Reasonable Expectation of Privacy From Web Hosts?

Shafted writes "I'm in a bit of dilemma, and I'm wondering what fellow Slashdotters think regarding this subject. I've been hosting web sites for some clients for years using my own server. About a year and a half ago, I got a reseller account with a company that will remain nameless. They are, however, fairly large, and they did come highly recommended. Other than the usual slow tech support, occasional server overloading, and... well... typical support staff, it's been pretty good and has saved me from having to deal with problems like hardware and driving down to the colo at 4AM to figure out a routing problem. All-in-all, it was acceptable. Until yesterday, when I was asking for a relatively minor email-related fix, and by the tech support staff's response, they had accessed my MySQL database directly and looked at the contents; presumably, in order to tell me what I was doing wrong. Regardless of the fact that they missed the boat with regards to the support question, I found it surprising that they would access my database data without my consent. When I asked them why they were accessing the database without my permission, they've pretty much ignored me, despite repeated requests asking why they think this is acceptable. So, my question is this: Do I, as a customer who, according to the acceptable use policy, owns my data, have a reasonable expectation of privacy for the data which I own, despite it being hosted on a third-party's server? Or do web hosting companies have the right to poke around at everyone's data as they see fit?" Read below for the rest of the question. Shafted continues: "I did get a response from one of the higher-ups, who said it was ok - they were perfectly within their rights, and their privacy policy supports that. Problem is, I've read the privacy policy, terms of service and acceptable use policy, and nowhere does it make mention that they have the right to look at files or data. It does indicate that I am the one who owns the data (presumably to cover copyright infringement). Another fellow indicated he felt that, as site admin, he had the right to look at whatever he wanted on the site, whether it's his data or a customer's (he, from what I can tell, is not an employee). I can understand looking at data to determine whether it violates the AUP or TOS, provided that it's justified (i.e. a scanner or audit indicates that something fishy is going on). But since I haven't violated the AUP or TOS, do they have this right? Is this something all web hosting companies do? If it isn't expressly stated, either that they do or do not have the right, does that automatically give them the right? Is this an industry norm, or did someone make a mistake and they're simply unwilling to admit to it? I'd really like to hear what some of you have to say, knowing that many of you probably have sites hosted by third-parties, and some of you may work for web hosting companies. Since this is the first one I've ever dealt with, I'm unsure whether I should expect this anywhere else, and if so I may end up going back to self-hosting."

Slippery Slope?

[Kneo24]

Hmm... I can see your point. Nothing anywhere in their policies that you agreed state they have that right. And you also seem ok with it IF they suspect or even have proof that someone broke the agreement that both parties made.

Often times people will put private stuff on a server they rent/own and make the files/folder private so that they and a select few can only view the files. So what right does hosting company have to look at information that's private without my consent?

I think this goes beyond the "well I own it!". Guess what? When you rent out a house to other people, you don't have the right to snoop on your renter's. You can't just access their house whenever you please. There's an expectation of privacy and I think the same applies here.

My suggestion? Kindly tell them to fuck off and find another hosting company. I would suggest you make it public who this company is and what their practices are so the rest of us can avoid them too.

Re:Slippery Slope?

[DrEldarion]

They also have the right to enter when the tenant makes a maintenance request. If you think that "support call" = "maintenance request" then, well, there you go.

Re:Slippery Slope?

[topham]

Keep reading the legal requirements and you'll find out that 24hr access also requires a legitimate reason, not just any reason. Generally this means they need to justify it, even if it is afte the fact. They have the right the deal with emergency situations immediately, even without 24hr notice. This would include such things as smoke/fire as well as visible signs of a water leak. Still wouldn't give them the right to go through your dresser.

It is entirely unacceptable to access a customers database without explicit permission. Period.
Maybe they were trying to be helpful, that unfortunately isn't the point in this case. They have no business accessing it now without some more direct permission. I usually handle such things by talking with the appropriate customer on the phone and telling them what I am going to do. I let them ride along to the extent possible (shared screens, whatever) so they can see what I am doing. If that level of their involvement isn't possible I still ask for permission and do what's required then.

If they refuse then they are left with the possibility of losing access to the server, or its data, etc, as required to protect my servers and my business. That still doesn't give me the right to access their data because I feel like it. Even if they asked for help.

note: I will say that I've had understanding with specific customers in the past that let me do what was necessary whenever it was necessary. This is followed up by a report of what was done, giving them an opportunity to complain about it if they so choose. If they were to complain I accessed their data without permission then they would receive an apology, I would refer to the previous understanding, and confirm that it would not happen again without their explicit permission. Period. Anything else is unprofessional.

The problem here is the tendency of admins to feel like they OWN a server, instead of them having certain, specific responsibilities for that server. It's an industry wide problem, and is somewhat exhibited by the recent issue in San Francisco. (Of which I believe both parties are significantly in the wrong. It's a pissing match and the system admin is not entirely right. Without explicit cause (imagination isn't cause) you do NOT configure a device without storing it's configuration in Flash. If you do that on a number of routers and there is a power failure it would take far to long to get everything back up and running.)

