Suddenly The Terms And Conditions Of Your 'Cloud' Service Provider Matter A Lot More

from the pay-attention dept

Thu, Aug 22nd 2013 12:00am — Mike Masnick

Post sponsored by

With everything going on with the NSA and other intelligence agencies relying on being able to reach out to third parties for data, we've pointed out a few times now that this may do serious harm to the tech industry. But what about from the consumer (or business buyer) perspective? It seems likely that companies (especially) should really start rethinking how they make use of certain cloud services. There are, clearly, tremendous potential benefits from cloud providers, which is why it's become so popular lately. But, there are certain downsides as well, and the whole concept of government access (or government demands, a la Lavabit) has really woken people up to some additional potential hazards they may not have paid close attention to in the past.

It also means that a lot of users of cloud services are suddenly reviewing their options a lot more carefully. We've talked about how this may be a boon for private cloud offerings, but there are still plenty of benefits to remote cloud offerings as well. But, suddenly the exact terms that are associated with those offerings, and the potential liability you might face for using those services becomes much more important. In the past, people may have grumbled about the terms of service or potential liabilities they were taking on, but the threats seemed more theoretical. That's now changed.

Related video resources, sponsored by The Hartford:

Over at OpenSource.com, Georg Greve has a good post that looks into questions that need to be asked before using a cloud service these days in light of the revelations about government snooping. For example, in the past, while many people might not have cared what country their service was hosted in, now it becomes critically important. He also highlights the importance of open source software and open source expertise -- both of which provide benefits on mulitple levels, including a higher likelihood of standardization and, frankly, probably a stronger interest in not just caving to government snooping.

But the biggest one is the final point: having a way out.

Know your escape plan.

Solutions that are provided to you as fully open source have an elegant escape hatch built into them by their design. Read: You can take the entire stack and host it yourself without losing productivity or data. This backup plan protects you against legislative changes, company restructuring, and much more. The other side to this is provided by open standards.

The Takeaway: Choose solutions that have the most complete open standards approach to go with open source, because if your escape plan fails for whatever reason, there is a backup. Beware of "Open Core" offers masquerading as open source, though. Gartner called them the "emperor's new clothes" for a reason.

Indeed. As I've argued a few times in the past, so many "cloud" services available today aren't fulfilling the real power of the cloud. Instead, they're little more than locked-in silos, where you're stuck with that particular vendor. The switching costs are incredibly high in those cases, which may not matter when everything's going great, but when you're suddenly worried about the privacy of all of your users (or yourself!) these things suddenly matter quite a bit. And yet, many who are jumping on the cloud bandwagon don't take the time to explore the amount of lock-in and what it means for their own flexibility and liability as well.

Part of the problem, of course, is that many users of cloud services just haven't put a premium on having such control and freedoms. Hopefully, with the growing recognition of why this is an issue, more cloud providers will recognize that not locking people in, and providing more open and flexible solutions is a powerful selling point.

This post is sponsored by The Hartford.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cloud, data security, liability, sponsored post

18 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 22 Aug 2013 @ 3:29am

I like the idea of taking the entire stack and hosting it myself, if necessary. Frankly, I don't trust any cloud service providers located in the United States anymore. There's just too much risk of NSA abuses and secret FISC gag orders.

I miss the days when America was the home of the free and the land of the brave. Now it's the land of the oppressed and home of the scared.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Aug 2013 @ 3:44am
  
  Re:
  Suddenly, service providers based in countries that's hostile to U.S. becomes appealing to me.
  
  Switzerland once was considered a good choice, but that ends when Swiss bank bends to U.S.'s order to give out account owners' information. I don't have much confidence left to that country any more.
  [ link to this | view in chronology ]
- ahmed sahy, 24 Nov 2013 @ 10:37pm
  
  Re:
  hahaha u are so funny
  "I miss the days when America was the home of the free and the land of the brave. Now it's the land of the oppressed and home of the scared."
  love your comment dude
  [ link to this | view in chronology ]
Ninja (profile), 22 Aug 2013 @ 3:51am

I wonder, if there will be extra costs involved in using the cloud such as a local backup o extra loops to protect your data from snooping then I'd think it's worth setting up your own data center. I've read an article recently concerning it. It was focused on the scalability issues and not in the NSA surveillance but this may be yet another reason to leave the cloud.
[ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2013 @ 4:21am

Cloud computing is 100% hype
It's just another worthless, meaningless fad, like "three tier client-server computing" was 15 years ago. Back then, we (my employer) were doing what would be called "cloud computing" today -- but we didn't a have a name for it, we simply thought of it as "competent, intelligence use of resources". Now we're doing some other things that don't have names, but I'm sure some marketroid will cook a few up eventually so that they can be sold to a gullible, naive public. File "cloud computing" right next to "social media" and similar bullshit that caters to the ignorant and stupid.

