Sunday, September 07, 2014

Levels of Protection

Note: Since this topic comes pretty close to my professional interest, I want to emphasize that these are my own thoughts on this issue, not a reflection of my employer's policies or attitudes.

There's been some discussion of the leaking of photos of celebrities that those celebrities would have rather not released.  The consensus seems to be that the main culprit is lax security policies by Apple and other "cloud" providers.  But I think there's another way of thinking about it.

99.9% of the photos stored in the cloud are worthless to everybody except the owner of those photos. Nobody outside of my family is itching to see my daughter's baby pictures.

As such, it does not require a high level of security, and I would be annoyed if I had to pay for it, either explicitly with money or by enduring some form of security theater every time I wanted to grab a picture from a past Great Strides Walk.  I'd also be annoyed if my pictures were lost, or if someone I didn't know got their hands on them, but my primary concerns are accessibility, ease of use, and price.   I suspect this is the case for the vast majority of customers, perhaps including celebrities.

It's similar to a coat check at a restaurant.  I want them to take care of my jacket and make sure nobody leaves with my jacket. But I also don't want to see an armed guard there, wouldn't be willing to pay a very high price for a more secure service, and I would be more annoyed than relieved if I had to go to great lengths to prove that my jacket was actually mine.

Enter the celebrity photos.

Now, all of a sudden, a service designed for accessibility, convenience and low cost is the guardian of something that others value very highly.  Now, the service is hosting something that the owner would very much like to keep from other people, and other people (unfortunately) are willing to make a concerted effort to get.

And the service providers don't know (or shouldn't know) that this has occurred.  To them, the celebrity photo is indistinguishable from the picture I took of my daughter's camp.

To use my analogy, it would be similar to putting $1000 of cash in the pocket of my jacket, giving it to the coat check.

Which is why I think this misses the point:




Sure, this will score some PC points about victim blaming, and of course the primary responsibility for these leaks lies with the people who hacked into the accounts.  And, the commentary I have seen doesn't say that the victims deserved to be hacked, but that some prudence could have prevented the situation.

But in general, photos are a completely different type of data than photos.  I have to share my credit card with an online retailer in order to do business with them, and them securely managing that data is an implicit (sometimes explicit) requirement of the contract.

It would be unwise for me to leave my wallet in a jacket I checked, because the service is not designed to secure things that are valuable.  If someone steals it, they are responsible, but anger at the coat check service would be misdirected.

Nothing about using a photo cloud service implies that I post very sensitive photos there.  And almost all users don't, and indeed couldn't if they wanted to.

Is it reasonable to expect these services to ratchet up their security to account for these cases?  Should the rest of us have to pay for it either with inconvenience or currency?

I don't think so, but perhaps there's a better way, and figuring things like this out is what they pay us to do.
Post a Comment