A cloudy future for data privacy
By Jonathan Zittrain
| |||
Earlier this month, Google announced a new operating system called Chrome. It's meant to transform personal computers and handheld devices into single-purpose windows to the Web. This is part of a larger trend: Chrome moves us further away from running code and storing our information on our own PCs toward doing everything online — in "the cloud" — using whatever device is at hand.
Many people consider this development to be as sensible and inevitable as the move from answering machines to voicemail. With your stuff in the cloud, it's not a catastrophe to lose your laptop, any more than losing your glasses would permanently destroy your vision. In addition, as more and more of our information is gathered from and shared with others — through Facebook, MySpace or Twitter — having it all online can make a lot of sense.
The cloud, however, comes with real dangers.
Some are in plain view. If you entrust your data to others, they can let you down or outright betray you. For example, if your favorite music is rented or authorized from an online subscription service rather than freely in your custody as a compact disc or an MP3 file on your hard drive, you can lose your music if you fall behind on your payments — or if the vendor goes bankrupt or loses interest in the service. Last week Amazon apparently conveyed a publisher's change-of-heart to owners of its Kindle e-book reader: some purchasers of Orwell's "1984" found it removed from their devices, with nothing to show for their purchase other than a refund. (Orwell would be amused.)
Worse, data stored online has less privacy protection both in practice and under the law. A hacker recently guessed the password to the personal e-mail account of a Twitter employee, and was thus able to extract the employee's Google password. That in turn compromised a trove of Twitter's corporate documents stored too conveniently in the cloud. Before, the bad guys usually needed to get their hands on people's computers to see their secrets; in today's cloud all you need is a password.
Thanks in part to the Patriot Act, the federal government has been able to demand some details of your online activities from service providers — and not to tell you about it. There have been thousands of such requests lodged since the law was passed, and the FBI's own audits have shown that there can be overreach — perhaps inadvertent — in requests like these.
The cloud can be even more dangerous abroad, as it makes it much easier for authoritarian regimes to spy on their citizens. They routinely monitor all Internet traffic — which, except for e-commerce and banking transactions, is rarely encrypted against prying eyes.
With a little effort and political will, we could solve these problems. Companies could be required under fair practices law to allow your data to be released back to you with just a click so that you can erase your digital footprints or simply take your business (and data) elsewhere. They could also be held to the promises they make about content sold through the cloud: If they sell you an e-book, they can't take it back or make it less functional later. To increase security, companies that keep their data in the cloud could adopt safer Internet communications and password practices, including the use of biometrics like fingerprints.
But the most difficult challenge — both to grasp and to solve — of the cloud is its effect on our freedom to innovate. The crucial legacy of the personal computer is that anyone can write code for it and give or sell that code to you — and the vendors of the PC and its operating system have no more to say about it than your phone company does about which answering machine you decide to buy. Microsoft might want you to run Word and Internet Explorer, but those had better be good products or you'll switch with a few mouse clicks to OpenOffice and Firefox.
If the market settles into a handful of gated cloud communities whose proprietors control the availability of new code, the time may come to ensure that their platforms do not discriminate. Such a demand could take many forms, from an outright regulatory requirement to a more subtle set of incentives — tax breaks or liability relief — that nudge companies to maintain the kind of openness that earlier allowed them a level playing field on which they could lure users from mighty incumbents.
We've only just begun to measure this problem, even as we fly directly into the cloud. That's not a reason to turn around. But we must make sure the cloud does not hinder the creation of revolutionary software that, like the Web itself, can seem esoteric at first but utterly necessary later.
Jonathan Zittrain, a law professor at Harvard, is the author of "The Future of the Internet — And How to Stop It." He wrote this commentary for The New York Times.