The Cloud Might Not Be Safe Anymore – And We Should All Be Concerned

When the topic of online privacy comes up, one of the most common arguments you’ll still hear is, “I’ve got nothing to hide, so it doesn’t matter to me who has my data or files.” While this kind of statement has always been problematic, there are new developments that reveal this kind of thinking as downright dangerous for the future.

According to a report in The Financial Times, an Israeli security company called NSO has the key to break into popular cloud storage services like iCloud, OneDrive and Google Drive. Even more concerning, the report claims that NSO is advertising and possibly selling this knowledge to governments around the world as part of its Pegasus software.

The company has directly denied marketing or providing the ability to crack encryption on cloud services, but it said nothing of having the technical capability themselves. According to The Financial Times, the Pegasus software has been identified installed on devices beyond the internal scope and boundaries of NSO. If true, NSO has either sold its software and given it away while lying about it, or it was somehow stolen. Both scenarios are cause for serious concern.

For proponents of the “I have nothing to hide” mentality, this may not sound too alarming at first glance. As long as these technological tools are going to responsible governments and not malicious cyber criminals, it’s only criminals that have something to fear, right?

At first, perhaps. But this case gives rise to several considerable worries:

• How long will the ability to breach the cloud remain in the hands of government alone?
• What governments is this ability being sold to?
• What happens when new leaders emerge in a rapidly evolving political situation with new ideas about how to use this technology?

In the end, if one person or institution can access everything on the cloud, then anyone can with a bit of time and effort. To those who don’t mind if your government sees what you’ve stored on the cloud, we say this: it doesn’t matter what you as an individual have there, it matters what everyone as a collective has stored there.

Governments with the ability to access all your files and documents are unlikely to use them against you as an individual unless you’re directly involved in criminal proceedings. But the fact that governments seem to be in the market for such technology suggests that at least some of them want the capability of quietly gathering and storing data on entire populations that can be used in all kinds of nefarious ways. You may not notice it right away if your government has access to the information you’ve stored on the cloud, but it doesn’t bode well for the future as digital dictatorships become an increasingly realistic possibility.

But it’s not all doom and gloom – not yet, at least. Google told Inc.com that they have not thus far found any evidence that their cloud services have been compromised. While it’s unclear exactly how NSO might have technically succeeded in breaking encryption for cloud services, it is known that they would have to have root access to your device to break into your cloud storage, which makes it highly unlikely your cloud storage could be penetrated without physical access to your device (e.g. if it were confiscated by police or an intelligence agency).

But that may not be the case forever, and there are larger issues to consider. Companies who gather and control big data may not always have your privacy in mind when they sell it to third parties, but they are subject to the law and the forces of the free market. The forces restraining government are often far more tenuous.