There is a mystery to storing in the clouds.
Cloud computing: Personal information security issues for Google+ and iCloud users
by Tom Thorne
Today I toyed with signing up for Google+ and backed off. I went to their site and examined what this new service offers. It is sort of an enhanced version of Facebook where a new heading +You is added to the normal Google line-up of services such as Search, Images, Maps, and Mail.
Under the +You there is a layer of headings that builds your friends, family and even business associates into Circles. Then there is Hangouts with live chat and organize your friends for social interaction. Then Instant Upload lets you store and retrieve your photos. All very normal and maybe even useful.
Sparks is a service to provide you with information about things and subjects you like, and Huddle enables you to text to roving devices like smart phones of all of your friends or associates you have in a Circle.
Sounds good right? Obviously Google wants to expand its smart phone services. Well I am not so sure. All of these social media services have the ability to gather and use your personal information recording your likes and dislikes for commercial purposes. Here's how your Google+ or Apple iCloud files can be used.
Employers check out potential hires on social media.
Already company human resources departments search Facebook and Twitter to get some idea of your "real" profile from these sources. Your facetious kibitzing on these services with your friends and the telling candid photos you sloshed to the gills that are posted publicly tell potential employers a lot about your attitudes and tastes or lack of taste perhaps.
From Google and Apple's perspective they gather a lot of data to build your profile from offering existing services to offer you new services in the future. Google+ and iCloud will gather a lot more data on you about your commercial preferences tying it all to your your personal interests and who knows even to your proclivities. In the new Google+ this is the Sparks part of the deal. Google's search engines will offer you endless information and opportunities on topics you list with them.
Commercial value of your information.
However, this data has commercial value to Google because the material they find for you heightens your likelihood of using services or seeing Google Adsense materials. So Google immediately benefits and they gather (if they wish) a profile that is worth dollars to other commercial interests who in turn will find ways of contacting you to do business.
Now all of this is OK if the people who gather the information have a good intention to simply offer you consumer products or holidays in Europe at cut rates. However the power of the Google search engines is impressive and just as you can search, for example, under Images and receive in nanoseconds graphics from hundreds of websites on any given topic, this level of searching and presenting can also assemble your personal profile in nanoseconds for who ever wants it should Google decide to do that.
This ability is always there whether Google denies this type of use use or not. This technical ability is a potential threat to personal information, because Google can massage it once it is in databases anyway they like. It boils down to whether you trust them or not. Facebook is on record as saying that they think it is alright to use personal information stored on their service.
Potential criminal and intelligence services hacking.
Another level of creating personal information databases of this scope is of course criminal hacking by organizations outside of Google gaining entry to their stored personal information. Of course Google and Apple will tell you that their systems are unhackable and for most amateur hacking they probably are quite secure. However, they can be hacked by intelligence services and police agencies with big budgets to do work like fight terror.
We have seen activities coming out of China recently where government databases world wide were hacked by some organization very likely a government funded intelligence service.
Naturally the Chinese government denied any involvement but governments in Europe and Canada were compromised despite expensive security systems at their front ends. They were data mining for economic, trade, industrial information and perhaps NATO military information about Afghanistan.
Determined hackers can get at Google+ and iCloud information tearing off useful profiles of client payment options along with their preference, interests and stored content. These new services must always assume that their security can be breached. If businesses use these new Google and Apple services they will certainly be targets for intelligence services.
Here is a simple application. Soldiers serving in Iraq or Afghanistan use social media when they are in the war zone. It's a morale booster and they connect with their families and sweethearts. By monitoring their activities on social media an intelligence service can pick up valuable data on who they are fighting and who they dealing with on the battlefield. There is no doubt that this information would be used in interrogation of prisoners by both sides.
Not likely? In Korea during the war 1950-52 Soviet intelligence gathered without computers mounds of intimate information about serving soldiers from their military service, pay and allowances to their families, which was routinely used to interrogate captured UN soldiers. This information was provided to the Chinese Army fighting in Korea. In the Information Age this type of information is even easier and quicker to obtain.
Since Google and Apple seem determined to build Cloud applications where users store personal data and information outside of their own personal computers, then the security of these services needs to be at a very high level.
© Copyright 2011, Tom Thorne, All Rights Reserved.
No comments:
Post a Comment