Social networks and “free” shared Internet resources hosted by US multinationals offer enormously useful services like shared calendars and contacts, email available on any machine, even file sharing. But Google and Facebook scan everything you send, receive, or store, sifting through your data, mining it to sell, chopped up and reconstituted, to advertisers and corporate brands. And since these corporations are based in the USA, your private data isn't covered by strict European privacy law, it is under the jurisdiction of US legislation, with greatly reduced privacy protection.
Google's real customers are corporate advertisers and marketing departments, and the product they sell is you and your data.
Facebook, Twitter, Dropbox, and Google have changed the way we use our computers to interact with colleagues, friends, and family. Many services like shared calendars and contacts, email available on any machine, even file sharing are all available “for free” from these international corporations. Our data is stored in "The Cloud", floating somewhere on their servers.
But the fact that it's somewhere in "The Cloud" means that it's accessible everywhere you have an Internet connection, and makes these services incredibly useful, attractive, and convenient. So we put all the details of our private lives and business on Google's or Facebooks's servers in exchange for access to the tools which allow us to share these details with friends and colleagues, on any Internet connected device, anywhere in the world.
What is the "Cloud"?
Strictly speaking, "The Cloud" is a type of server technology, but the term is used to describe services where user data is stored "somewhere" on the internet, and synchronised with the user's devices: computer, tablet, and smartphone.
But what do these companies do with our data? Let's start with Google's GMail service. As Google's servers receive an email for you, they record metadata like the sender address, date, subject, and other information about the message. Then they scan the message for keywords, ostensibly to filter spam, and record the occurrence and frequency of these keywords. Finally, the email is delivered into your Gmail mailbox. When you reply to the email, your outgoing message is scanned, and the email metadata is logged on Google's servers.
Now Google's data mining work can start. Using the keywords of your mail, they can identify areas of interest to you. And using the metadata of your email correspondence they can create a social graph of the people you interact with. If you're a member of Google Groups, or use other Google services, the data and metadata of your email on GMail is cross-referenced and correlated with your accounts on these services. Above all, your relationships with other Google users are identified and cross-referenced, so that Google can correlate trends within demographic subgroups and sell that data to advertisers.
This is your own data and metadata, your own contacts and messages, but Google has taken control of it all. They actually know things about your contacts that you don't know, like who your contacts' contacts are. Since Google is based in the United States, the limits of what they can do with your data, and to whom they can sell it are fairly vague under US privacy law. In any case, the use of your Google data is not covered by strict European privacy legislation.
What is "Metadata"?
The term means "data about data", in other words the information associated with the underlying data. For example, the text and attachments contained in an email message are your data, while the date and time received, the sender's email address, and the servers the message has passed through are the email message's metadata.
Recent news investigations offer a glimpse of what the US Government spy agency, the National Security Agency (NSA) is tracking on individuals using cellphones or Internet services. The Guardian reported that Verizon, the biggest cellphone operator in the US is required to hand over subscriber telephone data, under a top secret court ruling. Then the Washington Post broke the news that the spy agency's surveillance wasn't limited to cellphones, but also included a data-collection operation called PRISM. The documents indicate that this PRISM program has direct access to the data hosted with US Internet companies. Nine companies were cited: Microsoft with Hotmail, etc. Google, Yahoo!, Facebook, PalTalk, YouTube, Skype, AOL, and Apple.
But most of the uproar recorded in the US press is based on the evidence that US citizens were tracked, on US soil. Neither the US government, nor US public opinion for that matter, seems to have any problems with US government surveillance of and data-collection on non-US citizens whose data happens to reside on the servers of US Internet companies.
Assuming you have no terrorist intentions, why should this surveillance and data collection concern you? In two words: the social graph. Just like Google and Facebook, US government spy agencies use "big data" tools to determine who knows who, by sifting through Microsoft Hotmail, Google GMail and Apple iCloud server records. For example you're a client of a manufacturer in Germany, who has another client in Turkey, who is suspected by the US to be selling to Iran. One NSA scan through your GMail records, and you're two degrees of separation from a suspected terrorist supplier.
The US constitutional guarantees against government surveillance of individuals cover US citizens only. If your data resides on a US server, and you are not a US citizen, you have no legal protection against US government surveillance.
If you're paying for their “free services” with your data, can you at least count on them to keep your data safe? Well, in fact, you can't. For Google, user support is just an added cost to produce their data mining products. If you, as a user, have a problem with their services, no matter how much you depend on them, you don't have a telephone number or even a reliable email address to contact them. You have absolutely no one to help you when you have a problem, or even just a specific question.
A German consumer group may have to sue Google just to get them to reply to email support requests individually!
So what can you do? These US Internet companies have created a truly antisocial network. What if you're an enterprise, an organisation, or even an extended family, and you just want to keep your data between yourself and the people you explicitly know and trust, and under European government jurisdiction?
Finding a reasonable balance between mobile convenience and privacy is quite complex and there is no simple single answer covering all aspects. You should keep security in mind as you choose which services you want to use. And you can use services which are inherently private to opt out of data mining completely, at least for email, contacts, calendar, and file sharing, like a Private Virtual Cloud and Email Server from Words and Wires.
Once you're paying a fixed rate for your own private Internet services, instead of using "for free" services that rummage through your data behind your back, you become the customer, and no longer the product for sale.
What's a "Private Virtual Server"?
Virtualisation encapsulates all the software necessary for a server, the operating system and applications, plus all your data and metadata, into a single file on a disk of a physical server.