If, by nature of trying to track down an unknown problem an admin sees data that is otherwise not theirs to see I expect them to keep it to themselves. Not to discuss or disclose the contents. Depending on the nature of the data I would, however, expect them to disclose that such an incident occurred. I don't want them hiding the fact they saw 100 credit card numbers while packet sniffing for a specific problem. However, actual disclosure of those credit card numbers make them subject to termination.

You own the box, not it's data. You are responsible for keeping it running to the best possible, if that means deactivating a clients access, or applications then so be it. It doesn't mean you can go digging through their files.

I don't get why people don't understand this.

Re:Slippery Slope?

That's not the same. Imagine that you call your landlord because, I don't know, a window's broken. He comes in while you're at work and fixes it (which is fine), but then you find out that he also went to your bedroom and read your diary.

This is exactly the same situation. Your landlord doesn't need to read your diary to replace the window, and despite the fact that he owns the property and despite the fact that he's there with your knowledge and consent, he doesn't have the right to read it, either.

The same goes for the webhoster.

Re:Slippery Slope?

[cdrudge]

I see we've lived in the same apartment complex...

I don't know if it's legal, but it's unethical.

[Vellmont]

Who is this hosting company, and why are you protecting them? People should know what they're getting into when they enter into an agreement, and it sounds like this company isn't doing that. I don't know if this is "industry standard", legal, or whatever, but I'd run away very fast from this hosting company. Find another hosting company that'll give you assurances in writing that they won't look at your data without your permission. They can't ALL be douche bags.

Re:You're a dumbshit.

Wow.. I think this is the first time I've seen an Ask Slashdot so comprehensively addressed in the first comment. Nice going, dude!

As this issue has been so speedily resolved, I propose this discussion be archived immediately and we all move on to more contentious, problematic issues in other stories.

Re: People looking

[TaoPhoenix]

Isn't this the great flaw of Cloud Computing?

Playing in the clouds is convenient, but should probably be focused that way. Do serious stuff locally and transmit it as needed.

Re:Even for dedicated servers, it's hard

[TheRaven64]

There's no standard way to give out a permission that allows only the operations a co-location facility might need to perform - startup, shutdown, IP address change, and maybe encrypted backup

Actually, there is. First thing to note is that 'root' is just a name. It is UID 0 that is powerful, not the user named 'root'. You can create an account called root which has a different UID and it is just another user - give this account / password to the colo company and they will only find out that it's not root if they try to do something evil. Then, just give them permissions to modify the network config files and run shutdown / reboot as root and you're set.

Alternatively, you can create a 'colo' user which has write access to the network config files and has sudo access to the shutdown command, which might be cleaner, and if they complain about this limited access then move hosts.

Re:I've had worse.

[Allicorn]

REN Now, listen, Cadet. I've got a JOB for you. See this button? (Stimpy reaches for the button) DON'T TOUCH IT! It's the HISTORY ERASER button, you FOOL!

STIMPY So... what'll happen?

REN That's just IT! We don't KNOW! Maayyyybeeee something bad?... Mayyyybeeee something good! I guess we'll never know! 'Cause you're going to guard it! You won't TOUCH it, will you?

(Stimpy salutes. Ren leaves.) REN Hehhhh... hehhhh... hehhhh... hehhhh...

(Stimpy marches back and forth, staring at the button.) ANNOUNCER Oh, how long can trusty Cadet Stimpy hold out? How can he possibly resist the diabolical urge to push the button that could erase his very existence? Will his tortured mind give in to its uncontrollable desires?

(Announcer grabs Stimpy, forces him closer to button) Can he resist the temptation to push the button that, even now, beckons him ever closer? Will he succumb to the maddening urge to eradicate history? At the MERE... PUSH... of a SINGLE... BUTTON! The beeyootiful SHINY button! The jolly CANDY-LIKE button! Will he hold out, folks? CAN he hold out?

STIMPY NO I CAN'T!!! EEEEEYAAAHHHH! (pushes button)

Re:encrypt your data or dont co-lo

[wtfispcloadletter]

Every colo I've seen in the US has a similar policy. In a colo situation it's your hardware in their facility. Some places have it setup so if a drive (or some other piece of hardware, RAM, power supply, etc) they can replace it for you, if you have a spare and you pay for that service. But other than that, they don't and can't (well not suppose to) touch your server.

This guy was in a colo, but decided to move to a webhost. It's no longer his hardware, just his data. Even if he has a "dedicated server" plan it's still their hardware. If your site is causing performance problems on their network, they can and do look into things without ever asking for your permission. They probably won't even inform you unless they determine it is your site causing problems. Then most hosts will shut you down or disable the script/database causing the problem, THEN inform you of the problem.

Re: People looking

[Legion_SB]

Isn't this the great flaw of Cloud Computing?

No, because that's what encryption is for. I use Jungle Disk to mount my Amazon S3 data as a network share on all of my systems.

Jungle Disk allows me to encrypt my data before it is sent to Amazon's servers. Short of cracking the 256-bit AES key the data is encrypted with, Amazon can't dig through my data.

Maybe for a web-based application, this wouldn't make sense, but at least in terms of storing my data in the "cloud" for retrieval and use by various client-side apps, there's no "great flaw".