Cloud Computing and Privacy

Brad Templeton, the chairman of the Electronic Frontier Foundation, presented on the Evils of Cloud Computing at the 2009 BIL Conference. He made a few interesting points (full transcript here). The first was about the Bill of Rights protection we often assume we have, but which is actually being eroded by our choice to put so much of our data in the “cloud”:

One of the things that I am concerned about is erasing the Fourth Amendment. For those who do not know, the Fourth Amendment is the line in the Bill of Rights that mostly relates to privacy. It says that you have the right be secure in your person, papers and effects, and people need a warrant to search your house or search your papers. Unfortunately, the Supreme Court and other courts of the United States have ruled that this wonderful Fourth Amendment does not apply when data is in the hands of third parties.

When you have something on the computer in your house, it is protected by the Fourth Amendment. If you put something on a computer owned by Facebook, it is not protected by the Fourth Amendment. It is only protected in some cases—email has a law that protects email and medical data has a law that protects medical data, and there are laws governing banking records. Specific laws protect certain types of data, but by changing the way we do computing so that all of our data is stored in the cloud we are effectively moving all of our personal data out of our houses and into big data warehouses, and we are erasing a line from the Bill of Rights.We may decide that we want to do that, but I want to make sure that we do not do it casually.

I think that is a very compelling point. Like Brad, I don’t think that the choice is an inherently evil one. As he says, we may end up making that choice. However, if we do, it needs to be something that everyone is aware of. This idea that we are unconsciously making critical decisions popped up in a comment I received recently on a blog post I wrote about privacy and copyright issues around Google services. Reader Richard said:

“I think these privacy issues really snuck up on people. We all got used to email, probably with a false sense of privacy. But services like Gmail just make the lack of privacy with email more plain. When you sent an email using AOL or some other service, it was easy to overlook the fact that your words were being passed through many servers and could easily be seen by other people (assuming people cared enough to hack it). Now, seeing ads along side your email makes it much more obvious that your email is not as much ‘yours’ as you thought.”

He makes a good point there. We chose to start sharing our data by using email services, but it wasn’t until advertisements started showing up on the right of our Gmail page that were related to the content of our emails that it really became plain that our messages were being read. Even if it’s just a robot reading them, they are being read- the robot is just a proxy for some person. Imagine if you came home one day and found a robot reading a letter that had been delivered to your home. First of all, you’d be freaked out- partly because of the robot intruder, but also because it would stand to reason that the robot was reading your letter on behalf of someone else.

Templeton takes some time to discuss privacy in general, which is worth reading. He ended his presentation with some chilling predictions on the level of my robot intruder analogy:

Now here are three quick threats to keep you up at night. First of all, time traveling robots from the future. I actually don’t mean the governor of California. The time traveling robots from the future that I am talking about are all of the people in this room who are working on AI… You are going to get better at face recognition, speech recognition, identifying people from their voices and so on. Those AIs from the future are going to be able to come into the past—not literally…—but metaphorically in that they will be able to search all of these databases that we build now with better tools. They will be able to look at all the video that is being recorded today and all the ATM machines you used and say, ‘Where was Brad on February 7 of 2009? Oh, our modern face recognition software can look through those old records and find out.’ The sins of the past will be visited upon you in the future with tools that you did not know existed. The sins of the future will also be different from the sins of the past. You are doing really nasty things today that you don’t know are going to be very unpopular in the future, like Thomas Jefferson owning slaves, and stuff like that. I hope none of you own slaves.

All the technology we build is going to be used, starting here in the free society, but also gets deployed to China, Saudi Arabia and Future China… Imagine if Facebook had existed ten years ago and Falun Gong, the Chinese religion, had been on Facebook. It’s kind of a wacky religion, but that does not justify what has been done to them. If they had been on Facebook and everyone in the religion had connections to all their friends, when the Chinese government decided to round up everyone in Falun Gong, all they would have had to do is look at the social network. I imagine the next time the Chinese do want to round up some people, they can go into a social network.”

You can watch the presentation below: