The concerns that I’ve had about my own use of third-party-hosted email and CRM have just gotten a shot in the arm by a Security Focus article from Mark Rasch.
As a software developer, I was seduced by the incredible ubiquity and accessibility that browser-based apps provided. Now, however, I’m tending towards the view that if it’s personal, private or sensitive, it doesn’t belong in an electronic medium that was geared from the start towards publishing and not protecting data.
I think it’s time reconsider the tradeoffs of third-party hosting and take control of our own data on hardened server appliances that we own ourselves. As Rasch’s article claims, at least the authorities will need a warrant to seize personally-held data before they pool it for use by any official anywhere for whatever purpose. The protections for my data held by phone companies and ISPs have been under full-scale attack by the government for the last few years, and I don’t expect this trend to spontaneously reverse itself as the price of disk storage continues to plummet.
I therefore predict that there will be a backlash against data-holding service providers in favor of user-owned and user-controlled server appliances simply to escape from the threat of essentially warrantless snooping. Another possibility is to continue to use third party services, but only store encrypted data on them when privacy is at stake: this would require a complete rethinking of the client side and could tip the scale in favor of rich clients.
Read the article here.