I get emails on occasion questioning me as to why I am so adamant against putting things like CAD data on the cloud. I know the cloud is going to be common place for many more things in the near future than it is today. But the seriousness of your jeopardy there can’t be understated nor plausibly denied. Reading ZDNet stuff today and two articles rear their frightening heads.
In part I quote.
“U.S. Patent No. 8,254,902, otherwise known as “Apparatus and methods for enforcement of policies upon a wireless device,” was granted in late-August, and would allow phone policies to be set to “chang[e] one or more functional or operational aspects of a wireless device […] upon the occurrence of a certain event.”
What that means in real-terms is “preventing wireless devices from communicating with other wireless devices (such as in academic settings),” and for, “forcing certain electronic devices to enter “sleep mode” when entering a sensitive area.”
What this also means is what can be disabled can be enabled and can be set up no doubt to transmit data back to whomever. I thought people figured I was over reacting to this kind of stuff when I talked about just this type of vulnerability with iPhones and the Chinese who make them. I am quite certain they would NEVER take advantage of this for back doors now would they. ” Could you prease turn you iPhone little, we need better picture” was a comment I made then and now this is in the news. Courtesy of the Cloud and Apple which has a really bad rep for creating hostages and data mining anyway we have your complete junior corporate/hostile government espionage kit soon to be included with every new iPhone. Now it’s not just iPhones that could be capable of this but I think they seem to be leading the way in this corrosive technology.
One of the other things is how much access your government has to your data because you allow it online. http://www.zdnet.com/bad-assumptions-about-cloud-computing-and-the-patriot-act-7000002614/
It was my assumption originally that the Patriot Act which was supposed to provide for the protection of US citizens had as its primary goal a George Orwellian motive and utilised hysteria from 9-11 to get it through. Well Animal Farm is here and along with it the ability of many to access your data and never have to tell you about it. ( By the way, Ayn Rands book “Atlas Shrugged” and George Orwell’s book “Animal Farm” are worthy reads for you and your children if you have not already done so.) Apparently when BAE defense in Europe decided to not renew various Microsoft Office products based on what they perceived to be security risks to their data because they felt the US government could access everything as Microsoft was an US company. It turns out there is no safe haven and the Europeans are doing the same to their own citizens to.
Corruption and crony capitalism involving government officials is well-known and sadly appears more and more to be widespread. How easy it has now become to force access to your data through this mechanism of domestic security via the vehicle of bribery or influence peddling. Do you dear reader trust the foxes guarding the hen-house to leave the eggs alone? Do you see any justification anywhere they are trustworthy? I see Eric Holder in this country doing as he pleases with your stuff for whatever reason and who is going to chasten the corrupt top cop? I see companies like Google harvesting tons of things to be used for whatever reason and not telling you what or why. I see the Chinese government who has built a huge economy in part through theft of intellectual property utilizing subpoenas to get what they want when they can’t hack it their way into it.
Now I have laid some actual and philosophical reasons out here for you to consider. I want you to think seriously about what I have said so far and then remember what is the common single thing that makes all this jeopardy possible. It is a method of data mining that you can’t stop or prevent except by one thing and that is to not allow it to happen in the first place. The ONLY known method to stop this type of breach is stay offline. Yes I know the iPhone has a camera that could be used just like a camera for later uploads but remember that the back door I am talking about here is enabled and directed over the web.
I don’t have any good answers for companies that are geographically diverse and feel the need for data transfers. It is in many ways a competitive advantage I know but how can any of this stuff be made truly secure? I do believe it is time for companies to start a serious review of security measures however from allowing iPhones into your facility and onto the shop floor to what data can you afford to lose by exposure to the internet.
I remember reading of a story where the Russians were interested in some of our aircraft some time back. Well of course they were not allowed to take cameras into the facility but they did take sticky soled shoes in there and wandered around machining areas where they captured alloy samples which they took back with them. The jeopardy for your data lifeblood today is far more pervasive. I fear in many cases the thief is invited in through the corporate boardrooms where promises of security are believed and myopia prevents anything past purview of cost cutting for the next quarter. And make no mistake, the thief IS invited in when you use the cloud. Now you have to determine if the jeopardy is worth it.
It goes over old ground Dave and it does not provide the protection your outlining but software EULA did provide an early warning many chose, and continue to choose, to ignore. In ignoring what was laid down some time ago, the foundations of the cloud calamity were sown.
Autodesk’s coming-out of CIP was an early demonstration of seeding customers’ business computers, without the customers’ knowledge, with “send data back” Trojan software is a classic example how business software users have allowed their business data security to be thoroughly compromised and as you say their myopia prevents them from admitting their failings.
The clincher for me taking the stance I did with Autodesk, and now others software vendors, was Autodesk’s REFUSAL to validate what we proved they had done. The data we captured proved once and for all Autodesk could not afford to publicly confirm what they knew I had because it would sink them.
CIP remains an abuse of customers and an abuse of the internet/cloud; and in this simple unconscionable form of data theft provides the only data needed for companies to avoid, at a cost, the internet except under very strict control.
Speaking out about what was about to happen, years ago, did destroy my business.
A twist on the problems we face in the future came from the lips of our Federal Attorney General yesterday, announcing the government’s intention/consideration to bring laws into play requiring ISP etc. to retain copies of every persons internet traffic for a period (of two years) to track criminal activity.
This of course has wider implications and is yet another reason why, the use of the internet for, business data transfer needs to be very carefully considered or avoided.
Hi Paul, Yes it does cover old ground but I persist. I am amazed at how many people ignore things and then after you have written about it for the umpteenth time they discover it. What ever happened to the other warnings and comments who knows and why did they not have interest earlier. My purpose in writing is to be a little voice that comes up with evidence to the contrary that these cloudies would prefer readers never see. Perhaps it is futile but it just gripes me that none of these cloud purveyors ever tell people honestly of all the huge risks.
People are strange. You do bring up a point I have been thinking of though. I am pondering losing interest in this cloud stuff and just watching out for myself. I am with a CAD software company that at this time as far as I can tell does not have any intent to force the cloud. I am to the point in my life where since so much of what I produce is from my own designs that I could easily afford to use what I have for the next ten years and not spend another dime in yearly fees. I can afford to drop out of all this cloud and keep current expenditure mess within a year or two and I just may do so.
Dave, I made the comment speaking out destroyed my business and it did. The difference, for me though, is that my business was in supplying/supporting/training the very products owned by a vendor who consciously chose to use their EULA to the customers disadvantage; compounding their deceit by installing Trojan software to thieve customer data. Autodesk’s management chose to act unconscionably and chose to, and continue to hide, what they were/are doing. An expanded, more controlled, use of the “cloud” by vendors, as you point out, multiply the problems already in place.
I chose to speak-out knowing full well the consequences. Once I realized users laziness, meant I was going to be left to stand on my own I did take steps to directly and publicly (my blog) document my position.
Whilst not out there writing much at all now I do think it’s important to take each opportunity and I think what you’re doing is correct and, do believe there are far too few, who do know the traps, with the courage to publicly take on the vendors.
You know about this place don’t you
NSA Data Center Utah
Good article Dave.
A friend of mine worked for a startup company they had (approximately 150 employees at their peak) last decade. They were a victim of espionage the old fashion way with people inside, foreign nationals.
By the time it was discovered, they foreign nationals were asked to leave, they all went back home to China to a facility that was a duplicate of the US based company, but they had 1000 people working there.