(This article was originally published in the Technology Supplement of the Sunday Times of Malta in October 2009)
The recent Denial of Service (DDOS) attacks suffered by micro-blogging sites Twitter and Facebook amongst others earlier this month have just underlined how fragile the internet is.
Whilst it is being claimed that the attacks by means of botnets were targeted to gag a pro-Georgian Blogger by the name of Cyxymu from expressing himself on the Russian-Georgian war, the effects of such attacks, felt by the millions of users worldwide, have again directed our attention to a much greater phenomenon: how safe are we on the net?
Last July saw the release into the public of various sensitive documents belonging to Twitter including its financial projections. It appears that hackers managed to gain control of a Twitter's employee mail account which then led to access of the employee's Goole Apps account containing various documents and other applications. Some of this material started to make its way online. All this was very embarrassing at the very least.
Many technology analysts are pointing out that these recent episodes are nothing but strong reminders of how vulnerable our online data is and with the increase in cloud computing applications, the situation is only worsening. Nevertheless, more and more millions will be using micro-blogging sites, social networking tools and cloud computing in the months to come.
In very basic terms, cloud computing is a form of computing on the internet allowing organisations (such as Twitter) and individuals to harness the computing resources made available through virtual machines spread in various locations and jurisdictions thus enabling users to harness the aggregated power and resources of the computers connected to the cloud. The key to cloud computing however is more the speed in which data can be accessed rather than the power of your computer. The revolution started with simple applications such as email programs. Quickly, cloud computing invaded all forms of tools such as word processing, spreadsheets and calendar applications. The progress of cloud computing is inevitable, so are its dangers.
Whilst many gasp in awe with the breakthroughs registered with cloud computing applications, very few question how laws and regulations are being tested with these new technological advancements especially when it comes to privacy of user data, jurisdictional issues relating to the location of such data as well as the service levels to which such applications are subject.
A simple read-through of the various terms and conditions applicable to sites offering cloud computing applications shows how vulnerable and unprotected users are. Normally, such service providers are not taking any responsibility for availability and non-interruption of service, something very understandable. On the contrary, it is not quite understandable how some of these service providers accept no liability for unauthorized access, use, corruption deletion and loss of content uploaded by users in hosted applications. It is true that the majority of users just click through the small print and accept the terms and conditions of use of such applications blindly but should these recent incidents make us stop and consider what we are getting into? The answer is simple: Aye.
One cannot deny that cloud computing and social networking tools have many advantages. Such applications are very simple, accessible and easy to use. They also are built with hardware flexibility in mind and open a plethora of new business models and advertising streams for service providers but such applications also pose serious challenges to our laws. Surely, legislators will need to roll up their sleeves and analyse whether our present laws can provide an adequate level of protection for cloud computing users as well as the 'software as a service' model.
Once cannot deny that our computer misuse provisions embedded in our Criminal Code have been drafted with technology neutrality in mind but cloud computing will pose new challenges, or at least emphasise further a natural problem that lies in the epicentre of internet and the law: jurisdiction. Whilst any attack or theft on our data stored in online applications will mean that our computer misuse provisions will apply, the issue will not be easy to resolve when one puts into the equation the fact that servers hosting such applications and the data we store on them are scattered all around the globe.
The advantages of cloud computing are clear, technologically speaking. Legally speaking, however, some basic principles should be kept in mind. Any data held in the cloud should at least enjoy the same level of privacy as that stored in your computer. But what happens when the data is being stored in jurisdictions which have not legislated in favour of data protection? We might just throw the concept of 'informational self-determination' in the bin for starters.
No comments:
Post a Comment