The raid and dissemination of personal images of Jennifer Lawrence, among others, from her iCloud account, is appalling, and it could be indeed victim blaming to say people should not upload their most personal pictures to cloud storage (or anywhere) in case it gets hacked.
Definitely one should be allowed to do such things without fear of having their privacy so grossly violated. But it’s also horribly true, that all and any data stored remotely from users’ computers or phones or memory sticks, can be stolen, lost, corrupted, hacked and go viral instantly. That is why Apple, in its iCloud users’ terms and conditions, http://www.apple.com/legal/internet-services/icloud/en/terms.html has this big fat disclaimer in CAPS to disabuse users’ expectations that their data is safe and sound: “APPLE DOES NOT REPRESENT OR GUARANTEE THAT THE SERVICE WILL BE FREE FROM LOSS, CORRUPTION, ATTACK, VIRUSES, INTERFERENCE, HACKING, OR OTHER SECURITY INTRUSION, AND APPLE DISCLAIMS ANY LIABILITY RELATING THERETO.”
That’s them covered, atop an almost 9,000-word contract in which lurks innumerable potentially violating ends for our data and content – from users as young as 13 years old, or children as they’re known – in the hands of Apple and friends, ends to which we users consent.
By no means is Apple or its T&Cs unique, but here’s some more from Apple’s novelette: “Apple may collect, use, transmit, process and maintain information related to your Account and related registered devices,” to better Apple’s products, but also “this information may be transferred to the United States and/or other countries for storage, processing and use by Apple, its affiliates, and/or their service providers.” I’d assume all my data had already gone to the US-based NSA anyway – but who are these un-named affiliates? Where are they? How will they get my data?: “Apple may transmit your Content across various public networks, in various media, and modify or change your Content to comply with technical requirements of connecting networks or devices or computers.”
Apple also has the right to “access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief [to do so],” to comply with legal requests, to protect others’ property rights, and to enforce this Agreement.
So any un-named third party may get your content, for as little and as Kafkaesque a reason as Apple wondering aloud if its own agreement is being stuck to. Further, Apple has “a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify … publicly perform and publicly display such Content on the Service,” without payment, as long as it’s not unlawful conduct, or is “obscene, objectionable, or in poor taste,” wholly subjective criteria which surely requires some Apple hack to come sniff out?
I’ve barely scratched the surface. The problem is however, for those risks, people get exercised when for example the state seeks to take all our personal data out of separate state department silos and hoard it all onto a single database, a reckless endeavour that NO2ID has long campaigned against. Maybe people become upset because they perceive the state to be innately dictatorial, and by threatening the sanctity of their personal data, it threatens their personal sovereignty and autonomy. But with the private companies dealing with our emails, texts, the tax returns we compute and store on cloud to the precarious selfies we upload, yet people overlook those same dangers, maybe because they choose to use their services as a means to exercise their autonomy, to engage in the here and now, and that not only obscures any abstract threat posed by far-flung hackers, but far worse, blinds us to the potential violations that we blithely sign up to in the first place.
The opinions expressed in this article are solely those of the author. Meanwhile the Electronic Freedom Frontier group (www.eff.org) has given the following suggestions as per enhancing security:
The best way to secure your data in the cloud is to use a good password. That doesn’t mean it has to be super-complicated with lots of symbols and random numbers and capital letters; you can be just as secure using a password made up of four or five totally random words strung together (as long as they don’t form a coherent sentence). For even more security, you can use a totally random password and make use of a password safe like Keepass (www.keepass.info) or Mitro (www.mitro.co). If your cloud service supports it, you should also enable two-factor authentication on your account—then when someone tries to change your password (or even login, depending on the service), they’ll have to enter a code that gets sent to your phone via SMS or a phone call. That way, a thief would not only have to know your password, but also have physical access to your phone (which is a lot harder).