More and more online data storage services are becoming available, letting you access anything from emails to video through the web rather than storing it on any particular device. But will they work if people don't trust these services to keep their data safe? Following up our review of SoonR, Krisse asks if we really want a Ken Dodd Internet?
Read on in the full article.
Google makes money by serving you ads targetted at your interests. So, if Google can look at your data to better determine your interests, it can serve better-targetted ads, for which they can ask the advertiser more money.
Google's policy is in fact not secret at all, as they have been talking about this lots of times in public.
Another point of view: setting up a bunch of servers for other people to store their data on isn't very hard, so expect lots of businesses trying this. This means lots of competition and nobody making much money. Businesses know this, so they are looking at long-term ways to make more money than simply storing your data. Worth checking out what this is before using the services of these businesses.
Finally, if you data is stored encrypted on somebody else's server, changes are they can't do anything with it. So what you should be looking for is a way to encrypt your data on your clients (whether it are smartphones or PC's), store it encrypted on the server and decrypt it after downloading it.
Sander van der Wal
www.mBrainSoftware.com
"Google makes money by serving you ads targetted at your interests. So, if Google can look at your data to better determine your interests, it can serve better-targetted ads, for which they can ask the advertiser more money."
It's not quite that simple though. Saying "google looks at your data" implies that a human being there accesses your personal data directly, but Google claims that it's only an automated program which serves up the ads based on the text on-screen, without storing or passing on any personal information. In other words they claim they don't look at it, they just run your mail through an ad program.
I don't know if that's true or not, maybe they're not telling the whole truth, but it certainly shows how complicated it can be to talk about privacy.
"Another point of view: setting up a bunch of servers for other people to store their data on isn't very hard, so expect lots of businesses trying this. This means lots of competition and nobody making much money. Businesses know this, so they are looking at long-term ways to make more money than simply storing your data. Worth checking out what this is before using the services of these businesses."
Yes, I totally agree. I tried to make this point in the article, that data storage is a very new thing and is totally unregulated.
Businesses will always try to make as much money as they can, and sometimes they'll be tempted to do something immoral, but that's what government regulation is for, to keep businesses in line.
Banks are difficult to set up as banking is government regulated, but any idiot could buy a server and offer space on it.
"Finally, if you data is stored encrypted on somebody else's server, changes are they can't do anything with it. So what you should be looking for is a way to encrypt your data on your clients (whether it are smartphones or PC's), store it encrypted on the server and decrypt it after downloading it."
Very good point, although that's just the privacy side of things. Encrypted data can still be deleted accidentally, and if the storage company goes bankrupt the servers might all be wiped deliberately.
What I'd want to see is a service which can guarantee that my photos, videos, music etc will still be available in 10 or 20 years time, just like my bank can with my money.
But what if the online data store just closes down? Bang goes all your vital data.
I can't remember who it was, maybe Google, but one of the big companies just recently closed their online video store. The reaction was so strong that they have re-opened it but only for another six months. People thought they had bought videos that were stored online - but only for so long as the storage company felt it worthwhile to run.
The same risk exists with online data storage.
Then of course there is the risk of blackmail - "Of course you can still access your data, so long as you pay us the monthly fee we decide. Otherwise we are afraid we will refuse you access".
"what if the online data store just closes down? Bang goes all your vital data. "
What if your bank just closes down? Bang goes all your money. We still use banks though because it's very rare that a bank does close down, because banks are so tightly regulated. You can't just set up a bank, you have to show the government that you're trustworthy first.
The point I tried to make in the article is that we need to have some sort of system which lets us see whether a data storage company is trustworthy.
Perhaps there could be some kind of government-approved list of storage companies which meet certain technical and financial requirements, and if you wanted to store data you'd choose a company from the list. Companies on the list would have to show that they keep off-site backups, have secure data centres, and have enough money coming in to keep trading for the foreseeable future. If any of these things change, they would get removed from the list and would have to inform their customers that they were removed from the list. If they refuse to inform their customers, they would be permanently banned from the list.
"I can't remember who it was, maybe Google, but one of the big companies just recently closed their online video store. The reaction was so strong that they have re-opened it but only for another six months. People thought they had bought videos that were stored online - but only for so long as the storage company felt it worthwhile to run."
"Then of course there is the risk of blackmail - "Of course you can still access your data, so long as you pay us the monthly fee we decide. Otherwise we are afraid we will refuse you access"."
This is exactly why we need some clear laws about online data, just as we have clear laws about physical property. The hosts have too much power to just shut up shop without offering any compensation.
