The cloud: who owns the data

I recently seen a presentation of a good friend of mine and an excellent software architect, Radu Vunvulea, about who owns the data in the cloud. I didn’t see the presentation per se – I only seen the slides, but I have a few thoughts on the issue as well, as it became more important in the recent days, with our Facebook debacle.

I will not explain what the cloud is – it should be pretty clear by now. I will not have a technical explanation – you won’t need it.

So who owns the data in the cloud? The specialists tell us that we own our data in the cloud – we’ll see that everyone from Microsoft, Amazon, Google, even Facebook says that we own the data in their cloud. And it’s a nice fantasy – these well-to-do people will not touch my data.

Although…

Let’s put things from a different angle. One of the ideas that I love from Dune was that he who is able to destroy a resource owns that resource. It’s generally true for a lot of things, and it’s especially true about your cloud data. Who really owns the data in the cloud?

Everyone pretends it’s you. It’s easy to do that, it’s moral to do that – Radu quotes from the SLAs from Google, Amazon and Microsoft, and they all almost guarantee that you own your data, as you can see from his slides (14-16):

[slideshare id=82910792&doc=whoownsdatainsidethecloud-171128154758]

Is it, though? Going on the logic of Paul Atreides, do you really own your data? Or is the data at the discretion of the cloud owners, and you’re a mere user?

Technically, you can destroy your data. There is absolutely no guarantee that deleting your data from the cloud actually deletes anything – and sometimes, a history is kept of your files. For your own good – some services might allow you to restore your data when accidentally destroyed. So you cannot really destroy your data, it’s a bit more complicated than that.

Even if, in all honesty, the cloud provider destroys your data, do they really? Do they really wipe your data or do they mark some sectors on some hard disks (or SSDs) for deletion? Do they really overwrite your data with zeroes and ones to make sure that nobody can recover it when deleted? Most likely they don’t.

But if they so choose, they can do that, they can absolutely choose to destroy your data, as they control the storage completely. Is your data safe? Absolutely, as long as you trust the cloud provide that they won’t try to read it, process it or destroy it.

And in the light of recent events, allow me to recount the story of Ioana Laura Florescu, also known as Marcica Belearta, who is now banned from using Facebook and almost lost all her poetry because she used one bad word in 2009.

Marcica is a small celebrity in Romania – she is suffering from Multiple Sclerosis, a degenerative disease. For her, there’s no turning back, especially as in Romania she receives a pension of under 150 euro and she’s not allowed to work or earn any money. However, she turned towards poetry, and she used to publish almost daily small poems in Romanian. She became quite quickly a celebrity – she’s funny, gory and witty at the same time. She became better known when part of her pension was denied because she earned a ridiculously small amount for selling a few poetry volumes. She then used Facebook to let people know about her strife – and managed to bring the issue to the attention of the entire Romanian nation.

However, a few weeks later, her account, the only place where she created her poetry, was first suspended, then deleted by Facebook. Her whole work, removed by an automated tool, because someone claimed she’s not who she is. The place from where all this started? A bad word she used in 2009, in a Facebook post. And, probably, a handful of mean reports. Of course, Facebook can claim that your data belongs to you, but it doesn’t.

I think this is a cautionary tale – that we should trust less the good will of our providers, who, after those wonderful intentions and guarantees they offer have huge licenses that allow them to do whatever they please with your data. I’d go against storing private data or important data in the cloud. I’d suggest to have your own data base((don’t confuse with database)), with your own backups, your own collection strategy, because your data in the cloud can disappear at any point in time. You don’t own it, because you’re not the one who can destroy it, and you cannot deny others access to it because you’re merely asking others to manipulate that data for you.

If you really want to, go for private clouds. Sure, you can go ahead and use the cloud for public data, and do your backups regularly – I, for one, publish my history podcast by storing it in an Amazon S3 bucket, and I’m relatively happy with doing that. But if it’s private data, sensitive data, don’t, just don’t. Host your private cloud, ensure the safety and the continued service of your important data – and your clients’ data as well. Yes, it does cost a lot more. But you’ll be better off overall.

So, to sum things up: who owns the data in the cloud? The cloud provider, then you. Maybe you, if they let you.