24 Dec 2010
For privacy advocates, the move of computing to the cloud looks scary. Web email servers routinely serve copies of email and conversation to lawyers and prosecutors. Of course, responsible companies only do so in response to legal warrants or subpoenas. However, these warrants appear much easier to obtain than, for example, the permission to search a suspect’s home. Moreover, the Wikileaks’ affair showed us that democratic governments are not above pressuring companies like E-Bay to cut a Paypal account. Can we protect our privacy as we move more and more services and data to “the cloud?”
I can think of three answers to the question of “privacy and the cloud.” We could develop a new legal framework to protect data in the cloud. We could develop technical means to encrypt the data stored in the cloud. We could also develop peer-to-peer services that parallel the cloud and can be used as private channels. Each of these approaches has its issues and its promises. We probably need all three.
Changing the legal framework seems hard, but is aligned with the commercial interest of companies like Google, Microsoft or Amazon. Their cloud based services competes with “in house” solutions. Data privacy creates a potential roadblock for cloud solutions. An enterprise will be reluctant to “move to the cloud” if it believes that it will be easier for adversaries or competitors to subpoena their data on a cloud server. They would like to see a framework where data stored in the cloud gets the same protection as data stored in your enterprise or in your house. They may very well get their wishes, at least in democratic countries. That would be very good news for everybody, when it happens.
If the data stored in the cloud is encrypted, the cloud providers cannot read it. Even if they have to execute a warrant, they can only provide a meaningless bunch of bits. This would provide some robust privacy protections if it worked. But that is a big if. It is very easy to store encrypted data in the cloud, but processing or sharing becomes very complicated. And then, there is always the issue of “metadata”, such as the logs of who accesses what, who communicates with what. These logs can reveal lots of information, even if the data is encrypted. Encrypted storage is certainly useful, but can only be a component of the solution.
Changes in legal framework will take some times and will only cover some countries. Encrypted storage will only solve part of the problem. I believe that if we really want private exchange of data, we have to rely on peer-to-peer solutions. But we have to reinvent peer-to-peer! The peer-to-peer solutions of the last decade relied essentially on “always-on” PC. This is not acceptable anymore. To save energy, we must turn off our PC when not in use. This turning on-and-off does not play well with common P2P algorithms, as it forces constant updates of P2P routing table. Besides, P2P solutions need to play well on smart phones and other mobile devices, which probably means inventing new algorithms that exploit proximity and mobility. Mix the cloud into all that, and we have an interesting research problem. But it is a problem that is very much worth solving!