Circling the ‘tubez right now is an FTC complaint filed by the Electronic Privacy Information Center (EPIC) regarding the privacy and security risks surrounding Google services. (This comes hot on the heels of the Google Docs SNAFU.) The complaint covers all the basics: the fast adoption of Cloud Computing; the fundamental right to privacy; identity theft; and the whimsy with which consumers throw (potentially) sensitive data into the *gulp* “Cloud”. The most significant eyebrow raiser of the document, however, is Section 57:
57. Enjoin Google from offering Cloud Computing Services until safeguards are verifiably established.
Say WHAAAAT? Pause the juggernaut? Surely you jest! Oh, and surely they’ll cough up the dough for the Privacy Pizza, as cited in Section 58:
58. Compel Google to contribute $5,000,000 to a public fund that will help support research concerning privacy enhancing technologies, including encryption, effective data anonymization, and mobile location privacy.
(Although, Section 58 does sound a bit secksy, and I’m all for furthering this type of research.)
Earlier today, I posted my opinion on this whole kerfuffle to the PaulDotCom mailing list:
It’s almost as though EPIC need to remind everyone that they still exist
and haven’t become entirely decrepit and overshadowed by the EFF. The
document is well assembled, citing examples that most users *don’t*
consider when using Google services (or just about any *aaS, for that
matter). Incidentally, the complaint references a recently published
report from the World Privacy Forum on privacy risks in Cloud
Computing[1]. Both documents raise a few similar points.For example, how many of us actually read, end-to-end, the TOS and
privacy policy of the Provider? How many of us validate claims like
“your data are safe from unauthorized access when you store it on our
Cumulonimbus Mega Awesome Cloud Storage Platform”?I, for one, laud EPIC’s past efforts and the heart whence this complaint
emerges. However, like a few others, the request for enjoinment
basically negated my support for the complaint in its entirety.[1] http://www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf
The questionability of Google’s approach to (user) security and privacy is nothing new, but it doesn’t warrant a suspension of service altogether. Educating users about the inherent risks of placing anything outside of your own, little trust-boundary-bubble is paramount. We can start by teaching our own “EPIC” phrase: “When it comes to outsourced providers, Expecting Privacy Is Comical.”
Flame on.
(CC licensed image from Erica Marshall)
Welcome to the gang. Please to be enjoying yourself!
~J
Excellent inaugural post! Welcome aboard.
🙂
Good start. The post got into something I have been thinking about a bit as of late. We spend so much time securing this, or bashing the lack of security, that we forget that educating the user will do more for security as a whole than any policy or tool.
Nice work!