The rapid ascents of big data analytics and cloud storage, along with the emergence of unprecedented Web surveillance by both cybercriminals and states, have rekindled a question that IT professionals and consumers alike may have thought a relic of the past: Where should data be physically stored? Although age-old media like magnetic tape and hard drives have been disrupted and in many cases replaced by virtualized storage, companies and individuals have hardly escaped the issues of data privacy and security, both of which are highly contingent upon where, how and by whom data is handled.
If anything, the rise of remotely hosted computing has made it more difficult than ever to ensure that sensitive information is handled with the care that it deserves. At the same time, the proliferation of ever-smaller and more intimate computers, including smartphones, smartwatches and wearable tracking devices, point to seemingly insatiable consumer demand for collection of ever-increasing amounts personal data. Although individuals appear to implicitly trust Web companies to take care of delicate information like sleep patterns and visited locations, many of them are likely unaware of where data is kept.
As Web services providers and IT departments wrestle with surging data volumes, they must step up to the plate and offer transparency about their storage practices. In addition to providing actionable business intelligence, big data projects should be respectful of consumer privacy and mindful of possible threats. With copious amount of information often concentrated on only a few cloud servers, security professionals also have an obligation to help companies guard these items and ultimately find a balance between keeping up with customer demands and being diligent about safety.
Big data and issues of trust
Big data has made sensitive, personally identifiable information into a tradable commodity. Writing for The Washington Post, Cecilia Kang reported on Google’s upcoming update to its Terms of Service, which has ignited controversy due to a new provision allowing the Web services giant to utilize its considerable stores of user data for the creation of “shared endorsements.” These advertisements pair some users’ names and portraits – taken from their Google+ accounts – with products, locations or online content that they have previously viewed or liked.
Facebook has already rolled out a similar feature. While users can opt out of Google’s service, advocacy groups have pushed the Federal Trade Commission to review the privacy implications of the changes, which demonstrate how individuals can be blindsided when they have only minimal visibility into how their data is being handled. By the time data privacy issues do come to the fore, it may be too late to change course and give consumers viable alternatives for storing their data.
In a piece for VentureBeat, Intel’s Andy Thurai and David Houlding highlighted a similar shortcoming common among big data services providers, namely that many of them are insufficiently transparent about which data centers actually handle their customers’ information. While the most immediate impact of such opacity is the loss of customer trust, such as in the case of Google’s endorsement, the long term impact could be more severe. Cloud companies could create byzantine data center arrangements, spread out over many countries with different privacy laws and serviced by a host of third-party partners, and they would only be called out if and when a security or issue occurred. Ultimately, consumers need more say in how their data is handled.
“Providing corporations and their target consumers with visibility into where and how their information is processed can establish and build trust,” proposed Thurai and Houlding. “Imagine the power of users being able to choose where their data is processed, or stored, as opposed to being at the mercy of the big corporations and data consolidators.”
Wearable devices create unique challenges for data privacy and management
Big data has taken off not only because of advances in cloud-based technology, but also because of a shift in the types of computers that consumers use. Thurai and Houlding specifically highlighted wearable mobile devices like Fitbit and Google Glass, which can be taken anywhere and be used for gathering lots of data even while wearers are not actively engaged with them.
For users, handing over information like pedometric data or point-of-view photographs may not seem like an issue, at least until those items reappear in an advertisement or fall into the wrong hands after a cloud server breach. However, the privacy issues that wearable devices, especially Google Glass, create for others may give consumers a sense of what it could be like to effectively lose control over how personal data is gathered.
The New York Times’ Nick Bilton examined how Google Glass, a heads-up display with an embedded camera, can take photos without any visible point-and-click action. Without doing anything, a bystander’s image could be funneled into Google’s big data repository, where its fate and reach could be unclear.
“Today we live in a world with more than a billion smartphones with built-in cameras,” wrote Bilton. “But, there is a difference between a cellphone and a wearable computer; the former goes in your pocket or purse, the latter hangs on your body.”
Accordingly, transparency about data storage has implications beyond just Web safety. It is also vital to the future of device design and usage. Opaque practices encourage consumer passivity about security and privacy.
Will the cloud become a series of walled, nationalized gardens?
Recent changes in the global cloud computing market provide one of the most prominent examples of how transparency about data handling and location issues are coming to the fore. VentureBeat’s Sean Ludwidg cited research estimating that U.S. intelligence efforts could cost the industry $180 billion as customers relocate services and find assurance that data will be kept private. Member states of the European Union have been particularly keen to implement regulations governing the movement of cloud data across national borders.
“It would be a sad outcome of the surveillance disclosures if they led to an approach to Internet policy-making and governance in which countries became a series of walled gardens with governments holding the keys to locked gates,” U.S. Commerce Department general counsel Cameron Kerry told The New York Times. “But that is where we will end up if all data has to stay on servers located in the nation in which a citizen lives or where a device is.”
To avoid such a reality, cloud providers, device makers and the security community, not to mention consumers themselves, should push for sensible standards that enforce transparency about data handling. Only then will all parties feel confident that privacy is being respected and that big data and smart devices can be used without becoming security liabilities.
