The switch to cloud services and storage has been on so long that many companies, even large companies, positively scoff at the idea of running their own servers. It’s possible these days to have an entire software infrastructure and business applications delivered totally online. Instead of setting up a server room, many companies instead opt for a fat internet connection and a handful of wireless routers.
But individuals and companies should be thinking about the information being stored in the cloud and who may have access to it. Not all providers are alike when it comes to their Terms of Service as it applies to the sanctity of your data and a few may be routinely scanning everything you upload to cloud storage.
The Best Of Intentions
Some of these routine scans of data being stored in the cloud are being used to screen for child pornography. There is even a screening system developed by the National Center for Missing and Exploited Children (NCMEC), a nonprofit organization established by Congress and funded by the Justice Department.
A Maryland man was recently arrested for possession of child pornography when Verizon Online found 23 suspect images during a routine sweep.
Other times scans are looking for material covered by copyright. This quickly becomes a more questionable practice when people are uploading copies of movies and music they might legally own.
While it’s hard to feel overly protective of people trafficking in child porn or pirated movies, the routine scanning of files being uploaded to cloud storage should be a concern to private individuals and businesses alike.
Not All Cloud Storage Created Equal
Not all cloud storage providers use their ToS as carte blanche to scan user files. Some services, like Dropbox, Amazon and Google do not routinely scan files but only investigate when there is a reasonable suspicion of criminal activity. One provider may treat your data like they own it, others respect your data property and respect due process when responding to investigations.
How do you know the difference between the good providers and the bad? You have to read the Terms of Service and ask those questions. Even at that one nagging reality will remain and that’s the ability of the vendor to change your Terms of Service, often without any notification. The issue becomes even more of a grey area when cloud storage providers file for bankruptcy protection or sell out to another vendor. Many of these issues have not been litigated and the laws are unclear.
Absolutely individuals and companies should utilize the convenience of cloud storage but do not do so without a clear idea of the terms and what it means in practical terms. Larger data customers may be able to negotiate specific changes to the Terms of Service for their account, it certainly doesn’t hurt to ask.
In the meantime, I would suggest using the same mindset toward cloud storage as company email; the safe course is to assume everything you send out is being monitored.