NanoToolkit Blog

The Way to Keep in Touch.

Mutual Responsibility for Cloud Services is a Misnomer

You might have recently heard about the controversy around facebook messenger and the fact that it liberally permits itself to access your camera, microphone and even your call list. There was also the very peculiar case of celebrities’ icloud accounts being hacked which led to exposure of their private photos. Moreover companies like google insist to automatically post your Picasa uploaded photos to their Google+ social media platform. Microsoft with Windows 8.1 requires cloud authenticated usernames to access any services such as onedrive skype.

Tech Companies like many other companies are hungry for our personal information, our daily habits and even the nature of our relationships with others. That is understandable since many of these tech companies rely on consumer’s disposable income for their revenue.

The questionable practices of Microsoft, Google and Facebook, LinkedIn, Yelp are out of the scope of this article and instead this article focuses on Apple’s recent security breach. It is quite bizarre for a company like Apple to claim no responsibility in relation to leaked private none-wholesome photos of celebrities. Apple like other Tech Companies would claim that both the user and the company are responsible to mutually protect the customer’s data. However many of the hacking scenarios would fall under “willingly providing your credential clause”. That is a user might be targeted by phishing attack or perhaps their password might be too easy to guess. Frankly the phrase mutual responsibility is a farce when the user has very little choice but to hand over her data over to the company’s datacenters.

The reality is a company like Apple that forces users to provide their credit cards for the task of activating an IPhone should be held to a higher standard. For instance Apple by default turns on Photo-Sharing on IPhone which results into uploading of all your photos to Apple’s DataCenter. Mutual responsibility could be appropriate in scenarios where the user is empowered to take security measures. For example the user should be responsible for any data breach that occurs as result of physical access to the phone. However when a user is forced to create a cloud account for the simplest of functions such as updating a map app she could not be held accountable for proper security measures to protect that account.

When a Firm leaves the consumer very little choice and shows an appetite for a whole lot of their data then they must take appropriate security measures to ensure the safety of data. Banks actually set a pretty good precedent for such security practices. They don’t allow trivial passwords by rejecting passwords such as your birthdate, your name, abcd as your password. They of course go much further by detecting your logon from different GEOS and occasionally requiring you to perform multifactor authentication.

Apple, Facebook, Google and Microsoft are really the worst offenders with respect to our privacy when it is coupled with our security. They realize that if they push overtly strict security measures it will hamper usability and thus dissuade consumers from handing over more of data to these companies.