And worse than hype: cloud computing is 100% insecure. Every cloud provider of any size has long since been served with NSLs that require them to hand over all data and/or provide real-time network taps. Heck, major ones (e.g. Amazon) probably have APIs for surveillance built in.

Cloud computing is used only by the inferior people who haven't thought it through.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Aug 2013 @ 6:31pm
  
  Re: Cloud computing is 100% hype
  "Cloud computing is used only by the inferior people who haven't thought it through"
  
  Correction, it's for the digital invalids who cannot setup their own secure server, for that matter any server at all :)
  [ link to this | view in chronology ]
The Real Michael, 22 Aug 2013 @ 4:35am

The Hartford
They've sponsored this post.
[ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2013 @ 5:28am

I've patented this brand new idea. I call it a 'hard drive.' It stores all of your files locally, for maximum protection.
[ link to this | view in chronology ]
- Killer_Tofu (profile), 23 Aug 2013 @ 10:51am
  
  Re:
  Until they show up at your house with professional locksmiths while you are out away. And they know when you are, because they know you address, your phone number, your phone provider, and the same info for anyone else who lives with you.
  
  And since they have access to all other records from major entertainment and communication services, they will know exactly when you leave and most likely for how long.
  
  They can just do a friendly drop in, copy your hard drive, and then poof back out. You need a pretty intense system to know that they were even there. Or just a non-bribable dog perhaps.
  [ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2013 @ 6:26am

rush limbagh
Is always pushing cloud services. Cryptonyte. Uh huh
[ link to this | view in chronology ]
BentFranklin (profile), 22 Aug 2013 @ 6:31am

If I were the NSA/CIA, I'd set up some new "encrypted" emaila nd cloud storage services based in some other countries and see who I could get to use them.

And since I thought of it you can be sure they did.
[ link to this | view in chronology ]
Nicholas Weaver (profile), 22 Aug 2013 @ 8:00am

Cloud computing security
The problems with cloud computing security can be summed up in four words: "Lawyers, Guns, and Money" (with apologies to Warren Zevon, my short talk with that title).

And remember, rule #1 of Cloud Computing Operational Security if you actually have confidential information you need to protect: don't use cloud computing.
[ link to this | view in chronology ]
- Nicholas Weaver (profile), 22 Aug 2013 @ 8:01am
  
  Re: Cloud computing security
  Actual link: http://www.icsi.berkeley.edu/~nweaver/cloud.pdf
  [ link to this | view in chronology ]
  - Anonymous Coward, 22 Aug 2013 @ 9:53am
    
    Re: Re: Cloud computing security
    That's a brilliant little document. (Typo: Amazon is experimenting with "ads", not "adds".)
    
    I would add to that the near-certainty that agents in the employ of other governments and/or criminal organizations have found employment at Amazon and Rackspace and wherever. It's a no-brainer: get your people on the inside, have them collect a paycheck from the cloud provider and a tax-free bonus from you...and then wait. Just wait.
    
    If and when the day comes that they can retrieve specific information, or take specific action, that minimal investment will pay for itself a thousand times over.
    [ link to this | view in chronology ]
- John Fenderson (profile), 22 Aug 2013 @ 9:11am
  
  Re: Cloud computing security
  if you actually have confidential information you need to protect
  
  And the odds are overwhelming that you do -- particularly if you're using "cloud" services in connection with your cell phone or tablet.
  [ link to this | view in chronology ]
Dirkmaster (profile), 22 Aug 2013 @ 9:22am

A Secure Cloud Solution
is actually possible. Of course, it's not quite as convenient as the unsafe varieties. And it probably won't be usable on any mobile devices. You just need to ensure that all data stored in the cloud is PIE (Pre-Internet Encrypted). It has to be encrypted by YOUR PC before it's transmitted. Any decent encryption package using a good 16+ digit truly random key will keep the NSA busy long after the data is useful.

IMHO
[ link to this | view in chronology ]
all your penis is belong to NSA, 22 Aug 2013 @ 1:32pm

say no to drugs,er usa services
lol
[ link to this | view in chronology ]
whatsapp download pc, 4 Dec 2014 @ 6:15am

Hi nice to see your article,please visit my site for latest games and android for pc apps
[ link to this | view in chronology ]