Saturday, July 2, 2011

Dropbox, Revisited

It would seem the Dropbox issue is ruffling some feathers out there.  Not just in the genealogy blogging world, but in the tech sector as a whole as well.

Some people are reading the news, and pointedly highlighting the phrase, "...to the extent which we think it necessary for the Service."  to justify the whole thing as being necessary to run Dropbox. 

It's not an exclusion of any kind!  The wording is so vague as to be useless.  WHO gets to decide what is necessary for the service?  Which specific employees of Dropbox have access, and how is that controlled?  Is there a two or more person interaction that needs to take place, to place even a small check on access?  Or can a disgruntled employee with a little time on their hands go fishing?  If the access is possible, then it's also possible for that access to be abused.  How does the company work to prevent such abuse?

I'll agree that Dropbox as a company, and even their employees as individuals, do not have time to randomly rummage through everyone's data all the time.  I've been in IT for well over a decade, and I've had administrative access to all manner of data.  I know from experience that I didn't have time to just dig through the president of the college's e-mail, for example.  But had I wanted, or had reason to do it, I could have. What stopped me was my integrity, and training.  It's simply not something I would do.  But I've seen many news reports of where the integrity of people has failed, and they have snooped when in a similar position.  It happens far too often when an employee feels mistreated or undervalued.   It's one reason why many employers will simply pay an IT worker to stay home after they give two weeks' notice - it's better than letting them maintain access to data and possibly abuse the privilege.

The fact remains your data is out of your direct control, and therefore vulnerable to examination and misuse by the third parties you trusted to hold it safe.  For some data, that's of little importance.  But some data we as genealogists gather can be sensitive, such as family medical issues, the data that we don't publish, especially while those described are still alive.

I've never been a fan of Cloud Computing.  It's not Dropbox, specifically, it's that segment of IT  as a   whole that I have issues with.  Data security was one of the things I was educated about, and  trained to deal with, ever since I started in the field.  The whole concept of Cloud Computing, especially Cloud Storage like Dropbox, flies in the face of all of that.    This is just a particular example that highlights why we need to be extremely careful of what we put out there, and how it is controlled and accessed, and by whom.

I'm betting this isn't over...



This an all other articles on this blog are © copyright 2011 by Daniel G. Dillman