Head in the clouds
By Dave Birch posted Jun 21 2010 at 12:17 PM[Dave Birch] At the recent European e-Identity Management Conference, Kim Cameron from Microsoft pointed out a few privacy and security concerns that relate to the cloud. This is important stuff, obviously. For one thing, the cloud is the new black. Remember this from a year ago?
All government departments are to be encouraged to procure new IT services based on a cloud computing model.
[From UK government CIO wants to build a "government app store" - 19 Jun 2009 - Computing]
This never meant that they actually would, or indeed, should have used the cloud for anything. I'm not sure if I'd want my medical records on Google Docs, one phished password away from universal access. Indeed, the idea of a special cloud for e-government wasn't far behind:
Establishing a Government Cloud or 'G-Cloud'. The government cloud infrastructure will enable public sector bodies to select and host ICT services from one secure shared network. Multiple services will be available from multiple suppliers on the network making it quicker and cheaper to switch suppliers and ensure systems are best suited to need.
[From News : NDS ]
Hold on. Suppose the cloud goes wrong, as one might imagine that a government IT cloud would have a propensity to do, what then?
In our opinion cloud computing, as currently described, is not that far off from the sort of thinking that drove the economic downturn. In effect both situations sound the same… we allowed radical experiments to be performed by gigantic, non-redundant entities.
[From MAYA Design: The Wrong Cloud?]
Hhhmmm. So this means that if the government cloud goes down, or more likely that the gateway goes down, then there are no government services. Surely the solution is to have lots of clouds, not one, so that citizens can use any of the clouds to connect to any of the services: it shouldn't matter whether citizens want to sign on in person, at a kiosk, using the phone, through the set-top box or on a PC. All of these channels should federate their identity through to the government for access.
I still see the Cloud as a winner. You can do some amazing stuff in the Cloud. For example, you can have your data encrypted in such a way as to make it both unreadable by attackers and indestructible! Here's what I said about this at the ISP Forum in London back in 2004, imaging the kind of cleverly-encrypted and authenticated BitTorrent-style protocols that the content sector is now forcing the technology sector to develop:
Now let’s take things a little further. Suppose files were distributed not to nodes in the P2P network but across them (some little bits of the file were stored on a large number of servers). Perhaps corporate files to be shared with colleagues would be encrypted and signed using corporate keys and then broken up and distributed. As they flow around the Net the fragments are replicated and dispersed.
The key, literally, to the storage would be the digital ID. When I log on to the Internet using my ISP’s digital ID, then I can “see” all of my files. Where these files are, and how they are broken up and encrypted, is of no interest to me. I click on a file and it is gathered and assembled from fragments spread across the Internet: in a few seconds it appears on my desktop. Without the digital ID, the file is unrecoverable (in fact, it’s undetectable). It can never be deleted, never be lost, never be sabotaged.
The idea of creating "Eternity Servers" in the cloud is neither new nor original, but the time might be right. If my health data, to pick an obvious case, were held in the cloud in an eternity service, it would be a lot safer than being in a government database somewhere. I could keep the key in my ID card, or phone, or bank card or wherever.
But what is the "smash the glass" procedure? If I get run over by a bus, how are the doctors to access the health record in the cloud? My encryption key (but not my authentication key) must be escrowed somewhere and available to certain authorised people under certain authorised circumstances. I would envisage many different keys for different data subsets so if someone does compromise one of the keys, they don't compromise all of the data and the owner of the authentication key can still log in to re-encrypt the data with a new key.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]
Comments