DISQUS

The Wisdom of Clouds: Update: The Cloud Computing Bill of Rights

  • mark seery · 1 year ago
    Hi James,

    I am wondering whether data encryption is a solution to the data privacy issues:

    1) Is it sufficient?
    2) Is it possible, i.e. to cloud interfaces make customer controlled encryption practical?
  • jamesurquhart · 1 year ago
    Technically, data encryption is certainly one piece of the security puzzle. (I'm not so sure it directly relates to privacy, per se.) It certainly seems possible for a vendor to provide an interface to allow customers to encrypt their own data, though the support of such a function might expose the vendor to liability.

    However, I am much more worried about the political and legal threats to security and privacy than the technical ones.

    James
  • Wes Felter · 1 year ago
    I don't think encryption can solve the problem. If you want to manipulate data in the cloud, you'd have to decrypt it in the cloud and then you're back to trusting the provider. The window of exposure may be smaller, though.

    Also, many SaaS features (especially social ones) are based on the provider indexing and analyzing data, which doesn't work if the data is encrypted.
  • BenjaminEllis · 1 year ago
    I'd second Wes. Encryption helps with confidentiality during transport (and potentially storage), but that doesn't address the privacy issue, since that is more around how data is handled when it is processed. Additionally, encryption adds a very big processing overhead, or a cost overhead if performed in hardware. Privacy is usually solved with policy, ahead of technology.
  • Chris Thompson · 1 year ago
    "I think the customer can expect only that laws will remain within the constitutional (or doctrinal) bounds of their particular government, and that government retains the right to create law as it deems necessary within those parameters."

    This seems wildly naïve. The current regime in the US has systematically circumvented, superseded, and otherwise navigated around core constitutional rights.

    The recent debacle surrounding Warrantless Wiretaps alone should give pause. And while "Freedom of Privacy" is not a guaranteed constitutional right, it was a nearly as strong legal precedent.

    It doesn't take a wild frothing dissident to be uncomfortable with the sticking power of any "constitutional (or doctrinal) bounds" as they apply to any cloud server located on US soil.

    Has anyone seen my Habeas Corpus? I swear I just had it.
  • toddh · 1 year ago
    Does the BOR handle something like what Ning is doing: http://reasonablysmart.blogspot.com/2008/08/nin...

    I wasn't sure reading through it. Protecting code could be important as well.
  • samj · 1 year ago
    Nice work with this James. Rich and I have been working on something similar offline and we should see about meshing the two together. In terms of a wiki I have just finished setting up http://wiki.cloudcommunity.org/ for stuff like this, which falls shy of Wikipedia's requirements for inclusion (notability, verifiability, original research, etc.).

    I think we've got a way to go yet, but the main issues (privacy, surveillance, apis, etc.) are on the table already which is a good start. I'd also suggest that the result be concise so as it be read and adhered to.

    Sam
  • samj · 1 year ago
    I've just finished merging your draft with Rich's and mine and the result is here:

    http://wiki.cloudcommunity.org/wiki/CloudComput...

    Enjoy!

    Sam
  • jamesurquhart · 1 year ago
    Thanks, Sam. I'm excited to see this happening. I look forward to reviewing the draft, and I encourage others to do so.

    James