A Publication of the Public Library Association Public Libraries Online

Every Cloud Leaks a Little

by on November 18, 2014

A recent media scandal involved compromising celebrity photos allegedly hacked from the cloud via the celeb’s cell phones and then distributed to the general public.  Shortly after this story broke, my local weather included rain.  The jokes flew: every cloud eventually leaks a little.

This comment was said in jest, but rang painfully true.  Those who know me are well aware that I have concerns about cloud security.  Disks fail.  This is a truism for electronics. All electronics. The reassurances of redundancy that are provided make me equally as uncomfortable.  If the outside source guarantees that my data will never be eaten by the dreaded ghost in the machine, this means that they are keeping copies of my data.  In fact, to be assured they can keep this promise, they are keeping multiple copies of my data in different locations.  When I delete my data, how do I know that all copies of it are truly gone?

Furthermore, electronics get hacked.  The bigger the system, the more likely it will be targeted at some point.  With my data kept in multiple locations, it also means that there are multiple opportunities.

And let’s not forget the obvious: accidents happen.  Here is a true story.  I am an avid online gamer.  I play text-based rpgs  (if that has no meaning to you, don’t worry). A few years ago, my preferred site announced it would be down for a few hours as our gaming data was transferred to a new, faster, and more advanced server space.   The 20,000 or so of us registered at the site are almost all geeks.  We weren’t worried about the 8 million or so posts on the site. A data transfer is easy.  Site management was excellent.  We paid greatly for a service provider, located in California.  The service provider who was updating the hardware said all the right things and provided all the right guarantees.

Our confidence failed when the few hours turned to a few days.  An “accident” had occurred when our provider went to copy the data.  Some people’s data ended up in the wrong place.  Some people’s data merged with other people’s data.  Ultimately, we learned that our gaming information was in the possession of a business in Sweden.  Our game site manager, located in Australia, had credit card information for a business in Europe.  Fortunately for us, the European business had its data merged with the Swedish company that had ours!  A deal was made.  Our geeks sorted out the business’ information, returning it all to the right parties, and we got our game posts back.

On the one hand, this was a heartwarming tale.  Lots of strangers worked together across the globe and solved a problem.  Of course, for us, it was easy.  The few weeks we were down did not “cost” us our livelihood.  We had no serious personal or financial data stored; only personally chosen usernames and email accounts.  The others had far more serious breaches.  It was lucky too that the credit card data was accidentally delivered to non-criminally minded nerds, who actively sought its rightful owners.

Still, the world of cloud security did get a boost this summer. On June 25, the Supreme Court in U.S. v. Wurie and Riley v. California held that police generally require a warrant to search information on cell phones. The ruling was unanimous.

What the court understood— that most people do not— is that the information (photos, email, etc.) accessed via the cell phones is not actually IN the cell phone.  It’s in ‘the cloud’; or in other words, it’s sitting on the cell phone service provider’s server (i.e. Verizon, ATT&T, Sprint, Virgin Mobile, etc.). In fact, it’s probably sitting on several servers.

The Supreme Court’s ruling is an evolution of Fourth Amendment rights. As this has been applied to cell phones, it is likely that this will set the precedent for the ruling to be applied to all cloud stored information.  While this is bad news for law enforcement, it is great news for the public and for libraries.

With the Patriot Act, many libraries stopped keeping particular kinds of data for fear that the government could swoop in, grab the computer, and learn a myriad of information about their patrons. Don’t get me wrong, this concern is still real and the government can still do this.  However, this new ruling can extend the protections of Fourth Amendment rights of individuals, which in the past existed only in their residences to public venues, such as libraries.

It will be interesting to see if this gets tested.  Though I for one, hope I am not the library to have the experience.

Tags: , , , , ,