Cloud PrivacyCloud computing user privacy needs serious reform: scholars

Published 12 June 2013

When Web surfers sign up for a new online service or download a Web application for their smartphone or tablet, the service typically requires them to click a seemingly innocuous box and accept the company’s terms of service and privacy policy. Agreeing to terms without reading them beforehand, however, can adversely affect a user’s legal rights, says a new paper by an expert in technology and legal issues.

When Web surfers sign up for a new online service or download a Web application for their smartphone or tablet, the service typically requires them to click a seemingly innocuous box and accept the company’s terms of service and privacy policy. Agreeing to terms without reading them beforehand, however, can adversely affect a user’s legal rights, says a new paper by a University of Illinois expert in technology and legal issues.

A University of Illinois at Urbana-Champaign release reports that law professor Jay P. Kesan says the current “non-negotiable approach” to user privacy is in need of serious revision, especially with the increased popularity of Web-based software that shares information through cloud computing.

In a recently published paper in the Washington and Lee Law Review, Kesan and co-authors Carol M. Hayes, a research associate in the College of Law, and Masooda N. Bashir, the assistant director of the Social Trust Initiatives at the U. of I.’s Information Trust Institute, propose creating a legal framework that would require companies to provide baseline protections for personal information while also taking steps to enhance users’ control over their own data.

“Our goal with this piece is to raise awareness of the privacy of online information, which is something that people seem to care about a lot more once they actually know what companies are doing with their personal information and data,” said Kesan, the H. Ross & Helen Workman Research Scholar in the College of Law.

With so many of our daily activities now taking place “in the cloud,” Kesan cautions it is still perfectly acceptable for users to give away personal information to online services — so long as they are comfortable with allowing companies to snoop, aggregate and data mine their online habits.

“If you think it’s a fair trade to receive an email service in exchange for letting a company track what Web pages you visit and show you relevant advertisements, by all means, you should continue to do so,” Kesan said. “But there are always security risks involved when information is stored, electronically or not. Users must weigh the advantages and disadvantages of the available options.”

In the article, the scholars analyzed and categorized terms-of-service agreements and privacy policies of several major cloud-based services to assess the state of user privacy. Their analysis shows that providers all take similar approaches to user privacy, in that providers were consistently more detailed when