Slashdot Mirror
US Government: You Don't Own Your Cloud Data So We Can Access It At Any Time
New submitter jest3r writes "On Tuesday the EFF filed a brief proposing a process for the Court in the Megaupload case to hold the government accountable for the actions it took (and failed to take) when it shut down Megaupload's service and denied third parties access to their property. Many businesses used Megaupload's cloud service to store and share files not related to piracy. The government is calling for a long, drawn-out process that would require individuals or small companies to travel to courts far away and engage in multiple hearings just to get their own property back. Additionally, the government's argument that you lose all your property rights by storing your data on the cloud could apply to Amazon's S3 or Google Apps or Apple iCloud services as well (see page 4 of their filing)."
Anyone surprised?
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Does this mean that my backups to Barracuda Networks cloud service are no longer mine? This would kill cloud services.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Nice move government you just destroyed pretty much all of the cloud computing industry.
Huzzah.
Does this mean that all of those copyrighted works I am hosting "in the cloud" are no longer the property of their respected copyright holders? I can see this being argued in all sorts of funny ways.
>Additionally, the government's argument that you lose all your property rights by storing your data on the cloud
Bullshit. I don't lose the rights to my property if they are in the temporary posession of a third party. If it was so, then nobody could rent anythiing ever or even check a coat.
Hurr.
--
BMO
At least with Drop box, even if the cloud goes down I still have all my local copies. Won't stop the feds from digging around my data, but at least I won't have to fight in court to get it back.
All of our BDR servers also run on a triplicate model - the original data, the data on the backup server, and a copy of the most critical data in the cloud just in case the building catches on fire.
Occasionally living proof of the Ballmer peak.
not sure why I'm surprised at the stupidity of this and how it impacts every cloud computing business. So long Amazon cloud service, Azure, Google, and any other service that claims protection in the cloud.
Most of my money is "stored" by my bank, backed by promissory notes which in turn are notionally backed by gold deposits stored in some other location that my bank doesn't know about. It's all in the cloud, and has been my entire life. Do I still have property rights over that?
cloud storage is an easy target: it hosts data of many individuals, and is a single entity. Of course govt will want easy access to that, since that's a lot simpler than requesting access from each person separately.
And that is why I never wanted to use cloud storage. I didn't need it also, to be honest. I always prefer my personal servers that I manage myself, and can encrypt & backup at my own desire.
#
#\ @ ? Colonize Mars
#
GPG and LUKS for the win!
Recursively placed truecrypt drives for your financial documents, cat pictures, and whatever else you REALLY don't want them to see.
Shouldn't the EFF argue that a cloud service is the equivalent of a bank's safe deposit box? Someone else holds your property on your behalf. For SDBs, the government needs a warrant...just like if your stuff was in the cloud.
Does this mean that my backups to Barracuda Networks cloud service are no longer mine?
I don't get where supposed rational technical people on Slashdot of all places, think that any data they transmit over public networks NEVERMIND then storing said data on hard drives owned and physically controlled by someone else, was ever YOURS.
Forget law. The physical reality of the thing is that by definition, any data you are keeping on devices controlled by someone else is never really yours. You just might be able to access it, and even that is never guaranteed.
Cloud backups are great as a cheap last offsite resort but are not the same as backups that you physically control. You should never have data you care about recovering on a cloud service that you do not also have in multiple copies on devices you own.
Any other notion is just fantasy.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The courts established a long time ago that you don't have the same property rights under the 4th amendment when it's stored with a third party.
I've raised this issue whenever I hear that a legal office has outsourced their mail service (do they still have attorney-client privilege if the information has been 'shared' with the ISP?)
There are two issues -- (1) does it require a warrant and (2) do they have to notify you of the warrant (so that you can contest it) or only the party holding the information?
There was an article on the topic in the Journal of Consitutional Law a couple of years ago. One of the key things -- ECPA considers any email stored for 180 days can be obtained from an ISP without notifying the user. There was a case in 2008 that found that argued against it and the court agreed, but the case was overturned on other issues so the decision never stood as a precident. It has some interesting things to consider, such as the issues with using a cloud-based thing client without knowing it (in the example, a kid setting up a computer for his uncle), and losing their fourth amendment rights.
Build it, and they will come^Hplain.
By your logic the money we keep in the bank isn't ours either.
or, for that matter, the skulls in my safety deposit box...
When the governments of the USA and Iran are using the same playbook you shouldn't really be surprised by stuff like this.
I don't get where supposed rational technical people on Slashdot of all places, think that any data they transmit over public networks NEVERMIND then storing said data on hard drives owned and physically controlled by someone else, was ever YOURS.
Sounds a lot like stuff transported over public roads.
You moved it in your car from your house a the local U-Haul storage locker. You used an Interstate Highway. Therefore it's not really your property. Now the government can come and take it at will. Great logic there.
A Pirate and a Puritan look the same on a balance sheet.
Dose it apply to http://aws.amazon.com/govcloud-us/
thank you.
the tranport has NOTHING, NOTHING to do with your privacy and rights.
why link the two? this is playing into their trap!
"oh, but you stored it blah and it went over blah and it left your house ..."
so fucking what!
seriously - so what. and I wrapped it in a blue envelope and its 'we hate blue envelopes day' today so we get to keep it.
arbitrary reasons, repeated many times, does not make them have any more sense and reason.
yes, my data went over wires I don't own. SO FUCKING WHAT!
what's next: anything that's not kept in your hands 100% of the time is open to be taken away? where does this encroachment end?
--
"It is now safe to switch off your computer."
Nothing is ever "really" yours, since property is just an idea.
But I'd say that an encrypted blob (encrypted locally!) in a cloud service somewhere is more "yours" than an unencrypted blob in a hard drive in your home. Most people don't live in bunkers where you need more than a few tools to get into, but an encrypted blob requires you to disclose the passphrase (voluntarily or not).
Dilbert RSS feed
Of course it isn't. The banks can keep you from your money any time they want. They've actually done it in the past. The only thing keeping them from just right out claiming your money is a fragile social contract...
But yeah, I know, that's just crazy talk...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Logic is sound. We don't necessarily own the money we place into banks. MF Global comes to mind. Furthermore, try to take out a large amount and see what happens. Either they won't have the cash on hand (call ahead to get your money!) or you're going to have some paperwork to fill out. To, you know, prove you're not funding terrorism or something. There are limits to what one can do with one's money after it's been deposited. Using a bank, one is essentially storing money for them to use as loans, investments, what-have-you. Nothing necessarily wrong with that, banks can be a good thing but to think that one has total control over their money once it's deposited? Wishful thinking. There will be at least some hoops/questions to answer when closing out an account, withdrawing large amounts. From personal experience, trying to be vague in the explanation of "why" doesn't work so well either.
Sounds a lot like stuff transported over public roads.
Correct. Which is why anything of value is moved over said roads in guarded and/or armored transport.
You moved it in your car from your house a the local U-Haul storage locker. You used an Interstate Highway. Therefore it's not really your property
You seem to be confusing law with reality.
The property, by law is still yours.
BUT you are no longer in control of it. The storage locker owner can access it at any time, as can any burglar.
Can you please try to see the difference? We are not talking about what is right. We are talking about WHAT IS, and hoe to prepare for that.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
By your logic the money we keep in the bank isn't ours either.
Sorry to go all Eliza on you, but what makes you think it is?
If there is a run on the bank, and you are not fast enough - you do not get your money. Simple as that.
You may get re-imbursed by FDIC, but that doesn't change what happened.
There is a vast difference between what is yours by law and what you can practically access. All I am saying is everyone should realize there is a difference and be prepared.
In the case of the server I have zero pity for anyone who kept data only on the servers that were seized. Yes it is there data, but they also had responsibility if that data was important to keep it somewhere they controlled.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Given our debt-based and loan-centric society, one could argue that the money you keep in the bank isn't even money.
But I'd say that an encrypted blob (encrypted locally!) in a cloud service somewhere is more "yours" than an unencrypted blob in a hard drive in your home.
I don't really follow that, all of that data is yours equally, encrypted or not, wherever it lives.
But the thing is, if all you have is that encrypted blob on the server you do not control, then someone else can prevent access to it. It may not be right to do so; that is irrelevant. The fact is that you could have, because it was digital data, easily had the data also somewhere that no-one could have prevented access. THAT is a backup. Anything else is as I said, fantasy. It may be a nice fantasy for a while but it's still illusion just the same.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I don't get where supposed rational technical people on Slashdot of all places, think that any data they transmit over public networks NEVERMIND then storing said data on hard drives owned and physically controlled by someone else, was ever YOURS.
Depends on your definition of "YOURS". Most people in modern Western civilizations recognize a distinction between posession and ownership.
The physical reality of the thing is that by definition, any data you are keeping on devices controlled by someone else is never really yours.
Shall I assume, by that definition, that you never park your car anywhere except on your own property, and that you never leave it in the custody of an auto repair or maintenance facility? Similarly, have you never left your coat at a coat check, or let your dry cleaner have posession of your clothing?
Your statement is both valid and poignant regarding the risk of a custodian unlawfully distributing or granting access to your information. This argument, however, claims you have no legal standing regarding the information in the first place, like saying you no longer own your street clothes when you leave them in the gym locker.
Cloud backups are great as a cheap last offsite resort but are not the same as backups that you physically control. You should never have data you care about recovering on a cloud service that you do not also have in multiple copies on devices you own.
Your advice is sound, particularly in the current legally uncertain context. But it does not imply that the government's argument is reasonable or excusable. It is our responsibility to the future of our nation to protect its information security from these misguided government officials. We must raise our voices against this sort of behavior precisely because our legal right to our information is not yet rooted in statutory bedrock.
Stop-Prism.org: Opt Out of Surveillance
US Government: "You don't own anything stored in the cloud."
Kim Dotcom: "Sweet. The US government has declared cloud stored data is not 'owned.' If you don't own it, if it's not yours, how could you possibly be liable for it? Everyone please subscribe to my new service fuMPAAItsAllInTheCloud.com!"
Cloud backups are the virtual equivalent to the the local U-Haul storage locker. The judges only need to look at this to figure out what the law should be.
