The internet needs a bill of rights

[first draft]

Someone asked me about "The Internet Needs a New Pair of Pants" and I thought it would be a good chance to post some thoughts I've had.

For the most part he's asking the wrong questions. Only #10 and #11 really matter.

But first a quick tangent...

We don't "store data" on the internet. You can 'store data' by putting it on a hard drive and then powering it off. That's easy. Anyone can do that. What you do on the internet (or "in the cloud") is you make data available (either to everyone, a restricted group, or just yourself). To make it available it uses a constant amount of power, upkeep, maintenance, backups, etc. Backups is often 9x the cost of hard drive you bought to store the data.

That said...

In the future we will store more and more of our information on other people's computers simply because it is cheaper. Energy is very expensive and typical data centers are built where power is cheap. There are efficiencies of scale to power one big data center rather than a million hard drives, each in that person's home. The power in data centers will always be greener than what you get in the home not because cloud providers are pollution-hating hippies but because when you do things at big scale it becomes cheaper to do things green. Lastly, at big scale things like backups, upkeep, maintenance, etc. all become much cheaper. The cost of a huge robotic tape backup system may be millions of dollars, but the cost of millions of homes each doing backups is hundreds of millions. More and more of our data is being stored in the cloud not just because it is easier that setting up a home system to do it for us but because we can't afford to do it any other way.

That said...

If we are going to put more and more of our data in the hands of other people, we need a "bill of rights" that protects us and the providers:

Users should:

1. be able to know what data is being stored about them (example)
2. be able to get a complete copy of all their data in a format that lets them change providers any time they want, no fees or penalties (example)
3. users should be able to grant access to their data to other people, easily see who has access, and revoke it (a good start)

Providers should:

1. Have a clear procedure to determining when a government subpoena for a user's data is valid (not a fishing expedition or witchhunt)
2. Not have all their computers confiscated due to a single user; even if user's data is mixed with others.
3. Should be required to publish statistics about which governments are making subpoena and take-down requests, how often, and whether or not they were rejected (example)

That list is just a start.

As system administrators we are probably the most aware of these issues. Sadly these decisions are generally made at the CEO level where we have very little influence, or in smokey, dark rooms where political decisions are made (and we have even less influence).

The problem is that the current laws are insufficient, new laws tend to be written by people that are against the things listed above, and nobody knows how to deal with data in one country being stored by a person in another county that breaks the laws of yet another country.

I've linked to services that do the things I talk about. I'll gladly add links to other services that have these features (email me or post a comment). I think everyone should go to their providers and ask (demand) all of the above, and we should ask (demand) our elected officials create laws that make these things possible, if not required.

But who has time for that, right? I mean... we're sysadmins! We're too busy to get political.