Privacy, Security, and the Cloud

April 10th, 2011 by Klaus Wiedemann

Putting everything in the cloud, from personal data to private documents, is now a mainstream hype. A sure sign is the recent article in the German news magazine SPIEGEL online titled “Packen Sie Ihren Krempel in die Wolke! (“Put your stuff in the cloud“).

I’m not sure whether this is a contrarian indicator like in the stock market bubbles when taxi drivers provide you with free stock recommendations…

At least it is a funny coincidence that the SPIEGEL recommends a service like Dropbox, while at the same time the renowned IT magazine Heise online reports security holes in the Dropbox client discovered by security expert Derek Newton.

But why should you worry? The SPIEGEL is relaxed:

“Wer Angst hat, dass andere mitlesen, für den ist die Web-Wolke nichts. Wer Hunderte Megabytes Daten auf diversen Servern auf der ganzen Welt speichert, muss eine gewisse Wurstigkeit an den Tag legen. Denn ganz sicher lesen da welche mit.”

(engl: “In case you are afraid about other people reading your data, the cloud is not for you. If you store hundreds of Megabyte of data on a variety of servers around the world, you need some kind of “I don’t care” attitude. Because it is for sure that there are other people  reading your data.” – Translation by the author).

Now this is a twist! Just put everything in the cloud – privacy and security is soo last century. Don’t worry, be happy!

I don’t know about you – but this approach makes me speechless.I strongly believe that personal data are private, and of nobody else’s business. Putting selected (personal) data online should be a cautious and well-considered decision, which takes both the risks and advantages into account. But where to draw the line?

• photos of your last holiday?
• photos showing your kids?
• photos showing drunk friends?
• scanned bank statements?
• salary slips?
• insurance contracts?
• personal health information?

A first rule of thumb might be which of these information and documents you would share with your

• family
• friends
• neighbors
• co-workers and colleagues
• strangers?

How would you feel if they would see these documents accidentially?

And this is just for private documents. When I was working as a freelancer, I had clauses in several contracts which explicitly forbid to store any documents on third party infrastructures, like cloud services. Explaining the CEO of a company why an internal strategy paper or some new marketing concepts show up on Google or Dropbox or any other cloud services is something I definitely would want to avoid.

Deciding about the privacy risk you are personally willing to accept is one thing. To decide this for others,  for friends, customers or clients, is a completly different story.