But even without such laws, I'd argue that storing data online with a major hosting company is still safer than storing it offline. How much personal data survives when you buy a new PC or smartphone? What happens to data you store on obsolete formats, does it really all get transferred onto newer media? How long do DVD-R discs actually stay readable?
The discussion above makes the strong point that data storages are safer. But only with respect to loosing it in a physical sense. In this perspective, the analogy with banks is appropriate. But IMO there is one important difference: money is anonymous, my private data aren't. My money at the bank can't tell you anything about me, my private data (contacts, email communication, ...) can. I don't care what the bank does with my money after depositing it (as long as I get back when I want it). I do care, however, what the online data storage does with my private data after depositing it but I will have absolutely no control over third party data access. As soon as private is available it will be analysed and somebody will make use of the resulting knowledge, either the storage company itself or government agencies who will have access to this analysis data. I'm not paranoid but I love my privacy.
"The discussion above makes the strong point that data storages are safer. But only with respect to loosing it in a physical sense. In this perspective, the analogy with banks is appropriate. But IMO there is one important difference: money is anonymous, my private data aren't."
I do take your point that the analogy isn't perfect, there are lot of differences between data and money. However I don't think money in a bank account is as anonymous as it used to be. There's just too many ways to trace things electronically, banks can see almost everything you do with your money nowadays.
If you only put in and take out cash, your money is indeed anonymous. But if you use a credit card, debit card or cheque, or even if you just pay bills through your bank account, then your bank knows who you buy from and how much you spend. If someone pays you by cheque or transfer, they know who you're taking money from, and how much.
Even if you do just use cash, the bank knows how much you take out or put in, and they know when and where you visited a branch or cash machine. If you use a cash machine, you'll often see the address of the machine on your statement, even if it's abroad.
But privacy is indeed important, and as someone suggested above the answer with data may be to encrypt it without giving the storage company the key.
Saying "google looks at your data" implies that a human being there accesses your personal data directly, but Google claims that it's only an automated program ... In other words they claim they don't look at it, they just run your mail through an ad program.
It doesn't matter: a human still writes the program.
This has consequences, and you have to be very careful here, because if you permit Google to make this defence, you have to permit other people to, as well.
Have a read of this, by Mark Rausch, the former electronic crime chief for the US Department of Justice.
Google's Gmail - spook heaven?
theregister.co.uk/2004/06/15/gmail_spook_heaven/
But perhaps the most ominous thing about the proposed Gmail service is the often-heard argument that it poses no privacy risk because only computers are scanning the email. I would argue that it makes no difference to our privacy whether the contents of communications are read by people or by computers programmed by people.Google will likely argue that its computers are not "people" and therefore the company does not "learn the meaning" of the communication. That's where we need to be careful. We should nip this nonsensical argument in the bud before it's taken too far, and the federal government follows.
Google (or Tesco, or the spooks...) can still infer a huge amount of information about individuals and groups, without having "read" anything, or accessed your data directly.
That article is so vague about what invasion of privacy is that it defies common sense. For example this sentence: "If a computer programmed by people learns the contents of a communication, and takes action based on what it learns, it invades privacy."
That's just vaguely-defined alarmism. By that exact definition, the paperclip from Microsoft Word invaded people's privacy every time it said "You appear to be writing a letter". By that definition, the spellcheckers and grammar checkers in word processors and email clients invade privacy. Those clearly aren't invasions of privacy though because none of those actions reveal anything about you to anyone else.
The problem with his argument is that you cannot claim all forms of personal polling are dangerous, they're not. Elections in democratic countries are usually anonymous for example, and they're run and monitored by humans, but unless those humans can see your name on the ballot paper then they have no way of knowing how you voted.
Electoral officials know how people voted in total, and they can see how votes break down between regions, but if they were presented with an individual they have absolutely no way of knowing which way that person voted.
"Google (or Tesco, or the spooks...) can still infer a huge amount of information about individuals and groups, without having "read" anything, or accessed your data directly."
Infering information about people is a vague phrase though. No one wants their personal life invaded, but who could be offended by opinion polls? If electoral data shows that people from New York are more likely to vote for Democratic candidates, does that really harm anyone?
If half your shop's till receipts include bananas, you can infer that half the customers buy bananas, but without any personal identification on the receipts you can't know which customers those are, so you've gathered valuable commercial information without invading anyone's privacy.
No one minds Tesco knowing that half their customers buy bananas, or that people who buy bananas also buy oranges. The only thing people might mind is Tesco knowing exactly which customers bought bananas and/or oranges.
If Google's automated advertising system reports to Google which ads it shows for each account along with that account's username, then it does indeed invade privacy. That ought to be banned, or at least restricted so that users know exactly how much they're being monitored.
