NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Trusting Your Friends -- and Trusting the Cloud



               Trusting Your Friends -- and Trusting the Cloud

                http://lauren.vortex.com/archive/000733.html


Greetings.  Internet "cloud"-based services, both for data storage and
as computing resources, are expanding rapidly, and have become a flash
point of controversy among some persons in the computer science and
privacy fraternities.

On various discussion lists and forums, dialogues about the value and
risks of "cloud computing" have devolved into name-calling and
impassioned arguments about whether the term "cloud computing" itself
is somehow misleading -- with suggestions that data storage services
(where encryption is more easily applied by users) should be
considered separately from remote computing services -- sometimes
called "SaaS" (Software as a Service).

I'm more interested in issues than word wars, so for now (despite the
related complaints that I'll receive) I will continue to refer to this
entire area as "cloud computing" -- "the cloud" for short.

Some other time we can have a technical discussion of cloud
computing's benefits and risks.  But there are a couple of truths
about the cloud that are in my opinion undeniable, and are too often
lost amidst the forest of technical details.

Realize this: The future of computing and communications will
increasingly be Internet cloud-based.  There is no escaping this
truth.  The complexity of the services that will be demanded by
persons around the world will increasingly be impractical to provide
wholly through traditional locally-based resources.

Despite ever more encompassing attempts at automatic software updating
regimes, many or most users' computers are in states of relatively
poor (or even awful) security, and sport feeble or non-existent data
backups, putting immense amounts of personal and business data at risk
on users' local disks at any given time.

And to expect non-technical users to somehow manage these ever more
complicated computing devices, even with the help of increasingly
complex updating environments, is becoming about as nonsensical as
requiring that everyone be their own auto mechanic.

That there are privacy and security challenges in the cloud is
undeniable -- but research in these areas is proceeding rapidly and
holds great promise.  Laws that in some cases treat cloud-based user
data as having fewer legal privacy protections than locally-based data
are no longer tolerable and need to be harmonized so that user data
gets the highest practicable level of legal privacy safeguards
regardless of where that data resides at any given time 
( http://bit.ly/dBPyBy [Digital Due Process] ).

But for some who dislike the cloud, no amount of technical and legal
assurances will ever suffice, simply because they have a fundamental
distrust of remote services -- "We never *really* know what's
going on in the cloud!" they say.

And yet, do we really know everything going on in our local computers,
even those of us who have spent our professional lives building these
technologies?

In most cases, the answer is no.  Unless we've written every line of
code ourselves, or have compiled every program personally from source
code that we've inspected (and presumably understood!) line by line,
there is a leap of faith involved in everything we do on these
machines.

For that matter, if you're of a conspiratorial bent, do you *really*
know for sure what's going on in those CPU cores that run your
computer?  Have you inspected every line of microcode?  Are you
*positive* that something nefarious isn't going on deep within those
busy chips??

More realistically, Ken Thompson -- co-creator of the UNIX Operating
System itself -- noted in his 1984 paper "Reflections on Trusting
Trust" ( http://bit.ly/drwkzx [Univ. of Waterloo] ), that you can't
necessarily even depend on the compilers that you use being free of
self-compiling malware and other subterfuge.

What this all boils down to in the end is -- to paraphrase 
Bob Dylan -- You Gotta Trust Somebody.

And in our modern world, you have to trust lots of somebodies at
various levels or our entire technological civilization would simply
grind to a halt.

We certainly depend on trust in our personal lives.  Even though that
trust may turn out to be misplaced in particular instances, this
doesn't change the fact that trust is fundamental to getting virtually
anything done in our modern world.

And trust isn't only a concept for individuals.  Just as we trust our
friends and lovers -- whose inner thoughts we can never truly know for
sure -- we need to make decisions about trust related to technology as
well.

The fact that we can't know everything about every aspect of cloud
computing services is ultimately just another nuance of the same sort
of necessarily incomplete information with which we make every other
trust decision in our lives.

Ultimately, if you trust that a provider of cloud computing services
is of good ethical standing, will defend your privacy rights against
unreasonable intrusions, and provides services with a degree of
security and reliability that you consider to be acceptable --
especially in contrast to what you can and do provide locally on your
own machines, then an inability to personally inspect every aspect of
operations in the cloud should not be an automatic deterrent to its
use.

Technical and standards advances are making the cloud even more
attractive.  For example, Open Source cloud standards 
( http://bit.ly/aTByiA [New York Times] ) and efforts such as Google's
"Data Liberation Front" ( http://bit.ly/aOIrk1 [Google Data
Liberation] ) provide increasing levels of transparency and data
portability.

There are many factors to take into account when choosing cloud
services -- just as there are in the process of making bosom buddies.
There are no absolute guarantees -- there always risks in life, both
today and tomorrow.  But the various aspects of trust are key in both
cases, and trust is possible without total knowledge of and control
over the other parties involved.

Like love, trust makes the world go 'round.

--Lauren--
Lauren Weinstein (lauren@vortex.com)
http://www.vortex.com/lauren
Tel: +1 (818) 225-2800
Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org
Co-Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org
Founder, GCTIP (Global Coalition for Transparent Internet Performance): 
   http://www.gctip.org
Founder, PRIVACY Forum: http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Google Buzz: http://bit.ly/lauren-buzz