For the London Free Press
TECHNOLOGY: Storing or sharing personal information on remote computers controlled by others is a common practice fraught with potential problems
Cloud computing is touted as the solution to many users’ problems — but is cloud computing itself a problem?
Cloud computing is not bad per se. But users must consider how they are using the technology, and whether contractually or practically, it provides them with enough control over their information.
Cloud computing has been a hot topic in recent months, stirring up strong feelings both from those who support the technology and those who distrust it.
In September 2008, Ontario Privacy Commissioner Ann Cavoukian weighed in on this issue in the white paper Privacy in the Clouds, which we discussed in a previous column (see canton.elegal.ca/ 2008/09/29/cloud-computing-presents-real-concerns-over-privacy-issues).
More recently, the World Privacy Forum released a report entitled Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing. It echoed Cavoukian’s concerns and found that, though the technology is not inherently bad, individual users must be conscious of the potential security and privacy implications and protect themselves accordingly.
The forum attempts to define cloud computing — a concept that almost defies definition — this way: “Cloud computing involves the sharing or storage by users of their own information on remote servers owned or operated by others and accessed through the Internet or other connections.”
The forum emphasizes the far-reaching implications of cloud computing, which can be used for data-storage sites, video sites, tax-preparation sites, social-networking sites, photography sites and personal health record sites.
The danger of cloud computing comes from the digital footprints that individuals users may leave on the Internet with no idea of how that information is policed, used and distributed.
Various online activities, from sending e-mails and playing games to managing bank accounts and meeting people on social-networking sites, require people to fill out forms and provide personal information. This information can identify the individual and serve as a digital history of everywhere that person has been.
The forum report’s clear underlying message is that users must be diligent in understanding terms of service, how disclosing information to a cloud provider changes their privacy and confidentially rights in that information, and how remotely stored information may not have the legal protection it should have.
The forum also found many legal uncertainties that make it, “difficult to assess the status of information in the cloud as well as the privacy and confidentiality protections available to users.”
The report even suggests, “sharing information with a cloud provider may undermine legally recognized evidentiary privileges.”
Ultimately, the decision to use cloud computing is one each user will have to make, keeping in mind what they are using it for, how important their mission is, how sensitive the information is, who has it, and whether they can keep local copies of it.