Recently I spoke at the BIL conference in Long Beach, Calif. One of the other presenters was Brad Templeton, chairman of the Electronic Frontier Foundation. Brad is widely known on the Internet (and in the legal community) for writing about political and social issues related to network computing. He's also the author of "10 Big Myths about Copyright Explained," and he coined the term "spamigation" in response to the massive lawsuits undertaken solely for the purpose of harassing and intimidating defendants.
At BIL '09, Brad gave a presentation entitled "The Evils of Cloud Computing: Data Portability and Single Sign On." I wanted to give Brad the opportunity to discuss the problems he sees and propose solutions to the cloud computing community, so I asked him a few questions. This way we won't speculate or judge what Brad means when he calls cloud computing "evil."
[ It's good to figure out the "evil" quotient of the cloud now because cloud computing is shaping up to be the big trend for 2009. ]
Do you think cloud computing is inherently evil or just inherently dangerous?
I use the word "evil" as hyperbole. [Cloud computing] has many positive attributes, but right now, people are taking it as entirely positive. It is the hot thing, the "obvious" way to design new applications. What is important is that people understand some of the dangers, see if they are worth it, and see if they can avoid them.
You wrote, "Cloud computing is time-sharing -- we run our software and hold our data on remote computers and connect to them from terminals. It's a swing back from personal computing, where you had your own computer, and it erases the Fourth Amendment by putting our data in the hands of others." That sounds evil to me, but I'm not sure cloud computing is so well defined. Propose a definition that wouldn't "erase the Fourth Amendment."
The term is typically used to describe an application design where the computers doing the real work, and storing the data, are "in the cloud" (ie. remotely accessed over the internet.)
The 4th amendment protects your personal data when it's in your house, and other places where you have a "reasonable expectation of privacy" to use the legal term. Unfortunately, the courts have ruled that you put information in the hands of 3rd parties, even if only for a very specific purpose, you can lose that expectation. So the DOJ regularly acts to seize data in 3rd party hands without warrants -- for example from webmail providers -- and this will surely expand to all sorts of cloud data.