I previously blogged about cloud computing and, as you may remember, I am no fan. Recently, while listening to The Command Line Podcast, I came across yet another reason to stay away from the cloud. Cmdline mentions Bruce Schneier’s recent post on file deletion in the cloud. Bruce’s main point is that you can be reasonably sure on your own computer that a file is gone when you’ve deleted it. This is not the case with cloud computing.
A quick primer in case you don’t understand exactly what’s at stake here. When you delete a file on your home computer, the file is still recorded on your hard drive. You are only telling the computer to forget where the file is. With some forensic software you should be able to recover the file right away. Eventually, with normal use, you will end up writing over the section of your hard drive that previously contained this file. And eventually anyone that does not have physical access to your computer will be unable to access the file. If you are done with the hard drive or extremely paranoid about the file you just deleted, you can rewrite the sector that contained the data a few dozens of times and get it to where it will be a lot of effort and technology to recover this file and even then it may not all be there.
With cloud computing, on the other hand, you don’t have access to the specific computer housing your data. In fact, the whole point of cloud computing is that your data is replicated across servers for redundancy. So the drunk photo of yourself that you uploaded to Facebook actually resides on a few physical hard drives. On top of this, most cloud computing services are constantly backing up their data so it can be restored in the event of a hardware failure. Afterall, if Facebook were to lose all of your photos, comments, and so forth you might be tempted to just stop using the service out of frustration. So when you are ready to apply for a job and delete that photo, how do you know it has been removed from all of the hard drives? And it certainly won’t be removed from the backups.
Of course, this isn’t that big of a deal if it’s just a drunk photo. But let’s go back to some of the ridiculous things done in the name of National Security in the wake of the 11 Sept attacks. Remember when Congress and the White House decided they needed to know all of the books you were borrowing from the library? Well, what if someone decides that it’s important to see what photos people are posting to Facebook. And you have some photos that might get you questioned even though you’re doing perfectly legal stuff. You might delete the photos, but the government could just ask for the backups.
But, less Orwellian, if you decide that a file should no longer exist, you should have the right to ensure it is gone. And these are exactly the rights that people are giving away in exchange for The Cloud. If you look at it carefully, it appears that there are less and less reasons to use The Cloud without any real benefits.