The cloud computing is the technology of the moment: businesses, governments and simple users are increasingly becoming aware of its benefits and the fact that, in the near future, will revolutionize the world of IT as we know it.
At the same time, just as everyone is talking about the benefits of cloud computing, there is a growing awareness of the critical nature of this technology, mainly due to the loss of control over the data (with the obvious implications in terms of the contract but also security and privacy). This awareness is also accelerated by a series of problems that, in recent weeks, have involved some of the leading cloud service providers like Amazon , Microsoft , Aruba and Sony .
These days to be at the center of the cyclone is Dropbox , one of the most popular services for sharing and saving files, accused in a complaint lodged with the Federal Trade Commission , having lied about data security of its members.
The author is dell'esposto Christopher Soghoian , a Ph.D. student at Indiana University, who argues that - contrary to what was stated by Dropbox - would not be true that the files are stored encrypted and only accessible by the user, since that Dropbox employees could view it at any time . The company, with a post on his blog, rejected the accusations but - in fact - have recently changed the conditions of use of the service, in particular, whereas before it was expected that:
All files stored on Dropbox servers are encrypted (AES - 256) and are inaccessible without your account password.
now it is written simply that
All files stored on Dropbox servers are encrypted (AES - 256).
But there's more! While until 13 April 2011, the conditions of use envisaged that
Dropbox employees are not able to access user files
now predict that
Dropbox employees are forbidden to display the contents of files stored in user accounts
It 'obvious that it is not only an ethical question: if Dropbox has really lied, you may be held responsible not only for its own users (for example, those who have purchased a pro account may claim reimbursement of the sums paid) but also in relation to other cloud service providers that - indeed those offering security guarantees (in particular encryption) - have been victims of unfair competition: as noted, the coast and the implementation of safety precautions declared would put them unable to adopt policies to price competitive with those of Dropbox.
While waiting for the FTC to rule on complaints and hope that Dropbox has not betrayed the trust of their users, I can not help but point out that - actually - the modification of the conditions is at least unfortunate in terms of its formulation. In a time when people, organizations and companies need to be able to count on the reliability of cloud providers, they must pay particular attention to the content of the terms of service, writing - clearly - only what you are able to ensure and informing the users - in a transparent way - when changing the initial conditions.