the cups blog

07-22-11

Home is safer than the cloud! Privacy concerns for consumer cloud storage (Paper 13)

Iulia Ion, ETH Zurich
Niharika Sachdeva, IIIT-Delhi
Ponnurangam Kumaraguru, IIIT-Delhi
Srdjan Capkun, ETH Zurich

Cloud storage seems to promise access to your data from anywhere, security and backups managed for you, and other wonderful features. But there are some catches:

  • Can the cloud provider view and modify my data? Can they sell it?
  • Who is liable in case data is lost?
  • Is the content in the cloud really secure from hackers, government agents, etc?

Prior studies have looked at enterprise concerns about cloud storage, but not end users; also many privacy studies focus on the U.S.

In this paper, the authors chose to examine the attitudes toward cloud storage of end users in Switzerland and in India. They conducted 36 semi-structured interviews in each country, asking about current practices, privacy perceptions, and rights and guarantees related to cloud storage. Based on the interview results, the authors formulated a 20-minute online survey containing multiple-choice and Likert questions on the same topics, with about 400 participants.

Current data storage practices and attitudes:

  • More than 80% keep local backups of data they store on the internet
  • About 80% also “try not to” store sensitive data online; Swiss are less comfortable than Indians storing sensitive information online
  • A majority feel that if their data is hacked it’s their own fault for keeping the data on the internet in the first place

Attitudes toward privacy:

  • No data is safe; anything can be hacked
  • But I’m not very interesting so no one would bother
  • Swiss are less accepting of government monitoring and surveillance than Indians are.

Consumer misperceptions:

  • Don’t realize that the webmail provider can delete/disable your account at any time
  • Don’t realize that the webmail provider can examine your attachments
  • Don’t know what their rights are if data is lost

Recommendations:

  • Provide stronger security mechanisms in the cloud
  • Improve presentation of privacy policies
  • Consumer protection rules, agencies for cloud storage
  • Future work: investigate awareness of international laws

Read the full paper at http://cups.cs.cmu.edu/soups/2011/proceedings/a13_Sachdeva.pdf

Leave a Comment