Most of us don’t like the idea of intelligence agencies or law enforcement accessing our data stored in the cloud; that doesn’t mean your data is, by default, being accessed, but it’s likely a matter of principle. As NSA spying scandal revelations rolled out over the last year, many businesses and individuals decided they don’t want their data stored in the US. Countries want their cloud data to be stored locally in hopes of keeping it safe from US snooping. Whether you regard that as a privacy issue or a security issue, one security expert basically says, “Get over it.”
Last month at the re:publica 14 conference held in Berlin, F-Secure’s Mikko Hypponen and David “the Hoff” Hasselhoff talked about digital privacy and the Digital Freedom Manifesto. Hypponen said the Snowden saga made it clear how much control western intelligence agencies have over the rest of the world. Part of the problem, he said, is that “we, the rest of the world, the 96% of the planet, keep using the services run by the 4% of the planet, services in the United States. Why? Because they are great.” He named Google, Facebook, Amazon and Microsoft as a few examples.
That digital freedom campaign states, “We’re fed up with espionage, with having our private information gathered without our consent, with certain parties thinking they have the right to violate anyone’s privacy. They don't. We decided it's time to do something about it.”
The manifesto is divided into four parts: mass surveillance, digital persecution, digital colonization and right of access, movement and speech. You have until June 30 to help write it and then this crowdsourced manifesto will be sent to leaders around the world.
It remains to be seen if the document will make difference, or if those privacy concerns will be blown off by the powers-that-be. But security tops the list of reasons why “cloud services” are not more widely adopted. But Don Smith, technical lead for Dell's Europe, the Middle East and Africa (EMEA) information security practice, believes that cloud security concerns should not be all about national security agencies.
At a Dell round-table event in London, Smith tried to explain how cloud security concerns are misplaced or wrong. He claimed that Finland, one of Dell’s largest European customers, is “very happy for their data to be flowing to the US. They're mature about it. They realize that that if an intelligence agency wants to access their stuff, whether it's Finnish, British or American, they're going to get it. Let's be big boys about it,” Smith said.
According to ZDNet, Smith added, "They are far more comfortable with being secure and getting good services than they are with a fallacious argument about where their data flows to."
Smith said the responses to cloud security questions are mostly emotional rather than rational. He wished “Americans had given the Patriot Act a less interesting name” as “they might as well have called it the Stars and Stripes Act. The UK government has exactly the same powers. If they want something, they can get it.”
To Smith, there are worse things than mass surveillance by intelligence agencies. Large cloud providers “aren't just monitoring us, but are actually trying to influence our behavior. Spooks watch but they don't want you to know they're watching."
The real devil, according to Smith, is Google. He said:
"Google Analytics is the biggest privacy breach in the universe, where they're giving away the web master tools. More than 50 percent of websites globally are feeding back everyone's surfing habits to Google so that they can then use it to target advertising. That's insidious."
If you feel strongly about privacy, then you might want to add your voice to the Digital Freedom Manifesto as that’s better than doing nothing. But ultimately, as was pointed out by the paranoid computer user’s guide to privacy, security and encryption, the only “guaranteed” way to protect yourself is to disconnect from the web and unplug your PC. Sad but very true.