But if the ad system merely reports an aggregate total for a country or region or demographic, or if it reports on individual accounts in an anonymised way (like the till receipts for bananas), then Google can't possibly infer anything about any individual.
We've got to be careful to zoom in on exactly what it is that's dangerous, otherwise it will hide behind perfectly legitimate analyses of data. The greatest danger is when information about an individual is packaged with something that can identify that individual or any other individual. Above all else, that kind of packaging together is what should be regulated by data storage privacy laws.
"It doesn't matter: a human still writes the program."
The actions of a human in the production process don't automatically mean that the human can perceive everything that the product is involved with.
People who build changing rooms tend not to secretly install hidden cameras. They could, but you can't just assume that they automatically will do.
"This has consequences, and you have to be very careful here, because if you permit Google to make this defence, you have to permit other people to, as well."
I didn't permit Google to make any defence, I'm not defending them here. The only thing I'm trying to defend is common sense.
I have no idea how the Google Gmail ad system actually works. They ought to either make Gmail's ad system public, or allow neutral observers to verify that it doesn't breach personal privacy.
What I AM saying is that it's irrational to say that ALL forms of automated analysis must be invasions of privacy. We have to stay rational here, otherwise we end up in "governments track us through metal strips in bank notes" territory. There are big players involved and I'm sure a lot of them are up to no good, but unless we distinguish the worrying stuff from the not-so-worrying stuff, we'll never tackle breaches of privacy.
What I want to see is a neutral regulator with the power to heavily punish storage companies. That neutral regulator should be able to do thorough and random checking to make sure that data storage companies have no way to infer any personal information about any individual.
Just to make it clear, in the article I'm only talking about how the commercial storage sector behaves.
If we move on to governments and law enforcement it gets far, far more complicated from a moral perspective. That's a huge and far more complex topic with no clear answers, and I'm not even going to touch that one! 😊
Excellent article, by the way. The issue of trusting online data storage service providers brought one of our all-time favourite quotes, from S60's own Christian Lindholm, no less:
theregister.co.uk/2005/02/21/forgetting_digital_memories/
krisse wrote:The actions of a human in the production process don't automatically mean that the human can perceive everything that the product is involved with.
Of course not - I don't think anyone's saying that.
This is the bit to focus on, if the Rausch article isn't clear at first reading:
Google may also argue that its computers do not learn the contents of the message while in transmission but only contemporaneously with the recipient, making wiretap law inapplicable. That argument, while technically accurate, is somewhat fallacious. If taken to its logical extreme, electronic communications are never intercepted in transmission. The packets must be stopped to be read.Fundamentally, we should treat automated searches of contents as what they are: tools used by humans to find out more about what humans are doing, and provide that information to other humans.
What he's saying is fairly straightforward. And that's: if Google is allowed the legal defence of "Don't Blame Me - I Only Work Here!", then expect to hear the FBI make the same legal defence too, some day.
I just want to emphasise that when I described Google's defence I was reporting it rather than endorsing it.
None of what I've written is an endorsement of any company's activities as I have no idea how much of what they say matches up to what they actually do in secret.
Even if Google's (or anyone else's) defence is fine in theory, no one is able to verify their claims, which is the real problem. Even if everyone comes to a consensus on how privacy should be handled, there's no way to check if companies are sticking this consensus.
It's like one of those endless idealistic conferences, where all kinds of wonderful principles are discussed and defined, but all that's left at the end is some non-binding resolution which no one can implement anyway.
mr.orlowski wrote:And that's: if Google is allowed the legal defence of "Don't Blame Me - I Only Work Here!", then expect to hear the FBI make the same legal defence too, some day.
The FBI only benefits if it deduces information about individuals. Advertisers on the other hand might plausibly be satisfied with anonymously matching adverts to receptive eyes.
The scary thing about a wiretap is not the physical wiretap itself, it's what is at the other end of the wiretap, and who gets access to this other end. If nothing comes out of the wiretap and no one gets to listen, then there would be no point in worrying about wiretaps at all as they would be useless as a means of breaching privacy.
If an automated ad system generates advertisements based on an email, never stores or reveals how it chose that particular advert, never stores or reveals the email, and never stores or reveals who viewed the advertisement... how can you deduce anything about a particular person from such a system?
I'm not saying Google's ad system does work like this, I don't know. I'm just saying it could, and if it does then it's not a breach of privacy.
* * *
However, I suspect we're arguing about two different areas of this topic:
Google may also argue that its computers do not learn the contents of the message while in transmission but only contemporaneously with the recipient, making wiretap law inapplicable. That argument, while technically accurate, is somewhat fallacious. If taken to its logical extreme, electronic communications are never intercepted in transmission. The packets must be stopped to be read.
