Friday, 24 August 2012

Living with our heads in the Cloud

Hadeel Al-Alosi

Technology has led to rapid advancements in our society.  While reading this, many of us will probably be scrolling through a Facebook page or flicking through an iPhone.  Much of the data we are accessing may well be stored in the Cloud.

At its broadest level, cloud computing is the provision of computing resources as a service over a network, usually, the Internet. Cloud computing services have been made available for a number of years, including by well-known organisations such as Google, Microsoft and Hotmail.  These services allow consumers to access data and applications without having to install or store these on their personal computers.

The personal cloud promises many benefits. It allows you to manage all of your PC and mobile devices, and to have every piece of data you need at your fingertips, so that you can share your information with friends, family and colleagues in an instant.

But before becoming over-excited by all the benefits that cloud computing promises to deliver, there are important issues to consider.

Theft and loss of data: should cloud service providers be bound by some minimum security standards that ensure personal information is not lost or stolen? Should service providers be able to limit their liability contractually for lost or stolen data? What if the service provider is forced to close down due to financial or legal problems, which causes customers to lose their data? Who should be responsible in having back-up and recovery processes in place?

Data location: the fact that data is stored by a cloud provider, which may be located overseas, means that individuals and businesses have less control over their data. Users should be questioning who is actually holding their data and where it is being located. With the growth in reliance by Australians on cloud computing services, it may be worth choosing a provider based in Australia. This would reduce risks in storing data with overseas providers, which may be in countries that have inadequate privacy laws or are prone to natural disasters.

Privacy issues: there are endless privacy issues raised by cloud computing, such as who will have access to your data and whether (and which) privacy laws will apply. Are there circumstances that justify the disclosure of data (for example, to aid law enforcement)? Also, what happens to data once a contract with a cloud service provider is terminated? For example, Google Docs states that it “permanently deletes” data from its system. However, it also warns that “residual copies of your files and other information may remain in our services for three weeks”.

Most individuals and some businesses overlook these important issues. As is often the case with e-commerce transactions, many people blindly click on the “I agree” button when signing up for services without reading the terms and conditions provided. We tend to think more about these issues when something goes wrong. For example, when someone's Facebook account has been hacked into by a revengeful ex-partner, or when precious data has been lost.

As to the future of cloud computing services, I think it is timely that we generate some solutions to these problems. Perhaps, somewhere over the rainbow, we can find solutions that allow us to reap the benefits of the cloud, while ensuring we are protected from all external threats.

So, what do you think? – is cloud computing a threat or an opportunity?

1 comment:

  1. Hi Hadeel,

    Nice post.

    Re cloud and privacy, one of the key issues is trans-border data transfer, and the idea floating around in the government ruminations of which bits of the ALRC 108 report of 2008 to implement - a scary option is that the local business holding your data gets absolved of their legal responsibility for material stored offshore/in the cloud, if they merely 'believe' that there is equivalent protection in the other jurisdiction (effectively regardless of what actually happens, and what the real situation at the other end is). This is a great incentive to for local business to develop such a belief.

    The intangible/delocalised nature of cloud storage may mean that it is difficult to even tell which jurisdiction would be relevant.

    In effect the move to the cloud could 'launder' even the very limited protection of local privacy law for local data subjects dealing with cloud-using local businesses, and offer a puzzle in its place.

    David Vaile