the myth existed in the first place among people who actually think about this stuff — that Cloud companies like Google care one jot about the privacy of your data. In fact, Google’s business model — those ubiquitous adverts next to everything you see on the Web these days — relies on your data being open and easily read. Reading a steamy email from your husband about last weekend’s getaway? Yeah, the ads off to the side might also be NSFW.
Here’s a preview:
Google’s products do not meet the privacy needs of journalists, bloggers, small businesses (or anyone else concerned about government surveillance).
… if the files that I store in Google docs are encrypted or if the files I store on Amazon’s drives are encrypted then they are not able to monetize it …. And unfortunately, these companies are putting their desire to monetize your data over their desire to protect your communications. … their business model is in conflict with your privacy.
Read the comments too. Unlike on some blogs, these comments are intelligent and worth reading … with one exception. Oh, and Soghoian’s The New York Times article (When Secrets Aren’t Safe With Journalists), to which he refers, is worth reading too.
Don’t fool yourself. As with anything, use the right tool for the job, and be aware of the strengths, weaknesses, limitations, costs and overall suitability of the tool you choose.