That data, actually OUR data, in the Cloud

  • Awareness
  • 30/03/2016
  • Luxembourg Safer Internet Centre
Nowadays, the Cloud is everywhere. For most users, this technology is assimilated to some sort of a digital extension of their technology-related hardware. If from a technical standpoint the Cloud is not a revolution but a mere evolution of online services, the Cloud nonetheless changes the relationship between us, as users, our computer equipment, our data and our Internet Service Provider (ISP).
 
The Cloud allows users to access a single internet-based service using several types of IT equipment such as computers, smartphones, or any connected device. It includes all the features that often manage our photos, videos, documents, and more generally all the data that make up our online life. However, one thing is clear: the Cloud is made of online services crunching our data and running on computers belonging to someone else.
 
But there is something important to remember: the data belongs to us. Third parties can only do with our data what we authorise them to do.
 
As a unique gateway to our data, it is our responsibility to secure our Cloud. The usual best practices also apply in the field of general public use of information technology. Passwords must be long and non-obvious - use a complete sentence and add special characters, therefore evolve from a password approach to a passphrase. And of course, never use the same password for multiple accounts. Most of the Cloud services also offer two-factor authentication: it provides a better level of safety, since it relies on other devices such as our mobile phone for all transactions done on our accounts (such as, but not limited to, changing a password). Most of the public Cloud services provide this option.
 
The biggest change brought by the Cloud and the related massive widespread adoption of web services by the general public is a shift from technical security to legal security.
 
None of us read the terms of use. But would we buy an external hard drive for doing backups on our computer if it was clearly stated that the hard drive might stop working for any reason and we accept, by using it, a complete lack of warranty? Would we buy a picture camera which grants the company creating the camera a right to reproduce and commercialise, for any reasons and by any means, our own pictures? Would we use the services of a Post Office which would allow itself to read all of our mails and deliver, in return, targeted advertising?
 
Such clauses are unfortunately fairly popular in the Cloud. "I have read and accept the terms of use" is most probably one of the biggest lies on the internet. The core issue is the fact that people completely underestimate the impact and related consequences of such contracts.
 
Threats to our data
One should, as much as possible, restrict use of the Cloud to actual needs. Ask yourself: do you really need to activate all the services (shared credit card numbers, shared passwords, shared browsing history…)? Be aware that all Cloud services depend on the sustainability and goodwill of a supplier. Services might change over time. Also, on certain Cloud services, we may grant our provider the right to use our documents and data content. This option is specified in the terms and conditions, which we should read. Seriously. Read them and understand their terms.
 
As for shopping in the Cloud, available products are often limited to a right of use linked to a specific platform. These products can be impacted by some Digital Rights Management systems that may limit or even prevent us from using the goods as we please.
 
Finally, the technical architecture of the Cloud impacts all our data: (1) we cannot really be sure that your data is destroyed, (2) we cannot know for sure who can access our data, and (3) we cannot know what is done to our connection and usage data (advertising, profiling, etc.). We should keep this in mind next time we intend to get any goodie set among the Internet of Things (IoT) - always uploading data to the Cloud… and the galaxy.
 
Today we can work, play, socialise and watch photos or videos in the Cloud. Even if there are risks, the Cloud remains very useful for those who have multiple internet-connected devices. But, like any tools, great potential comes with great responsibility.
 
Clever Cloud User is the campaign held by BEE SECURE in Luxembourg, coordinated jointly by securitymadein.lu, the Service National de la Jeunesse (snj.lu) and KannerJugendTelefon (kjt.lu), and co-funded by the European Union.
 
 
Article written by Dr Matthieu Farcot and Emilie Muller, securitymadein.lu, for BEE SECURE.
 
 

Related news

How safe is your password?

When was the last time you changed your password? Do you use different passwords for each site or service you access online? How do you screen friend requests on social media? Today, 4 May 2017, is World Password Day and it's a great opportunity to reflect on your own password habits and raise awareness of the importance of keeping passwords safe and secure.

Helping schools with data protection compliance

  • Awareness
  • 30/03/2016
  • UK Safer Internet Centre
For many years, schools have been required to be compliant with data protection laws. Many of us that work with schools are all too aware of the difficulties they face in achieving compliance. Here at the South West Grid for Learning and the UK Safer Internet Centre (SIC), we know that schools work to achieve compliance through a variety of means. Some rely on local authority staff, or the Information Commissioners' Office for support, advice and training. What is clear is that practice remains inconsistent and that data breaches are occurring.
 

Is it true that the data we post online remains on the web forever?

  • Awareness
  • 30/03/2016
  • Greek Safer Internet Centre

This question was posed several times by pupils of secondary education during a series of webinars that the Greek Awareness Centre implemented across the country from December 2015 until March 2016, in collaboration with the Computer Technology Institute & Press ‘Diophantus', and with the aim of raising awareness on the importance of our (data) privacy.

Debating data protection with Danish adolescents

  • Awareness
  • 30/03/2016
  • Danish Safer Internet Centre

Your digital footprints often seem to be invisible, but what are you really agreeing to when confirming ‘Terms & Conditions' in an app? With the newly proposed General Data Protection Regulation (GDPR), it is as relevant as ever to put the spotlight on the data protection and the digital identity of youth.

Data protection: How to protect one's privacy on Instagram and Snapchat... with step-by-step privacy guidelines

  • Awareness
  • 30/03/2016
  • Austrian Safer Internet Centre

Pictures, videos and emojis are becoming increasingly important for online communication – especially with children and young people. Two of their favourite apps for sending photos are Instagram and Snapchat.