The clue to the cloud is in the contract

The raid and dissemination of personal images of Jennifer Lawrence, among others, from her iCloud account, is appalling, and it could be indeed victim blaming to say people should not upload their most personal pictures to cloud storage (or anywhere) in case it gets hacked.

Definitely one should be allowed to do such things without fear of having their privacy so grossly violated. But it’s also horribly true, that all and any data stored remotely from users’ computers or phones or memory sticks, can be stolen, lost, corrupted, hacked and go viral instantly. That is why Apple, in its iCloud users’ terms and conditions, http://www.apple.com/legal/internet-services/icloud/en/terms.html has this big fat disclaimer in CAPS to disabuse users’ expectations that their data is safe and sound: “APPLE DOES NOT REPRESENT OR GUARANTEE THAT THE SERVICE WILL BE FREE FROM LOSS, CORRUPTION, ATTACK, VIRUSES, INTERFERENCE, HACKING, OR OTHER SECURITY INTRUSION, AND APPLE DISCLAIMS ANY LIABILITY RELATING THERETO.”

That’s them covered, atop an almost 9,000-word contract in which lurks innumerable potentially violating ends for our data and content – from users as young as 13 years old, or children as they’re known – in the hands of Apple and friends, ends to which we users consent.  

Surely providers can far more clearly explain to technically inept users – most people – whether their data is uploaded to the cloud by choice or default. Maybe that is somewhere in the iCloud’s novelette contract, for example, but even the coolest, tech and legal savvy minds is only dealing with the T&Cs, “last revised: September 18, 2013”, because “Apple reserves the right at any time to modify this Agreement and to impose new or additional terms or conditions.” And that’s not all: “For more information please read our full privacy policy at https://www.apple.com/privacy/” – which then shows how your rights vary according to your location. Seriously, who has the time to read and process all this? (more shifting goal posts can be seen here: http://epic.org/privacy/cloudcomputing).

By no means is Apple or its T&Cs unique, but here’s some more from Apple’s novelette: “Apple may collect, use, transmit, process and maintain information related to your Account and related registered devices,” to better Apple’s products, but also “this information may be transferred to the United States and/or other countries for storage, processing and use by Apple, its affiliates, and/or their service providers.” I’d assume all my data had already gone to the US-based NSA anyway – but who are these un-named affiliates? Where are they? How will they get my data?: “Apple may transmit your Content across various public networks, in various media, and modify or change your Content to comply with technical requirements of connecting networks or devices or computers.”

Apple also has the right to “access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief [to do so],” to comply with legal requests, to protect others’ property rights, and to enforce this Agreement.

So any un-named third party may get your content, for as little and as Kafkaesque a reason as Apple wondering aloud if its own agreement is being stuck to. Further, Apple has “a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify … publicly perform and publicly display such Content on the Service,” without payment, as long as it’s not unlawful conduct, or is “obscene, objectionable, or in poor taste,” wholly subjective criteria which surely requires some Apple hack to come sniff out?

I’ve barely scratched the surface. The problem is however, for those risks, people get exercised when for example the state seeks to take all our personal data out of separate state department silos and hoard it all onto a single database, a reckless endeavour that NO2ID has long campaigned against. Maybe people become upset because they perceive the state to be innately dictatorial, and by threatening the sanctity of their personal data, it threatens their personal sovereignty and autonomy. But with the private companies dealing with our emails, texts, the tax returns we compute and store on cloud to the precarious selfies we upload, yet people overlook those same dangers, maybe because they choose to use their services as a means to exercise their autonomy, to engage in the here and now, and that not only obscures any abstract threat posed by far-flung hackers, but far worse, blinds us to the potential violations that we blithely sign up to in the first place.

The opinions expressed in this article are solely those of the author. Meanwhile the Electronic Freedom Frontier group (www.eff.org) has given the following suggestions as per enhancing security:

The best way to secure your data in the cloud is to use a good password. That doesn’t mean it has to be super-complicated with lots of symbols and random numbers and capital letters; you can be just as secure using a password made up of four or five totally random words strung together (as long as they don’t form a coherent sentence). For even more security, you can use a totally random password and make use of a password safe like Keepass (www.keepass.info) or Mitro (www.mitro.co). If your cloud service supports it, you should also enable two-factor authentication on your account—then when someone tries to change your password (or even login, depending on the service), they’ll have to enter a code that gets sent to your phone via SMS or a phone call. That way, a thief would not only have to know your password, but also have physical access to your phone (which is a lot harder).

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s