Online Data Storage and Privacy

Last week Google, Microsoft, and Apple revealed updates to their online data storage platforms – Google now lets users purchase additional space for their various Google applications, Microsoft provides a Live Skydrive (essentially an online network drive), and Apple completely revamped their .Mac solution.

The idea behind these services is that people that are already using, or are considering using, the aforementioned companies’ online services and will be enticed by the idea that they could store hordes of information in ‘safe’ repositories; we can trust that neither Google, Microsoft, or Apple would lose our data, right? This isn’t entirely true – at least Google and Microsoft have previously lost client data and could not always restore it. Individuals cannot count on any of these services, though they are likely to be more reliable than personal backups. What’s more, these online solutions just make life easier by letting users stop worrying about performing personal data backups – this is their real selling feature.

There are issues that emerges with all of these services – first clients cannot know what country their data is being stored in, potentially leaving their data subject to foreign surveillance laws, and second clients cannot verify what any of these corporations are actually doing with their data.

Regarding the first issue, without knowing what locality your data is stored you never really now how secure your data is. If, for example, you happen to be a Canadian that uses Gmail and your email is being stored in the continental US, then all your email is potentially subject to NSA surveillance. No warrants are required for this surveillance and it is possible for the NSA to transfer data that they collect to local authorities, bypassing national privacy directives. Despite the promises Google makes to protect your privacy, they also note in the EULA that you agree to that, as an American corporation, they are subject to and obey US law. If you’re an American (and your data is being stored in the US as opposed to some other area of the world) this isn’t such a significant issue but for everyone else in the world it is. Regardless of the privacy agreement that you and a corporation agree to, the country where that corporation is based tends to have a final say over the actual privacy that your digital data enjoys.

Regarding the second issue, we already know that if you store your email with either Microsoft or Google that they cache your email and analyze it to provide you with targeted advertising, but both companies are notoriously unwilling to fully disclose how they examine your email. By providing more and more data to Microsoft and Google they can more effectively target you with advertising – as you become increasingly vulnerable to their manipulations by providing them with more and more personal data, they become correspondingly better and better at manipulating your online actions. The privacy agreements that you agree to do not preclude these companies from analyzing the information that is hosted on their servers and then using that information for their own strategic gains.

What this demonstrates is that current online privacy is a farce, with most agreements operating as placebo’s to mitigate potential clients’ concerns rather than letting them control their personal information. While many people who use online services often callously note that they realize everything they do is monitored, but that they’d trade their privacy for services that just work, I suggest that they analyze their claims. Most times these people adhere to dominant ethical-political norms and, as a result, do not experience the shame that is often felt when their norms conflict with the dominant social norms. (Alternately, they simply have not felt the backlash of shame from the publication of what they thought was private, and therefore secret, digital information)

What happens when people begin wondering if their communications will be measured against ideals – ideals that they may or may not be able to approximate, may or may not even be aware of? By disregarding the possibility of digital surveillance individuals are implicitly asserting that they have no reason to potentially feel shame about anything that they have said or done online, no reason to fear messages being brought up in the news as a factual description of their character. Moreover, they are asserting that they are not concerned about what other people have said about them! While data can be textured after being publicly disclosed, oftentimes the harm is already done and can never be repaired.

I really don’t think that it is the case that people have always acted according to dominant public norms at all times when they have been online – they have admitted some secret in an email, searched for some personally sensitive information using Google search, or ignorantly ‘flamed’ someone on a public web forum. By committing more and more data to online storage companies these companies can develop increasingly sophisticated digital dossiers – it is theoretically possible for them to know whether you are married, your sexual orientation, your religious beliefs, the car you drive, the people you enjoy spending time with, the restaurants that you like and dislike, your marital disputes, and what kinds of chronic illnesses and weaknesses you have. Most people would only be comfortable telling all of the above information to a trusted friend or family member – why should we give online storage companies the opportunity to learn as much about us as our mom’s and dad’s?

Mom and dad are supposed to have our best interests in mind – do you really think either Microsoft or Google do?