FTC Worries About Consumers, Cloud Data, and Privacy

pcause writes "Ars Techina has a nice article about the FTC's concern that consumers don't understand the implications of storing their data in the cloud. From the article: 'Data is now sitting on servers outside of your control, where it can be accessed far more easily by Google itself, hackers, and law enforcement than it ever could if kept within the device. Once data passes over the network, it gets much easier to access in realtime; once it is stored on a remote server, it gets much easier to access at any time. And those are just the phone settings. Google also has access to search history data, anything stored in Google Docs or Spreadsheets, complete schedules stored in Google Calendar, and recent Maps searches. Combine them all, and companies like Google become one-stop shops for authorities looking for personal information.' Do you think the average consumer even has a clue about this issue?"

No.

[Rossman]

"Do you think the average consumer even has a clue about this issue?" No. And they don't care, and can't be made to care.

Re:use encryption

[MichaelSmith]

They really can't ya know.. just remember these three words: "I don't recall". End of story.

Not in the UK [theregister.co.uk].

Cloud data already used against me...

[TrisexualPuppy]

...in an alimony suit with a woman that I'd never met. The case was quickly dismissed, but the attorney did some dirty subpoenas and essentially tore my dignity to shreds in front of several people. It's reaaaalllly funny to people who look at your search history, your emails, and your CC purchases with no context and absolutely no justification.

I USE ANONOMYZING PROXIES NOW.

Re:They can know about you, do you know about them

[neorush]

Only a subpoena is needed to get a company to hand over data its called "subpoena duces tecum" basically it orders a person give physical evidence to the ordering court or face punishment. Subpoena's are not the same as warrants, and because they are akin to a testimony they are very easy to have issued, and you do not need to be notified because they are often related to the authorities building a case against you, as opposed to something like a warrant, where YOUR physical property is searched. Read the TOS, a company is within its rights to hand this over to the authorities.

Re:I was just thinking about this today

[Shadow-isoHunt]

No, they cannot. GPS is one way, receiving timestamps via radio transmitted via multiple transmitters, then it does some fun maths involving the speed of light, and relativity. It requires the cellular link to transmit it's location to 911 via E911 services, but with the default firmware of your phone they can't remotely turn this on directly as it's not part of the E911 functionality. In order for them to turn it on remotely, they need to push a firmware patch to the handset which disables any GPS icon indications, and enables the vendor-specific command set. On top of that they have to figure out which handset is yours, which is going to be hard without an associated account with a valid GSM provider in your area. However, if they had previous knowledge of your IMEI/ESN, they could use that to locate you as IMEI/ESNs are globally unique to each GSM handset.

Also, the GPS is overkill since they can passively monitor your location via triangulation of your cellular link. This is the most likely method of monitoring, as it won't kill your battery life(tipping you off), it's passive requiring no interaction with the handset, it doesn't require the GPS chip to initialize and possibly download the GPS ephemeris if it's a cold start(which will take 40s minimum due to the 50bits/s).

Also, they could theoretically do it without a warrant if they used their _own_ equipment and knew your CDMA code - anyone can listen in to any radio transmission in the US, though decrypting a GSM/CDMA signal may be illegal. No decryption is necessary though, as long as they know your timeslot(GSM's tdm)/code(cdma).

Re:Would somebody think of the future of our data?

[drinkypoo]

The problem with that is that clouds are run by companies, and no company lasts forever either.

That is not even remotely the biggest problem. The biggest problem is that clouds are run by corporations, and corporations last forever. Someone else can actually win the right of stewardship over your data as part of a bankruptcy settlement.

Is there any way to write data and then 10 years later get that same data back?

Sure, it's called DVDs from Verbatim, stored in a cool dark place. If you mean "on the internet" then the answer is to get web hosting, and move data from host to host as necessary (e.g. when they go out of business.) But of course, you've got to have some excellent encryption. Luckily that will cost you $0.

Re:Would somebody think of the future of our data?

[syousef]

Is there any way to write data and then 10 years later get that same data back?

Yes. I call it MRBAM. Multiple Redundant Backup At Mother's.

For important data, photos etc, I keep a copy locally. Periodically I dump the data to another hard drive. One goes at my mother's house. One stays local. Every few years I buy more disks and copy drive to drive off a backup. I don't erase the old ones.

Co-incidentally I have exactly 10 years worth of photos. Haven't lost one yet. Latest drives are Terabyte size and are half full. (I don't delete pictures, even test pictures).