The Net Delusion - Evgeny Morozov [97]
Fans of “cloud activism” would point out that one way to avoid disasters like Memorial’s is to shift all data into the cloud, away from local hard drives and onto the Internet, thus making it impossible for the authorities to confiscate anything. To get access to such documents, authorities would need a password, which, in most countries, they would not be able to obtain without a court order. (Of course, this would not work in countries that have absolutely no respect for the rule of law; one can learn the password by torturing the system administrator without having to go through the courts.)
The possibility of using online word-processing services like Google Docs and dumping all important data on the Internet may, indeed, seem like an improvement over storing data on easily damaged, insecure hard drives lying around NGOs’ dusty offices. After all, the data could be stored on a remote server somewhere in California or Iowa, completely out of immediate reach of authoritarian governments, if only because it ensures that the latter cannot legally and physically get to the services storing it (or not immediately, at any rate).
While there is much to admire about this new cloud-based model, it also comes with tremendous costs, which could sometimes outweigh the benefits. One major shortcoming of producing and accessing documents in the cloud is that it requires a constant transmission of data between a computer and a server where the information is stored. This transmission is often done “in the open” (without proper encryption), which creates numerous security compromises.
Until very recently, many of Google’s online offerings—including such popular services as Google Docs and Google Calendar—did not offer encryption as the default option. This meant that users connecting to Google Docs through, say, insecure Wi-Fi networks were playing with fire: virtually anyone could see what they were sending to Google’s servers. Fortunately, the company altered its encryption policy after several high-profile security experts wrote a letter to its CEO, where they highlighted the unnecessary and easily avoidable risks to Google users. But Google is not the only player in this space—and where Google has the resources to spend on extra encryption, others may not. Making encryption the default setting may slow down the service for other users and impose new costs on the company’s operations. Such improvements are not completely out of the question, however. A strong argument can be made—hopefully, by lawmakers on both sides of the Atlantic—that forcing Internet companies to enhance the security of their services makes a lot of sense from the perspective of consumer protection regulation. Instead of giving such companies a free pass because they are now the key players in the fight for Internet freedom, Western governments should continue looking for ways in which their services could be made extremely secure, for anything less than that would, in the long run, endanger too many people.
But other insecurities abound, too. The fact that many activists and NGOs now conduct all their business activities out of a single online system, most commonly Google—with calendar, email, documents, and budgets all easily available from just one account—means that should their password be compromised, they would lose control over all of their online activities. Running all those operations on their own laptops was not much safer, but at least a laptop could be locked in a safe. The centralization of information under one roof—as often happens in the case of Google—can do wonders from the perspective of productivity, but from the perspective of security it often only increases the risks.
On Mobile Phones That Limit Your Mobility
Much like cloud computing, the mobile phone is another activist tool that has not been subjected to thorough security