For novel ideas about building embedded systems (both hardware and firmware), join the 35,000 engineers who subscribe to The Embedded Muse, a free biweekly newsletter. The Muse has no hype and no vendor PR. Click here to subscribe.
Cloudy Benefits of the Cloud
I'll present my Better Firmware Faster seminar in Melbourne, Australia February 20. All are invited. More info here.
But the story is deeper than that. A lawyer told me that you lose attorney-client privilege on communications conducted in the cloud. He said that privilege requires one to have control over the communication and/or documents, and the courts have ruled such control does not exist in the cloud (I'm no lawyer so can only recount what he said). This is a problem for people working with the law, of course, but a potential problem for anyone who may find themselves and their data in some legal trouble. That email you sent while a bit inebriated to an ex-girlfriend twenty years ago could create trouble when you're presented with a dubious paternity suit. Some (many? All?) cloud services scan the data looking for images any reasonable person would consider horrific. Now, I'm sure none of us have any. But who thinks these scans are 100% accurate? You could get nailed because your compiled C code that did nothing more harmful than innocently attack SCADA systems looks like a bit little Jeremy. Encryption may take a text file and generate some binary that vaguely looks like Jesus on a piece of toast. Societal norms on what is offensive and illegal vary over time. What if the RIAA and MPAA get their lackeys in Congress to slip a mandate into section 53.291(a) subchapter (w) of some 2500-page bill that requires cloud services look for copyrighted material? How will we prove the music we ripped from a CD was legally purchased, though maybe long ago? Another problem is no one really knows where the data is, or how it is stored. It's likely held in multiple copies and locations. Does deleting it really work? How do you know? If the data is only on your local computer, perhaps the NSA and every law enforcement (http://dailycaller.com/2013/06/18/dhs-hopes-get-same-cyber-spying-powers-as-nsa/) agency on the planet does not have a copy of it. If the data transits the net to a cloud server, well, we know James Clapper has given us his most sincere assurances that no one looks at it. And that even if they do, their security is absolutely air-tight. Unless some high-school dropout (http://en.wikipedia.org/wiki/Edward_Snowden) is involved. It seems Kim Dotcom's Megaupload "service" was hosted on a cloud provider's servers, and that company deleted (http://www.techdirt.com/articles/20130619/07515923527/leaseweb-deletes-megauploads-servers-without-warning-destroying-key-evidence.shtml) all of the data. Perhaps the cops were involved. But what if your data is saved somewhere out there and the provider suddenly goes belly up? What if some law enforcement action is taken against some other company whose data is hosted on the same servers that contain your information - who is to say an indiscriminate wipe won't take out your stuff? Remember, that law enforcement agency may be from some other country with looser rules and constraints than practiced in your home country. Remember Liebson's Law: any new technology takes ten years before we really understand the implications and issues. The cloud is attractive, but the risks may exceed the benefits. Weigh the potential downside versus possible problems.
Published August 19, 2013