Privacy and security in the cloud – is there any?

This evening (Monday 30 May 2011), I’ll be lecturing at the New South Wales branch forum of the Australian Computer Society (ACS).

The topic is Privacy and security in the cloud – is there any?

The Cloud - whatever that is - isn't new, whatever the marketing material may imply. But the scale of many modern-day cloud-oriented services is simply enormous. And since those services are run by experts, they readily promise to deliver the "holy trinity" of computer security - confidentiality, integrity and availability.

But do they? Will they? Can they? This thought-provoking presentation will help you advise your colleagues, your friends and your family how to embrace the benefits of the cloud whilst steering clear of the major risks.

Our collective will to rush headlong into cloud computing – especially as the providers of content to global services such as Facebook and YouTube – is enormous. Our desire to publish information and content about ourselves (and, frequently, about other people, with or without their permission) has even led to new units of measure.

For example, YouTube now quantifies its success in “hours per minute”. According to a recent post on YouTube’s official blog, more than 48 hours’ worth of video are uploaded to YouTube each minute, and more than 3 billion videos are viewed each day.

Is this a good thing? Or bad? Or just meaningless on an individual scale?

To an astrophysicist, for example, 48 hours’ upload per minute works out at approximately three kiloseconds per second. (Actually, it’s 2.88 ksec/sec, but astrophysicists are allowed to make approximations.)

But what sort of unit is “seconds per second”, anyway? Surely the seconds simply cancel out and we’re left with a dimensionless number – 2880?

Worse still, as that number increases – and YouTube is delighted to tell us that it’s gone up by 100% over the past year – we’re all compelled to watch more YouTube videos just to keep up.

And with official YouTube video views up by a mere 50% over the past year, it looks as though we’re going to have to spend twice as long watching other people’s pets do much the same sort of repetitious things as our own, but slightly out of focus.

Is it really worth publicising ourselves and sharing personal and business information to the extent we do? Or do we need to take time to re-evaluate the boundary between the data we can safely entrust to other people, and the data we ought to guard more jealously – or, at least, to sell at a higher price?

There are still a few places left at tonight’s lecture. It’s at Circular Quay in Sydney; it’s free to ACS members ($55 for non-members); it starts at 6.15pm (arrive from 5.30pm); and you can register here.

If you’re in the vicinity, why not come along and help us argue through the issues?

(And if you’re a Facebook user, why not review some tips on protecting your identity on social networking sites, or join the Sophos Facebook page, where we have a thriving community of over 85,000 people.)