It’s the nature of the shallow, consumer-driven, dream-drunken culture our society tries to impose on us that we popularly adopt terms without knowing what they mean and, more often than not, they don’t mean much of anything.
Such is the case with “the Cloud”.
Most people who use computers believe they know what it is except that everyone seems to have a different definition. From a satellite-based storage system to a virtually invisible network to a collection of hard drives all over the world to a new form of storage that doesn’t require computers to…whatever new definition pops up this week. In any case, you have heard of the “cloud” and probably aren’t sure what it really is.
This week, the Army announced it would be putting its Defense Cross-Domain Analytical Capability — a database storing various kinds of “security-relevant” information — on the Cloud. This surprising development indicates a level of maturity for Cloud computing that could be important for us all, in a contradictory way. We are closer than ever to being able to build a completely de-centralized and privacy-protected Internet network and that is a development we all should be actively supporting. Unsurprisingly, it’s a development corporations are frantically seeking to prevent or control.
To understand all this, you have to first understand what “cloud storage” actually is and to do that you have to divert your eyes from the sky. That’s not where you’ll find it — no satellites or “non-wired data transfer” or invisible storage devices. It’s not the complete break with previous Internet technology some think it is. In fact, it’s not even new.
A “cloud” is nothing more than a bunch of computers linked by a network. There’s no consensus about how it got its name, although companies are more than happy to avoid correcting people’s misinterpretations. But we know how it was developed. It’s a simple “protocol” (a system of computer commands) that allows for the automatic and rapid sharing of information across a network based on the division of files into smaller packages. In short, while you think you claim a precise place for all your files (a kind of personal hard drive in space) when you rent a piece of the “cloud”, you’re giving your files to a provider so they can be chopped up and stored on several computers in the provider’s network.
This allows a provider to use its space efficiently and serve up your stored files quickly. If a particular storage computer is being overloaded with attempts to store information on it or retrieve information from it, the traditional storage computer would slow down or even crash. But with Cloud technology, the provider can route your request to many computers on which your file is stored and “distribute” the demand with each storage device on the network taking on a bit of the “load”. It’s a like a team pulling a heavy object and it all happens automatically and in a flash.
Neat, huh? Companies sure think so and they’re selling the service aggressively. They also have all kinds of products that afford an expansion of the basic storage services. For a higher price, for example, you can store your own software or share the software you and other cloudsters routinely use. So with this enhanced Cloud product, your computer’s hard drive can be almost empty.
This is a newer version of an old protocol called “dumb computer networking” in which your computer is not much more than a screen, a keyboard and a connection to the central server. All the computers on the network use that server as their hard drive. That’s the way a lot of companies still work, keeping their employees from using their own workstations for personal communication (or writing a novel on company’s time) and also making “owership” of that data unquestioned and unassailable. When they use the Cloud, it’s as a back-up of their data.
That’s also the way most individuals use it although they store stuff on their own hard drives. For them, the Cloud provides a safe and secure back-up storage that’s immune to the data-loss resulting from that dreaded incident all of us have experienced: the hard drive crash.
If that sounds particularly attractive and without a down-side, a question might pierce that illusion. Do you have any private data, stuff you don’t want anyone else to see or files you want to own without sharing? Do you store any of that on a cloud? Then it’s not private anymore and, legally, it’s not completely yours. Your data is now in the hands of a big corporation that moves it around, divides it, backs it up and stores it in places you don’t know exist.
If the government demands for that data or some lawyer manages to get a judge to subpeona it, it is no longer yours. It will be consolidated and handed over almost immediately. In fact, even if you cleverly decide to erase all your Cloudy data the second you learn of the subpeona or seizure order (through one of those National Security Letters), you have absolutely no assurance that your data won’t be available. It’s been backed up in ways you know nothing about and, even if you erase it, it probably is still someplace on the Cloud network.
The recent decision ordering Google to turn over data demanded by National Security letters means that companies will turn information over. If one the richest and most politically connected technology companies on earth can’t win that one, very few companies are going to even try. And the privacy policies that accompany Cloud contracts simply don’t protect your datas. Here, for instance, is part of the privacy statement from DropBox (more or less what they all say):
“We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request…If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement.”
That make you feel safe? In case you’re wondering, a “compulsory legal request” can, and frequently is, a letter from an FBI agent demanding the files.
The irony of this pay-as-you-store technological intrusion is that it’s built on a protocol that could actually protect us from government snooping or at least make the snoop much harder. The concept is called “distributed data retention” or “distributed computing” and it doesn’t need a company in the middle and no central place in which the storing computers are kept.
You join a network and, as part of your membership in that network, you get a small storage device which you hook up to your Internet connection. That storage device already has some computer programs on it that you don’t need to worry about. You just turn the device on and then use your computer as you normally would choosing to use your little box as a primary storage unit or as a back-up. Of course, you’re not really saving it to the box because your data is now distributed to all the computers on the network in little pieces. You can retrieve it quickly if you need to (as quickly as you could from your computer’s drive) but most of it is not on that box anymore. It’s on someone else’s box and someone else’s data is on yours. You have no idea whose data is there and no idea where yours is.
This means that if government officials walk into your home and take the box, they aren’t going to know what’s on it and they can’t get that information from you since you don’t know either.
This isn’t science fiction. In fact, the capability has been around for many years. Remote network storage distribution is the way “anonymous email service” (or “remail service”) is done. The only difference is that the storage places in those systems are probably sitting among publicly available servers like the one May First/People Link (the organization to which I belong) shared with our colleagues at Rise-up. That’s the one the FBI seized last year and couldn’t get any information from — it was encrypted — so they returned it without ever informing us (or RiseUp) that they took it in the first place.
The approach to sharing pieces of files among various computer is called “peer to peer file sharing” and is also very much available. It’s the concept used by BitTorrent, the remarkable file-sharing protocol developed by Bram Cohen. Bit Torrent now functions as the most popular file-sharing system on the Internet with as many users as Facebook and YouTube viewers combined. You download files from a bunch of other computers on a network, most of the time in small pieces each stored on a different computer. The Bit Torrent protocol switches the storage source constantly during the download and, as if by magic, you end up with one file.
BitTorrent, by the way, doesn’t mask your IP address (the numbers that identify you while you’re on the Internet) so it’s not “privacy-proof” but a BitTorrent compatible protocol called One Swarm does just that and there are many approaches in development to making you “anonymous” as you share files.
The distribution protocol is there. So is the storage protocol. All that’s needed to make this a reality is the network of people willing to participate. But the companies that sell Cloud storage are frantically trying to recruit the entire Internet to their bank-account-expanding services, thereby making distributed network that much more difficult to recruit to. The fact that most people, activists or not, have no idea how any of this works makes things adds to the difficulty.
But what if an activist movement was to decide that such a project was worth organizing? What if some Internet organization were to develop and launch this kind of network? What if a bunch of progressive Internet providers were to establish a coordination that would make it happen?
Now that’s an idea that would blow away the clouds and reveal a pretty sunny sky of Internet privacy and protection.