Unencrypted cloud storage makes providers liable for copyright violations
When the FBI shut down Megaupload, one of the Web’s most popular file sharing sites, it sent a clear message to service providers that they will be held liable for any digital rights violations perpetrated by their user communities. Megaupload provided sharing services that allowed users to exchange large files anonymously. Most of these files consisted of commercial music and movies that had been illegally stripped of their digital rights protection. Megaupload could be liable for causing $500 million in damages to the copyright owners. Four people, including the site’s founder, were arrested and face jail time.
A critical lesson from this incident was lost in the surrounding uproar regarding SOPA. The Web is fertile ground for linking and reusing information. Often the grey zone between original work and blatant copyright violations is sometimes crossed. There was nothing grey about the Megaupload debacle. The users clearly broke copyright law by swapping pirated media, and in doing so, they dragged Megaupload into the hole with them.
We have written extensively about how to use encryption at the customer premises as the only way to protect privacy. Storage service providers should never have visibility to the customers’ data. That this is a good idea for customers is unquestionable. No enterprise customer can accept any visibility whatsoever to data outside of their security perimeter. What hasn’t been so clear until now is that it is also a good idea for the providers not to have visibility to the data because it limits their liability. How long will it be before a massive file sharing system like Dropbox is hijacked by a community of users to share pirated material? I have no doubts that this is already happening. It is just not happening at a large enough scale to be noticed. This poses a risk not only for Dropbox and its investors but also for Amazon which provides the back end storage.
Customer controlled encryption is what makes storage services a true infrastructure utility akin to electricity. The power companies are in no way liable for what their customers choose to do with their service. They neither care nor have any way of knowing what the electricity they sell will be eventually used for. No one can point the finger at the power company when you decide to turn that Nissan LEAF into a deadly weapon.
Encryption when used properly gives us an opportunity to make storage as secure, reliable and simple to manage as electricity. It is the best thing for customers, and it also turns out to be the best thing for the cloud storage providers.
Image Source: http://www.freeinfosociety.com/media.php?id=3540