Well, there is a different between The Cloud and "A very particular kind of privately owned Cloud". Cloud storage or services don't mean you have to rely on private companies to store or syncronize your data. You can run a substancial set of the same services on your own trusted hardware.
Do you need email ? Do not rely on gmail to store your email or you, use your own server, IMAP and a webclient such as roundcube when you are on the go.
Do you need calendaring? Use Ical and a webdav server.
Do you need file synchronization? Use rsync over ssh to your home machine instead of dropbox. (that's exactly what I do to back up my Android phone), do you want that to be completely automated? Call rsync from a crontab.
My last pictures? a gallery on my home server rather than using flikr or facebook.
Do you need to be reachable by phone from overseas? That's very tricky, since you don't control the phone numbering system, but I am doing really well with my home asterisk server, my android SIP phone and a bunch of SIP providers in a several countries. When I want to talk something with my tech savvy friends, I can use Sip 2 Sip directly (not skype).
It's susprising the amount of stuff you can do when you are running your own services on a trusted environment. Just a ssh + screen session is more than enough for me to do most of my daily tasks. In case I get increasingly paranoid of the goverment I could you just ship a box overseas or use a cheap controled VPS on a different country. I may not have freedom of movement (since immigration is definitely not a friction-free act), but my data surely has. I am not saying this is a perfect solution, but definitely it's much better privacy wise.
The only think I lose with this approach is the 'social' aspect of cloud services. People's attention span is short enough to force them to go to my personal services or my blog to check for my personal updates. Facebook success is that it offers a one single place where you can get a glimpse of how are your friends and beloved ones doing. That's why It's so important to invest on open distribution formats (a la RSS) we can trust and control.
Retreating from the cloud, and writing down appointments in the book, is the wrong solution, globally.
The convenience of being able to access the data everywhere is too huge to sacrifice; this is only going to become more important as people check their mail from their ever growing number of devices - smartphone, tablet, home+office PC, to start with.
Instead, we need to make the cloud storage secure.
Encrypted end to end services and protocols, federated encrypted services.
That is, if a sufficient number of users care enough about security to make security a differentiating feature. Previously, the vast majority of users haven't expressed a market preference for more secure services - maybe this will change when as people put more important information (critical business details) into the cloud.
How exactly do you think cloud services could run with encrypted data?
Either the cloud service can decrypt your data (in which case the government can order them to decrypt it for the government), or the cloud service cannot, in which case the cloud service can't do anything useful with your data whatsoever.
Perhaps, but even if your critical business data is encrypted in the cloud the servers will still be keeping access logs which can be handed over for traffic analysis. As far as I'm aware this is what's being asked for in the recent Twitter case.
Indeed, but I imagine that from the service providers perspective there is currently probably a far greater incentive to keep the logs due to their commercial value.
I dunno. I think the majority of companies log for the sake of logging. Some take advantage of this data, but I doubt most do. Instead it just sits there on a drive waiting to be accidentaly leaked, stolen by employees, stolen by hackers or subpoenaed by governments, both good and bad.
Well for companies that are even slightly web-savvy the logs are very useful because they contain information about who your customers are, when they use your site, how often, what they're searching for, etc, etc - which can have a real commercial value.
But his stance on this issue goes back further; in 1999, he decided to publish this essay I wrote on the GNU web site, which calls out some dangers of depending on proprietary web services, although not specifically the privacy risks: http://www.gnu.org/philosophy/kragen-software.html
To summarize, it's easier for police/gov to get data. Some companies provide user information to them without hassle or fee. A single request can list any number of names. MySpace and ATT love the government and go out of their way to help.
Now, with everything in the cloud, the decision whether to hand over my personal information is almost entirely out of my hands.
Um, no. When you store your data "in the cloud" (in a non-encrypted format), you have just made the decision to hand over your data to everybody with access to that data. That is everybody from TLA governmental entities that can subpoena "the cloud" owners to the janitor that empties the wastebaskets in the computer room.
If you're storing information on the internet (aka buzzword "Cloud"), you're at higher risk of getting that data stolen or spied on. This isn't new. It is something to be aware of the more you store online.
Is it really easier to crack SSL or break into Google's data centers (or hack Google's servers) or guess/crack my password or get hired at Google with intention of espionage/theft than it is to break the ground floor window I'm sitting next to and carting off my desktop?
Really?
The only thing that might be easier is for Google or the Government (via subpoena or collaboration) to get access to my data.
Of getting stolen? What are basing that on? If you look at Google or Amazon, for example, they have teams of people who's only job it is to secure said data. I don't think the average office can say the same.
