FTC Worries About Consumers, Cloud Data, and Privacy 175
pcause writes "Ars Techina has a nice article about the FTC's concern that consumers don't understand the implications of storing their data in the cloud. From the article: 'Data is now sitting on servers outside of your control, where it can be accessed far more easily by Google itself, hackers, and law enforcement than it ever could if kept within the device. Once data passes over the network, it gets much easier to access in realtime; once it is stored on a remote server, it gets much easier to access at any time. And those are just the phone settings. Google also has access to search history data, anything stored in Google Docs or Spreadsheets, complete schedules stored in Google Calendar, and recent Maps searches. Combine them all, and companies like Google become one-stop shops for authorities looking for personal information.' Do you think the average consumer even has a clue about this issue?"
We'll be right back after this from the cloud. (Score:5, Insightful)
I was just thinking about this today (Score:4, Insightful)
My friend that works as google gave me a droid G3 phone for christmas. I guess they all got the nexus this year so he was giving me last years present. It doesn't have a SIM card in it, and I don't have it activated on a cell network. I don't really have any intentions on doing so either.
I let my 4 year old daughter play with it. There's a coloring book application called Zebra Paint. Today though I hear the phone talking.
"Hello? Heloo? Emergency 911"
I guess even without a phone plan, you can still use these things for 911?
I politely told the 911 operator what happened. He told me to be careful letting my girl play with it and that was that.
Scary thing though, this thing has GPS. If someone really wanted to track me down they could. Even without a cell phone plan or sim card in the device.
Re:They can know about you, do you know about them (Score:3, Insightful)
Especially when they don't have to worry about any backlash from their customers as the government will just give them immunity from any suits after the fact.
use encryption (Score:4, Insightful)
Re:They can know about you, do you know about them (Score:5, Insightful)
A lot less people have (legal) access to my house than Google's servers. Maybe you live in a commune, but I don't!
What about private companies? (Score:5, Insightful)
Companies change. Look at Sun Microsystems. Suppose Google ends up needing money. What is going to stop them from allowing me / your mother in law / the king of Sweden from paying to dig through all of the data they have related to you? This might not be done directly through Google, but through a "nice, responsible company" which has paid for access to Google's data. If Google makes the data available to other companies, who knows what those entities might do with it?
We need legislation and a way to verify compliance!
Of course, it would be good if the legislation also protected our data from the Department of Homeland Security, but I do not expect lawmakers to be able to do the right thing there anytime soon.
-Todd
Google's domination makes this much worse. (Score:3, Insightful)
No. (Score:5, Insightful)
The average consumer cares about nothing more than having their immediate wants gratified. Notice I didn't say *needs*. And they are not willing to put in the effort to understand the consequences of their actions, either due to unintentional or willful ignorance.
This is not every consumer, but the average one.
There is no other possible way that I can explain American Idol. ;)
Re:Would somebody think of the future of our data? (Score:5, Insightful)
Yep, still there.
Re:They can know about you, do you know about them (Score:3, Insightful)
Data on a hard drive in your house can be as accessible over the Internet as data in the cloud, assuming that the hard drive is hooked up to a computer that's connected to the Internet. The only difference is, "'Data is now sitting on servers outside of your control". That has nothing to do with "the cloud". Any hosted service has the same weakness.
Yes, sure, if you store all your data on a single company's server, then that means people only need to get access to that company's servers in order to get all of your data. Maybe people don't understand that, but it shouldn't be news to anyone here.
Finally, yes, Google is in a scary position right now. Not only might they have access to your search results, but if you use Gmail then they have your email and if you use Google Docs then they have your documents. Right now, Google has a lot of access to a lot of data, which is exactly why people think their "don't be evil" mantra is so important. If Google chooses to abuse their position, they could cause a lot of problems.
