"If you can't recompile it, users should not trust it" says Richard Stallman, the legendary founder of the GNU and FSF. What else would you expect from Stallman? He is notorious for his disdain of anything not open sourced. It seems that disdain extends to storing any data in the cloud as well. Stallman says that cloud computing is careless computing. Specifically in this article in the Guardian Stallman says,
"I think that marketers like "cloud computing" because it is devoid of substantive meaning. The term's meaning is not substance, it's an attitude: 'Let any Tom, Dick and Harry hold your data, let any Tom, Dick and Harry do your computing for you (and control it).' Perhaps the term 'careless computing' would suit it better."
Stallman's point is that once you put your data up on someone else's server you lose control over it. If the government wanted access to it, they may not even have to notify or serve you with a warrant. They can get it if the cloud provider gave them access to it. While this may sound like semantics to some of you, just ask the WikiLeaks folks (don't worry we are not going there today) about how much due process and recourse they were given when Amazon decided they violated their terms of service and shut them down.
You should take Stallman's view on this though with a grain of salt. After all Stallman is not often known for a moderate stand on control and access. Also I would think that as a result of WikiLeaks and other cases, we will see more defined terms of services over when a cloud provider can pull the plug on you and what recourse you have.
After shoveling dirt on the cloud for a while, Stallman then went on to disparage Google's ChromeOS. While acknowledging its Linux/GNU roots as a good thing, he chides Google on the new OS because
"it is delivered without the usual applications, and rigged up to impede and discourage installing applications," he told the Guardian. "I'd say the problem is in the nature of the job ChromeOS is designed to do. Namely, encourage you to keep your data elsewhere, and do your computing elsewhere, instead of doing it in your own computer."
Again taking Stallman with a grain of salt, it is great to see a real live 60's rebel who still hasn't sold out. Stallman believes it is imperative that at least some of us don't give into the cloud and store our own data. If not it could be a case of if you don't use it, you lose it. Meaning that hard drives and local storage could disappear.
So Google's ChromeOS is just part of the evil plot of the marketers and the US Government to get us to move our data to the cloud where we lose control of it and the US government can get their hands on it without due process.
OK if that is what you think, maybe you should turn on, tune in and drop out of the cloud. I am just not the rebel I was though and will probably keep using the cloud to store more and more of my data.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.