Amanda Carpenter is a JD Candidate at Osgoode Hall Law School.
For those unfamiliar with the term “cloud computing”, it refers to performing the functions of personal computers – such as running applications, communicating, and storing data – not on those personal computers, but rather on servers. Cloud computing is likely already part of your life. For example, Flickr allows us to store and share images online, Google Docs allows us to word process and create presentations, and every day we communicate with each other using Gmail and Facebook.
In each case, most of the computing power is found elsewhere (in the “cloud” of the Internet). Michael Geist writes that critics argue that the benefits of cloud computing such as the accessibility of data and applications from anywhere are offset by a loss in privacy. And of course there are the environmental problems created by running all these servers.
Privacy issues regarding the Internet are hardly new. For example, who hasn’t heard about the strange places photos posted on Facebook might end up? This would be a privacy intrusion you might not even sense, until you see that billboard along with your photo. However, lately there have been renewed initiatives into protecting privacy in a cloud computing era, or rather to bring the privacy protection laws drafted before the widespread use of the Internet into the digital age. For example, the government of the United States needs a search warrant to search files on your computer. So why doesn’t the same standard apply when the same information is stored on servers? South of the border a new campaign was kicked off a few days ago by a coalition called Digital Due Process, asking for major changes to existing law. This coalition is formed of the Electronic Frontier Foundation, Microsoft, Google, and others. They demand that all “private content” held by a service provider be protected by the same standard as files on your computer, where a warrant must be obtained. For interest, here is their video.
The Officer of the Privacy Commissioner of Canada has recently released a consultation paper on cloud computing. The Privacy Commissioner is interested in issues such as the appearance of jurisdictional neutrality, consumer lack of control, compromising meaningful consent to advertising, function creep, innovation dampening, and of course, privacy issues. For organizations in particular, she cites that although cloud computing may seem easy and convenient it may involve giving up some element of control since cloud computing can be “prevented, surveilled or tampered with by external forces, such as government, employers or law enforcement”. For consumers, this lack of control may involve seeing your purchased copy of an online novel be removed from your Kindle library by Amazon. She also writes that cloud computing may also involve a downturn in the amount of software being sold, since everyone will use the free software found online instead, which the Commissioner cites as a problem because those who wish to buy software may not be able to do so in the future.
In regards to privacy issues, she discusses what should be done to counter well-known privacy risks. Some interesting highlights are that to enhance security, cloud providers such as Google should be using the kinds of encryption currently used by online banks and retailers to protect data streams, which is currently not done. This seems like a good idea: who would argue against giving all their online information more protection? Perhaps we should seriously consider this “strong security solution”. She also discusses concerns regarding the permanency of data (think Facebook). She thinks that measures will need to be put in place to ensure that any copies of the data will be removed permanently from the cloud infrastructure. She also discusses the main concern of the recent Digital Due Process initiative: the problem of lawful access requests to cloud providers.
The new trend towards cloud computing raises a new set of privacy concerns for organisations and individuals alike, along with other concerns such as a consumer lack of control. However, there are some new initiatives such as Digital Due Process in development and time will tell if they are able to help resolve these concerns, at least in regards to the some of the privacy issues.