I wasn't thinking in any specific terms about when data is intercepted, or even how.
All I was thinking about was who gets to see your personal information, how much control you have over privacy breaches, and how well you're informed about any breaches or potential breaches.
If Google (or any other company) do things to deduce information about a specific individual, then that would be a breach of privacy. That kind of thing ought to be either banned or severely regulated, with people given clear mandatory warnings before any breaches take place.
If Google doesn't have any information at all about a specific individual, has never had any information about a specific individual, and has no legal means of obtaining such information, then no breach of privacy has taken place.
However, talk about the wrongs and rights of ad systems may be a bit obscure and missing the more fundamental problem that this is an unregulated (or severely under-regulated) industry which is growing very fast. There's no technical infrastructure to stop hosting companies illegally reading everything they store. If they're corrupt they'll lie about privacy policies, and if they're clever too they'll lie convincingly.
If Google really wants to build up a dossier on me, they could just ignore the rules completely, look at my email directly, and I'd probably never ever know they'd done it. The same goes for any email host, even ones that are ad-free and subscription-based.
As someone pointed out earlier in the thread, the only sure way to actually ensure privacy seems to be to encrypt your stored data, and perhaps that will become the standard way of doing things in the future.
For regulation of data storage to happen, it will probably take some huge disaster or scandal where millions of people lose lots of data or have personal details leaked. Scandals and disasters seem to be the only way to make anything safe and regulated.
These 2 aren't really comparable. If my bank goes bust, maybe the government will step in and replace my money. If i show my statement to the bank, they can reimburse any monetary mistakes. HOWEVER if my data is corrupted, is lost, is stolen.. the bank can not simply give me some of it's data, as they could with money. Data is information, money in a bank is just a number. I trust a bank because it's just a number they are storing for me. There are tight government regulations around what banks can do with my money, and banks have to comply with this regulation. I can honestly say that if the government setup an online storage facility that our taxes paid for, or if the goverment even regulated such an entity, my views on storing data offsite would probably change. But until then, there are no legal guarantees with online storage, so I'm not sure it would be worth the risk
krisse wrote:"Google makes money by serving you ads targetted at your interests. So, if Google can look at your data to better determine your interests, it can serve better-targetted ads, for which they can ask the advertiser more money."It's not quite that simple though. Saying "google looks at your data" implies that a human being there accesses your personal data directly, but Google claims that it's only an automated program which serves up the ads based on the text on-screen, without storing or passing on any personal information. In other words they claim they don't look at it, they just run your mail through an ad program.
It doesn't matter whether people or programs are examining my data. I don't want neither of them doing it.
krisse wrote:
I don't know if that's true or not, maybe they're not telling the whole truth, but it certainly shows how complicated it can be to talk about privacy.
I wouldn't call it complicated. Think of it in this way. Would Microsoft, Nokia or Yahoo store their emails and other business data on Google's servers? Would Google store their business data on Microsoft, Nokia's or Yahoo's servers?
Of course not.
So what makes this a good idea for you and a bad idea for Google, Nokia, Microsoft or Yahoo?
[knip]
krisse wrote:
"Finally, if you data is stored encrypted on somebody else's server, changes are they can't do anything with it. So what you should be looking for is a way to encrypt your data on your clients (whether it are smartphones or PC's), store it encrypted on the server and decrypt it after downloading it."Very good point, although that's just the privacy side of things. Encrypted data can still be deleted accidentally, and if the storage company goes bankrupt the servers might all be wiped deliberately.
What I'd want to see is a service which can guarantee that my photos, videos, music etc will still be available in 10 or 20 years time, just like my bank can with my money.
That's not going to happen, because not even banks are guarantueed to last. But with data you can easily use a couple of providers and store all your data at more than one site. And keep a copy at home or in the office as well, at least of the important stuff. And have everything encrypted with the strongest encryption you can afford.
As an aside, that's possible with banks too. In Holland, when a bank goes bankrupt, your get your savings back with a maximum of EUR 20,000.--. So it is always wise to use more than one bank if you have that much money in cash.
The Bank analogy isn't a particularly good one since money is fungible, but my data is not. Banks are governed by laws, backed by governments, and should they fail (at least in the US) I can get the money I am owed. Note it's not the exact same money I deposited, but I don't care since it's functionally equivalent. Data storage companies aren't governed by laws and should they fail I have no recourse to get my data back. In addition it's more difficult a problem since I want only MY data back, not some random data.
When I was writing my Ph.D. thesis I had my data backed up on two different computers at school, floppy disks at school, floppy disks at home, and in a remote computer half way across the country. Bottom line is, online storage is part of the solution, not the solution.