Trusting Your Friends -- and Trusting the Cloud

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: Lauren Weinstein <lauren () vortex com>
> Date: July 20, 2010 3:59:24 PM EDT
> To: dave () farber net
> Subject: Trusting Your Friends -- and Trusting the Cloud

>               Trusting Your Friends -- and Trusting the Cloud
>
>                http://lauren.vortex.com/archive/000733.html
>
>
> Greetings.  Internet "cloud"-based services, both for data storage and
> as computing resources, are expanding rapidly, and have become a flash
> point of controversy among some persons in the computer science and
> privacy fraternities.
>
> On various discussion lists and forums, dialogues about the value and
> risks of "cloud computing" have devolved into name-calling and
> impassioned arguments about whether the term "cloud computing" itself
> is somehow misleading -- with suggestions that data storage services
> (where encryption is more easily applied by users) should be
> considered separately from remote computing services -- sometimes
> called "SaaS" (Software as a Service).
>
> I'm more interested in issues than word wars, so for now (despite the
> related complaints that I'll receive) I will continue to refer to this
> entire area as "cloud computing" -- "the cloud" for short.
>
> Some other time we can have a technical discussion of cloud
> computing's benefits and risks.  But there are a couple of truths
> about the cloud that are in my opinion undeniable, and are too often
> lost amidst the forest of technical details.
>
> Realize this: The future of computing and communications will
> increasingly be Internet cloud-based.  There is no escaping this
> truth.  The complexity of the services that will be demanded by
> persons around the world will increasingly be impractical to provide
> wholly through traditional locally-based resources.
>
> Despite ever more encompassing attempts at automatic software updating
> regimes, many or most users' computers are in states of relatively
> poor (or even awful) security, and sport feeble or non-existent data
> backups, putting immense amounts of personal and business data at risk
> on users' local disks at any given time.
>
> And to expect non-technical users to somehow manage these ever more
> complicated computing devices, even with the help of increasingly
> complex updating environments, is becoming about as nonsensical as
> requiring that everyone be their own auto mechanic.
>
> That there are privacy and security challenges in the cloud is
> undeniable -- but research in these areas is proceeding rapidly and
> holds great promise.  Laws that in some cases treat cloud-based user
> data as having fewer legal privacy protections than locally-based data
> are no longer tolerable and need to be harmonized so that user data
> gets the highest practicable level of legal privacy safeguards
> regardless of where that data resides at any given time 
> ( http://bit.ly/dBPyBy [Digital Due Process] ).
>
> But for some who dislike the cloud, no amount of technical and legal
> assurances will ever suffice, simply because they have a fundamental
> distrust of remote services -- "We never *really* know what's
> going on in the cloud!" they say.
>
> And yet, do we really know everything going on in our local computers,
> even those of us who have spent our professional lives building these
> technologies?
>
> In most cases, the answer is no.  Unless we've written every line of
> code ourselves, or have compiled every program personally from source
> code that we've inspected (and presumably understood!) line by line,
> there is a leap of faith involved in everything we do on these
> machines.
>
> For that matter, if you're of a conspiratorial bent, do you *really*
> know for sure what's going on in those CPU cores that run your
> computer?  Have you inspected every line of microcode?  Are you
> *positive* that something nefarious isn't going on deep within those
> busy chips??
>
> More realistically, Ken Thompson -- co-creator of the UNIX Operating
> System itself -- noted in his 1984 paper "Reflections on Trusting
> Trust" ( http://bit.ly/drwkzx [Univ. of Waterloo] ), that you can't
> necessarily even depend on the compilers that you use being free of
> self-compiling malware and other subterfuge.
>
> What this all boils down to in the end is -- to paraphrase 
> Bob Dylan -- You Gotta Trust Somebody.
>
> And in our modern world, you have to trust lots of somebodies at
> various levels or our entire technological civilization would simply
> grind to a halt.
>
> We certainly depend on trust in our personal lives.  Even though that
> trust may turn out to be misplaced in particular instances, this
> doesn't change the fact that trust is fundamental to getting virtually
> anything done in our modern world.
>
> And trust isn't only a concept for individuals.  Just as we trust our
> friends and lovers -- whose inner thoughts we can never truly know for
> sure -- we need to make decisions about trust related to technology as
> well.
>
> The fact that we can't know everything about every aspect of cloud
> computing services is ultimately just another nuance of the same sort
> of necessarily incomplete information with which we make every other
> trust decision in our lives.
>
> Ultimately, if you trust that a provider of cloud computing services
> is of good ethical standing, will defend your privacy rights against
> unreasonable intrusions, and provides services with a degree of
> security and reliability that you consider to be acceptable --
> especially in contrast to what you can and do provide locally on your
> own machines, then an inability to personally inspect every aspect of
> operations in the cloud should not be an automatic deterrent to its
> use.
>
> Technical and standards advances are making the cloud even more
> attractive.  For example, Open Source cloud standards 
> ( http://bit.ly/aTByiA [New York Times] ) and efforts such as Google's
> "Data Liberation Front" ( http://bit.ly/aOIrk1 [Google Data
> Liberation] ) provide increasing levels of transparency and data
> portability.
>
> There are many factors to take into account when choosing cloud
> services -- just as there are in the process of making bosom buddies.
> There are no absolute guarantees -- there always risks in life, both
> today and tomorrow.  But the various aspects of trust are key in both
> cases, and trust is possible without total knowledge of and control
> over the other parties involved.
>
> Like love, trust makes the world go 'round.
>
> --Lauren--
> Lauren Weinstein (lauren () vortex com)
> http://www.vortex.com/lauren
> Tel: +1 (818) 225-2800
> Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org
> Co-Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org
> Founder, GCTIP (Global Coalition for Transparent Internet Performance): 
>   http://www.gctip.org
> Founder, PRIVACY Forum: http://www.vortex.com
> Member, ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
> Twitter: https://twitter.com/laurenweinstein
> Google Buzz: http://bit.ly/lauren-buzz



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4
Powered by Listbox: http://www.listbox.com