I had thought that in trying to get out of the cloud I was behaving in an oddball and perhaps even Luddite manner, bucking the apparently rising trendiness of cloud based services. But it's interesting to see that other people are having similar thoughts about reclaiming ownership of their data.
One possible solution might be encryption in the cloud, so that data is encrypted and decrypted by the client. Provided that the encryption was strong enough there would be no technical way that service providers could hand over data, although they certainly could still hand over access logs for traffic analysis and I think this is what's being asked for in the Twitter case.
Encryption in the cloud is exactly what needs to happen. We give up our rights for convenience. This will continue getting worse until we accomplish something like that.
I admire Wuala.com for refusing to create a cloud client because of the lack of security and ownership, regardless of the convenience.
A few years back one of the ministries in Turkey decides to go completely digital and use electronic systems instead of paper as much as possible. The guys scan all the documents copy them to severs, make backups and when everything was finished they decide to destroy the paper version of the stuff and you need permission from the minister himself for that. The head of e-government department walks up to the minister and says 'sir, we made all the documents digital and we want to throw away the paperback documents' and the minister says 'that's good, before you throw away make a photocopy of all documents'.
This may be the short term quick-fix solution, but the real solution is to campaign to politicians and tech. companies to change the current system.
If twitter managed to keep all the rights they want over our data, while also being able to prove that, legally, we own the data not them, then they could respond to subpoena requests with "you need to direct this to the user". (IANAL, I'm not sure whether to get to that would require a change of law or just of Twitter policies, or both.)
The problem here is that our hidden assumptions about the way things work don't match up to how they actually work.
It's because we've invented all these new technology concepts. Trying to make things easy on ourselves, we apply old analogies incorrectly to new situations. So if I "own" my email at GMail, somehow I feel put upon when somebody else comes along and reads it.
We have centuries of examples of social norms to call upon when discussing concrete things like vehicles, houses, or personal effects. So if some official comes in without notice and takes my personal papers, not only is it possibly legally wrong, but it's wrong for a good reason and everybody knows it's wrong simply from using their common sense.
We just naturally assume that these assumptions will hold true with new stuff, but they don't. Lawyer-types are defining things like electronically consuming a work of art or reading a book (in ebook format) in ways that don't match up to normality. The system is working as it has always worked -- government and special interests see an opportunity and they take it. Nature abhors a vacuum.
So we're either going to need to educate a lot of people on what the new rules are, change the rules, or stop participating in technology the same way we are doing now. Otherwise we're going to keep getting results we don't expect, and it's just going to tick folks off even more.
If you ask me, we're at the point where (at least in the U.S.) new constitutional amendments need to be considered regarding electronic anonymity, the relationship of computers to people (it's an extension of their mind, not a device to play things on), and the right to peaceably engage in international commerce as individuals without any government observation, taxation, or interference whatsoever.
I doubt that will happen, though. But it's nice to dream.
Hm, its not a large jump to anybody but a lawyer to have protection for my documents NO MATTER WHERE I STORE THEM. A constitutional amendment for that would muddy up the constitution endlessly "and for electronic documents, and those in the cloud, and those stored temporarily while being transmitted to the cloud...".
Or lawyers could stop being semantic nitpickers. Since that will never happen, I wonder what other options exist?
Do you need email ? Do not rely on gmail to store your email or you, use your own server, IMAP and a webclient such as roundcube when you are on the go.
Do you need calendaring? Use Ical and a webdav server.
Do you need file synchronization? Use rsync over ssh to your home machine instead of dropbox. (that's exactly what I do to back up my Android phone), do you want that to be completely automated? Call rsync from a crontab.
My last pictures? a gallery on my home server rather than using flikr or facebook.
Do you need to be reachable by phone from overseas? That's very tricky, since you don't control the phone numbering system, but I am doing really well with my home asterisk server, my android SIP phone and a bunch of SIP providers in a several countries. When I want to talk something with my tech savvy friends, I can use Sip 2 Sip directly (not skype).
It's susprising the amount of stuff you can do when you are running your own services on a trusted environment. Just a ssh + screen session is more than enough for me to do most of my daily tasks. In case I get increasingly paranoid of the goverment I could you just ship a box overseas or use a cheap controled VPS on a different country. I may not have freedom of movement (since immigration is definitely not a friction-free act), but my data surely has. I am not saying this is a perfect solution, but definitely it's much better privacy wise.
The only think I lose with this approach is the 'social' aspect of cloud services. People's attention span is short enough to force them to go to my personal services or my blog to check for my personal updates. Facebook success is that it offers a one single place where you can get a glimpse of how are your friends and beloved ones doing. That's why It's so important to invest on open distribution formats (a la RSS) we can trust and control.