Saturday, June 23, 2012

Privacy in the Clouds you ascend, fly and fall through

Richard Hall recently uploaded a good presentation, The Cloud and Higher Education, with the main thrust being around the questions of who owns data on cloud services. This is a question of sovereignty, and whether data on cloud services are governed wholly or in part by the laws of the country where the server or company is head quartered (predominately major quake zones in the USA).

My work interfaces with the Northern Territory Government from time to time, and while they've put out a number of pretty good guidelines regarding agency use of cloud services,
  1. Cloud Computing Policy and Guidelines 
  2. Cloud computing and record keeping 
Both from NTG Dept of Business and Employment
apart from these documents (which in short advise the use cloud services for anything that is classified less than Restricted) the general tone of conversations I find myself in with government staff and the like is one of defensiveness, ignorance and risk aversion. It reminds me a little of the sorts of 'conversations' I was in back in 2004 when "Web2.0" was their problem. I'm not dismissing their concerns, not at all, but isn't it all just pissing in the wind? Can we find a way to identify and discuss the deeper more complicated issues please? Richard acknowledges these in his slides on 'values' and local economic considerations...

I want to introduce a different take on the questions of privacy and security though.

Do government agencies and universities really think that data stored on their servers is secure and private? Climategate, Wikileaks, News International, Windows GodMode, or a Timeline of Security Hacking. Do we seriously think The Patriot Act and other legislation enables or reins in surveillance already taking place? As more and more data moves to open, can we maintain service in an efficient and reliable way?

Safe Browsing—protecting web users for five years and counting. Google Blog June 2012

Energy efficiency in the cloud. Google Blog June 2012

Assuming you're answers to these rhetorical questions fall into line with what I'm thinking, then we might agree that government servers are not only as insecure as any server out there, they are probably targeted if not openly used for the collecting data -  legitimately or not. Shouldn't we instead be asking where can we store data that is more reliable, efficient and secure? We might ironically find it to be the very place we not accepting - the Cloud. It's a slightly different tone of questioning from the one used to date, that wants to imply that servers other than our own can't be trusted. 

And, just to confirm with all the skeptics out there, yes, I really am drinking the Google cool aid, big time!

Google recently published a report on all the government and private take down requests they received for the period 2009-2011, in their effort to become more 'transparent'. While the level of detail revealed could have been more, and I guess we have to just trust they are being honest in both content and intent, if Google keep going down this route we - the average jo citizen, might gain just a little more than relatively simple cloud services for our agencies, we might gain a bit of insight on their work as well. 

Australian Government requests to Google for data on individual users for the July to December period of 2011. Google Transparency Report, June 2012.
Unfortunately, what we’ve seen over the past couple years has been troubling, and today is no different. When we started releasing this data in 2010, we also added annotations with some of the more interesting stories behind the numbers. We noticed that government agencies from different countries would sometimes ask us to remove political content that our users had posted on our services. We hoped this was an aberration. But now we know it’s not. Google Blog June 2012.

But who watches the watchers? Thankfully there's Google-Watch, but we need more and better. I note the disturbing absence of a Criticism or Reception section in the Wikipedia article for Google or Google Drive, yet there is such a section on DropBox!?

I would dearly love to hear a way we might achieve the functionality and service offered by the likes of Google, but without necessarily compromising our conviviality, local capacity building, and local employment etc.