Can the Cloud Do No Evil?


Update: This was written long before Edward Snowden's revelations were mainstream. Already then there was an uneasy feeling about all the information and "the cloud".

The Google Chromium OS is open sourced.

In the world of Chromium OS, applications will be web apps. Access to the applications will be through the web browser. The web apps live in the cloud, i.e. in a bunch of servers somewhere in the Internet.

Do you trust the cloud?

In light of this, let's talk about cloud computing. More specifically, let's talk about the security and privacy trade-offs of non-cloud and cloud computing.

Do you trust the cloud?

In the non-cloud scenario, i.e. your Linux PC, your Windows desktop, your Apple laptop, whatever, your data is stored locally. You run applications locally. You do not need Internet access to do something. As the data is stored locally, access to your data can therefore be achieved by breaking into your computer.

In the cloud scenario, such as Google Chromium OS, your data lives inside the Google servers somewhere, inside the cloud. You need Internet access. You're more protected in the device side: if someone breaks into your computer, you can restore a clean system easily and your data will persist elsewhere, unchanged.

It is exactly this "elsewhere" which is the problem.

In the cloud scenario, you have zero visibility about how your data gets used. This is because you have zero visibility and zero control about who gets access to the data - whether it is advertisers who examine your behavior patterns and personal data you store (with or without your consent), or whether it is more powerful entities such as governments (yours or another country's).

Today you'll be marked if you're a lunatic and converse with other lunatics to, say, purchase hundreds of kilograms of fertilizer and diesel fuel with plans to kill a lot of people with bombs. What about tomorrow? Supporting a certain political party will get you into trouble? Investigating government corruption raises a flag? Speaking against an unfair, exploitative corporation will trigger an alarm? Will thinking differently simply make you vanish?

If you represent a company, and valued trade secrets go into the cloud in the form of documents, mails and spreadsheet data, how can you be sure that the information will not be leaked to your competitors? How can you ensure that your trade negotiation strategy is not made known to the other party? How can you ever again win business-wise in anything important, if the other party already knows everything?

It is easy to dismiss this line of thinking as some sort of a silly slippery slope argument, but I would not dismiss the argument so easily myself. Why? Well, once an entity is empowered with:

  • knowing what you search (example: Google Search)
  • knowing what you read and where you surf (Google Ads)
  • knowing where you live (geolocating your IP address)
  • knowing who your friends are (GMail, Google Wave, especially the invites when those services are launched)
  • knowing your voice communications (GTalk)
  • owning all of your data (Chromium, coming soon!)

that entity may or may not use these capabilities to your detriment, whether you're a private individual or someone representing a corporation.

It all boils down to this question: do you trust the cloud - can the cloud do no evil?

Clouds

So, going back to the original question: is the security of the non-cloud scenario worse than the cloud scenario? It depends. If one disregards data security and privacy issues for a while, then the security model presented by Google Chromium OS is, in fact, better. Life will be harder for viruses, trojans, and so on, on the client side. All in all, keeping secure on the client side will be less hassle for the normal user.

It will take less effort for someone (criminal or curious) to compromise your laptop and your data than to compromise the cloud/Google servers. However, the cost of compromising your data will drop dramatically for someone who is a friend of Google or who can somehow leverage Google - mostly this means other big businesses or, rather, various governments.

Given that the data confidentiality and privacy is the real issue, what about encryption of user data? This can only work if no plain-text data goes to the cloud as an input for some computation (such as data entry to a spreadsheet cell). If plain-text data does go to the cloud, then encryption will be irrelevant - the data is already in clear inside the cloud.

(There are methods to do computation on encrypted data, for example fully homomorphic encryption. With such technology, one could build a web app where the cloud/server-side learns nothing of the data itself, but the cloud could still provide, for example, a spreadsheet program.)

All in all, it's a trade-off. It depends on what you as the user value most and where your priorities lie. For the record, I'm not trying to argue that Google is bad, or that Google Chromium OS is an overall bad development. I'm saying that all trade-offs (security or otherwise) must be weighed in whole, together with their impacts, and the likelihoods of different impacts, to reach a good conclusion in order to make an informed judgment.

For this reason, I want to see more discussion about the overall security issues, especially the question about what exactly is the level of confidentiality and privacy of user's data in the cloud computing paradigm. I'd like to see Google raise these issues too.