Saturday, July 2, 2011

Dropbox, Revisited

It would seem the Dropbox issue is ruffling some feathers out there.  Not just in the genealogy blogging world, but in the tech sector as a whole as well.

Some people are reading the news, and pointedly highlighting the phrase, "...to the extent which we think it necessary for the Service."  to justify the whole thing as being necessary to run Dropbox. 

It's not an exclusion of any kind!  The wording is so vague as to be useless.  WHO gets to decide what is necessary for the service?  Which specific employees of Dropbox have access, and how is that controlled?  Is there a two or more person interaction that needs to take place, to place even a small check on access?  Or can a disgruntled employee with a little time on their hands go fishing?  If the access is possible, then it's also possible for that access to be abused.  How does the company work to prevent such abuse?

I'll agree that Dropbox as a company, and even their employees as individuals, do not have time to randomly rummage through everyone's data all the time.  I've been in IT for well over a decade, and I've had administrative access to all manner of data.  I know from experience that I didn't have time to just dig through the president of the college's e-mail, for example.  But had I wanted, or had reason to do it, I could have. What stopped me was my integrity, and training.  It's simply not something I would do.  But I've seen many news reports of where the integrity of people has failed, and they have snooped when in a similar position.  It happens far too often when an employee feels mistreated or undervalued.   It's one reason why many employers will simply pay an IT worker to stay home after they give two weeks' notice - it's better than letting them maintain access to data and possibly abuse the privilege.

The fact remains your data is out of your direct control, and therefore vulnerable to examination and misuse by the third parties you trusted to hold it safe.  For some data, that's of little importance.  But some data we as genealogists gather can be sensitive, such as family medical issues, the data that we don't publish, especially while those described are still alive.

I've never been a fan of Cloud Computing.  It's not Dropbox, specifically, it's that segment of IT  as a   whole that I have issues with.  Data security was one of the things I was educated about, and  trained to deal with, ever since I started in the field.  The whole concept of Cloud Computing, especially Cloud Storage like Dropbox, flies in the face of all of that.    This is just a particular example that highlights why we need to be extremely careful of what we put out there, and how it is controlled and accessed, and by whom.

I'm betting this isn't over...



This an all other articles on this blog are © copyright 2011 by Daniel G. Dillman

2 comments:

  1. Great post Daniel and I apologize if my remark was off point or ruffled feathers.

    Basically it comes down to choice and risk: realizing that as a consumer you have a choice and there is risk involved. This is why I always encourage folks to read the entire TOS for every site where they create a login and/or upload data. With DropBox, I do not keep any financial data or anything I am willing to have revealed publicly.

    For me personally, I am willing to take the risk involved with some of these new technologies. The same risk I take when I use a credit card at a store - someone could hack into the store's computer or even a rogue employee could take my information. There are so many types of technology that are commonplace today and we don't think twice about the risks involved in their use.

    I guess as technology advances it is a double-edged sword: we appreciate the convenience and the opportunities it brings but it seems the more advanced the technology, the more dangers and risks are involved.

    ReplyDelete
  2. Not at all, Thomas! Your insight and input are always welcome. In fact, you merely pointed out some things I had already read elsewhere.

    I agree with your general premise here. people should definitely read the TOS of any web service for which they sign up. Do they do it. consistently? No. I'm guilty of that as much as the next guy. Who has time to read an endless scroll of opaque text? Especially when it's often written specifically to obscure the fine points...

    As an IT guy, it's frequently my job to be the early adopter of technology, so I can understand and support it properly when others adopt it later. People rarely read a website's TOS beyond the first paragraph or two, if that. They rely on the shorter, clearer marketing pitch to tell them what a product or service is, and what they can expect. Unfortunately, marketing rarely presents all of the fine points of the legalese TOS, and tends to gloss over anything that might cause a negative perception from the customer.

    My task is to present both the pros and the cons to the best of my ability so people can decide based on ALL of the facts, not just the pros from the sales brochure. I see so much marketing hype and consultant buzz about 'cloud computing' but virtually no discussion of the drawbacks, so I tend to try to expose the negatives to balance the information. That tends to make it look like I'm totally against it, unfortunately. I am, in large part, although I can see certain aspects of cloud computing that are quite convenient. But is it worth the risks for that convenience? You have to know the risks before you can decide.

    Thanks for your comments today!

    ReplyDelete