Privacy of Local Clouds

LocalCloudUnfortunately, local clouds do not automatically protect data — they are just an enabling conceptual element.  This inevitability leads to the  “measures & counter-measures” games:  for each measure we implement, spies will implement new counter-measures.  And for every  counter-measure, we need to respond with yet a new measure.  This is a game we have to play.

Security technology has a role to play.  For example, I think there are interesting possibilities using “taint tracking” to track different kinds of information (personal information, GPS location, physical addresses, email addresses, message content, …) as it flows through a program.  I recently read Wikipedia’s Taint checking and TaintDroid: An Information Flow Tracking System for Real-Time Privacy Monitoring on Smartphones.  Taint tracking enables programs to compute what they want, but their output values are “tainted” with all the types of input included in those outputs.  Users then set up policies to control what taint types are allowed to leave their local cloud.   This is a conservative approach, in that using ANY piece of information in a calculation (say, even just the number of characters in my email address) would taint a calculation’s output (even though the length of my email says almost nothing about my email address).  Taint tracking offers much finer control of information than “can program access information X at all”.

Of course, it is still possible that a “spy node” infects your local cloud and nefariously sends data up to a data-sucking, giga-cloud in the sky (perhaps called “SkyNet”).  This possibility must also be seriously considered.  And then we have to consider various possible counter-measures.

Overall security of a giga-cloud will be better than the security of a local deca-cloud.  But — and this is a big but — there is hundred million times more data in a giga-cloud and therefore its breach is a hundred million times more valuable.  Sure, some local clouds will be hacked, but it’s not very profitable (unless you’re a celebrity who likes to take nude selfies).

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.