So if you stop paying your storage provider they should be able to access the data you were storing, and sell it to third parties?
So many people here trying to map physical concepts onto the virtual, never a good idea...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
> Forget law. The physical reality of the thing is that...
The physical reality of the thing is that the government can break into your house, murder your pets and family, torture you for all your passwords, download your data, and then shoot you in the head and torch the place.
The law (and associated notions of civility, etc) is _everything_. Without it, every notion is just fantasy.
Get educated.
When you deposit in a bank, you loan the money to the bank. What is now "yours" is only a promise by the bank to pay you back the money. Just like if you purchased a bond. If you own a bond, the good news is that you do indeed own it. The bad news is that its worth is determined by the worth of the promise.
A bailment or custody agreement is a different matter. Then you still own the property that another party holds or secures for you. That is what a safe deposit box is. Items you place in a safe deposit box are always yours in the law. The bank may not access them, and if the bank goes bust and is liquidated, the property held in custody/bailment agreements cannot be considered part of the assets remaining to pay back creditors. Rather, they are transfered to a trust company, who should return them to the rightful owners upon request.
So IF the gov. takes your data from a cloud provider with whom your contract states that the cloud provider owns all the data and merely promises to pay you back your data upon request--analagous to a bank deposit, then you are screwed if the gov. in the form of either law enforcement or bankruptcy court decides to seize the data in that company.
But IF the gov. seizes the data and your contract is a bailment, then if the government doesn't return your data upon merely proving ownership, then you have a potential 4th Amendment Supreme Court case.
Ultimately, none of this really matters, because we are now an empire and the gov. can just do what it wants. Expect to simply be whisked away in the night, tortured and murdered just because your name showed up in the wrong place in the near future--if this trend continues.
One last thing. Note that your bank deposits pay you interest (not much, thanks to the idiot Ben Bernanke, but we'll leave that to another day). That should be an indication to an astute manager of finances that you have taken some measure of risk with your money--ie, the money is no longer your property. So you are being paid for that risk.
OTOH, for the safe deposit box, you pay the bank to provide the custody service. This is as it should be. If you want to hold property with certainty as to its title being yours, there is a cost either in securing it in your own physical space, or in someone elses.
You would still be prosecuted. The real issue is not about individuals versus corporations, it is about wealthy people with powerful political allies versus poor people with no power (same story as in every society).
Sadly, the government founded on enlightenment-era idealism has degenerated into a machine for maintaining the wealth and power of the wealthy and powerful.
Palm trees and 8
that has nothing do with what he said.
he said if you own a thing, and you then give that thing over to SOMEONE ELSE FOR SAFEKEEPING, you lose control of it. which is logically sound, you do lose direct control of it; you have instead entrusted that SOMEONE ELSE with controling it in your interests usually defined by a contract.
however i believe that while you may have ceded direct control to someone else, you have -NOT- ceded ownership (no reciept, no bill of sale, etc). and as such, Constitutional protections should absolutely still apply.
but your analogy is still wrong and retarded.
The guy who said the election was rigged won the presidency with the second-most votes.
The government is trying to say that the data is not legally yours because it's stored on someone else's server.
This is akin to saying your property is not legally yours because it's stored in a storage locker that you rented.
In both cases you are paying someone to store something for you. In both cases it legally *should* still belong to you.
While I'm of the mentality that we're picking from two sides of the same coin, there is one significant difference between the candidates, to me. Who they will nominate to replace Ginsburg when she retires. While Obama will almost certainly move the needle toward the center (by nominating someone from the center, which is probably to the right of Ginsburg), Romney will almost certainly pick another Scalia/Alito type, swinging the pendulum very far and resulting in what amounts to another Lochnear era.
:(){
Considering how everyone always laughs at me, calls me a luddite, tells me the future is the cloud, etc whenever I complain about the latest tablets and phones being released without some sort of user loadable storage, is this news enough of a reason to make you rethink your positions?
Have a Virgin Mobile USA smartphone? Give VMRoms.com a try!
All my data on the Google Drive and Dropbox is encrypted by me first. Have fun trying to crack it.
Fun note: some of the files are simply dumps of /dev/random with fun filenames like "secret-files.zip" and "plan-b.tgz"
Do not look at laser with remaining good eye.
I promise I'm not schilling. I use SpiderOak for my hosted files be it backups, shares or syncs. They don't store your password and can't reset it. If you forget your password you're S-O-L. All they can do is hand over an encrypted container that the government will have to crack.
"Zero knowledge" services like this are unlikely to become the norm in the US, because enough people won't understand just how the service works and will try to hold the service provider responsible when the user forgets their password (because they haven't had to type it in in 6 months and didn't have a way to store and access important passwords) and the company says, "Tough luck. We warned you."
So is my car no longer my property once I pay a valet to park it for me in a private lot of some third party?
You never put your data on cloud services physically located in the USA.
Many companies now, offer their software up as licencing so you can run it in your home country on your own servers, so as to NOT be applicible to USA (crazy) law. Then again in my opinion, that largely defeats the purpose of the whole cloud thing, but hey whatever...