So ultimately, this isn't an issue of "the cloud". It's an issue of how companies (or particular companies) are allowed to use personal data, and whether they're providing sufficient privacy protection to their customers. Warning people is fine, but I kind of have to wonder what the law says. Is the law protecting us as well as it should? If not, if citizens aren't protected well enough, then maybe we should be looking into that instead of just warning people.
Re:They can know about you, do you know about them (Score:2, Insightful)
That is exactly right.
I'm astonished how many people just don't realize this.
Re:I'm starting to feel old. (Score:3, Insightful)
Re:They can know about you, do you know about them (Score:2, Insightful)
If I have 10 kids and an SO, that's 11 people. Still fewer than the number of Google employees running around their data centers.
Re:What about private companies? (Score:3, Insightful)
Of course, it would be good if the legislation also protected our data from the Department of Homeland Security
Of course, the real question with the government is, what happens when they don't follow the law? If all they have to do is say, "... but we're protecting you from terrorists," and people accept that as an excuse for the government breaking its own laws, then now law can protect us.
Re:No. (Score:4, Insightful)
"Do you think the average consumer even has a clue about this issue?" No. And they don't care, and can't be made to care.
... until something happens to them, personally. They just don't believe in prevention, that's all.
Re:I'm starting to feel old. (Score:3, Insightful)
"Not really, just because a large number of people are idiots, doesn't mean that privacy is outdated. "
I think privacy as we knew it is outdated due to our technology. We are essentially living in a small town where everybody knows all about everybody else. Except that most people think they are anonymous to those outside of their circle.
It's not because of our technology. It's because of how carelessly many people use it without a full understanding of its implications. If they really wanted to, they could demand stringent privacy safeguards, both legal and technical. We often lack those things because the demand is so low.
Storing your data in the, "Cloud". (Score:2, Insightful)
Storing your data in the, "Cloud", is the IT equivalent to putting your most prized valuables in the local Greyhound bus locker. I also don't see much difference in using a Cloud service and folks who create, send, and store sensitive email via hotmail or gmail and then act surprised or upset when there is breach.
IMHO
If you're stupid enough (Score:2, Insightful)
Re:Don't you want target ads? (Score:4, Insightful)
I would rather see ads for products I'm interested in than things I'm not.
I'd rather see no ads at all.
Re:Google are abstracting info-currency (Score:3, Insightful)
What puts this in perspective is being asked by other people why I use a commercial E-mail service when Gmail/Hotmail/Yahoo/whatever is free. My response, of course, is "TANSTAAFL". What I pay for when I use a commercial provider is not just a TOS with solid privacy features (stored data being delivered on lawful court order as opposed to request), but the fact that the data stored is my data. It isn't going to be handed over to be sifted through for marketing or advertising, nor will it be used to sling ads at me.
Re:They can know about you, do you know about them (Score:3, Insightful)
Your security is your responsibility. If you're that paranoid about Google, use a proxy or just don't use google
I have a problem with this kind of approach to privacy. It creates an issue in that there is no basic set of standards. A person should at least have the knowledge that if they give X data to a company, that the company may only use it in a predetermined manner UNLESS the company specifically asks for your permission to use it in other ways.
With our current approach, you literally have each entity following their own policy which they may not even uphold (I'm not aware of any real legal ramifications for violations of your own voluntary policy) So every entity you ever deal with will have a set of rules which you are supposed to investigate, send to a lawyer and then base your decision on that? Oh and that policy may include several hundred to thousand sub policies with their 'affiliates'.
The issue is that due to the complete lack of a base standard it isn't possible to make the responsible decisions that you want people to make. The only option at that point is simply not to participate and that is obviously a non-option.
A set of VERY CLEAR standards, established by the FTC and with very clear and precise consequences for violations would serve to promote use of these services, and end this literal no-privacy policy.
A law or policy without consequences for violation of that law or policy isn't worth a damn.
Re:They can know about you, do you know about them (Score:2, Insightful)
Erm... I think TrueCrypt would be more secure with less effort. IMHO.