Over the last few years, consumers, corporations and governments have rushed to move their data to “the cloud,” adopting web-based applications and storage solutions provided by companies that include Amazon, Google, Microsoft and Yahoo. Cloud computing services provide consumers with vast amounts of cheap, redundant storage and allow them to instantly access their data from a web-connected computer anywhere in the world. Unfortunately the shift to cloud computing needlessly exposes users to privacy invasion and fraud by hackers. Cloud-based services also leave end users vulnerable to significant invasions of privacy by the government. These very real risks associated with the cloud computing model are not communicated to consumers, who are thus unable to make an informed decision when evaluating cloud-based services. This article argues that the increased risks that users face from hackers are primarily a result of cost-motivated design tradeoffs on the part of the cloud providers, who have repeatedly opted to forgo strong security solutions. These vulnerabilities can easily be addressed through the adoption of industry standard encryption technologies, which are already in widespread use by online banks and retailers. Cloud providers should enable these encryption technologies, and more importantly, turn them on by default. This article also argues that the failure of cloud computing companies to provide these technologies is a strong indicator of a market failure. Fixing this may require user education in order to stimulate demand for safer solutions, or perhaps even the threat of government regulation.

Christopher Soghoian
© J. on Telecomm. & High Tech. L., 2010