Personal Security in the Cloud

Personal Security in the Cloud

By Storj

Sun, Jun 15, 2014

The introduction of cloud storage was a breakthrough in data storage, that has changed the lives of millions of people. Convenient and accessible cloud storage offered a welcome alternative to traditional fragile and inconvenient storage media like CDs and USB drives.  

The benefit of being able to access your cloud-based files from anywhere leads, however, to a valid concern: Who has access to my files, besides me? What can my cloud storage provider do with my data? We will analyze the Terms of Service of three popular cloud storage providers and find out what they can actually do with all their customers’ files.

First up we have iCloud, the Apple solution to store user content on the cloud. Scrolling down to the appropriate section, we find this:

Access to Your Account and Content

Apple reserves the right to take steps Apple believes are reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement. You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law. [1]

In this passage Apple states that it is allowed to take unknown “steps” if there is any suspicion about content from a user that violates its Terms of Service, if required by law, or if user data causes security or technical issues. 

If we take a look at Dropbox’s Terms of Service, we will reach this point:

Your Stuff & Your Permissions
We need your permission to do things like hosting Your Stuff, backing it up, and sharing it when you ask us to. Our Services also provide you with features like photo thumbnails, document previews, email organization, easy sorting, editing, sharing and searching. These and other features may require our systems to access, store and scan Your Stuff. You give us permission to do those things, and this permission extends to trusted third parties we work with. [2]

Similar to its competitor, iCloud, Drobpox needs to access and scan your uploaded files and asserts the right to share its data with third parties. However, it does not state when your files need to be accessed. 

The most unsettling statement can be found on Google Drive’s Terms of Service:

Your Content in our Services

Some of our Services allow you to upload, submit, store, send or receive content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.
When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). [3]

This section gives them the right to do basically anything with your information and files including share them with undisclosed third parties and the law, even after you stop using their services.

After reviewing how these centralized companies can make use of anyone’s uploaded files on their systems, it becomes clear that many individuals and entities can have access to your data. It is possible that your files could be misused and/or stolen under certain circumstances.

References

[1] “iCloud Terms and Conditions, Apple”, http://www.apple.com/legal/internet-services/icloud/en/terms.html, May 2014
[2] “Dropbox Terms of Service, Dropbox”, https://www.dropbox.com/privacy#terms, May 2014
[3] “Google Terms of Service, Google”, http://www.google.com/policies/terms/, May 2014

More Posts

...
Building Tardigrade Connectors

Connectors bridge the chasm between the applications we use every day and the un...

...
Use Cases for the Decentralized Cloud

Have you heard the news? Tardigrade is in early access production, which means t...

...
Announcing Early Access For Tardigrade

Today our team is thrilled to announce our Tardigrade decentralized cloud storag...