Forum: CAT Tools Technical Help
Topic: Way to store my master TM on cloud and access it with CAT
Poster: Patrick Porter
Post title: privacy 102 ;)
[quote]Michael Beijer wrote:
...Google will not "harvest the content of your drive", don't worry. Google won't do anything sinister with the content of the documents on your computer. That would be insane. That's just an urban myth people like to tell around the campfire ;)...
...
...on a site or blog where this is discussed by a professional with sufficient legal knowledge and understanding to discuss this in a meaningful way?...
....
...So if you have sworn to never use a cloud service and feel all smug about your choice, maybe you ought to stop using email too, or encrypting all your email content and using encryption keys, etc., which is always a sure-fire way of making your daily interactions with your clients work smoother and more efficiently ;)...[/quote]
Well, I have studied law, and although I don't practice as a lawyer, I do know a bit about privacy and contracts and the like, and much of my translation work deals with these areas, especially information privacy. So based on that, I feel qualified to comment here, but of course the following is just my opinion and I am not claiming to be a legal expert on privacy or offering any actual legal advice, to anyone, on anything.
Data privacy is important and should be taken seriously. While it is possible to take it too far and be hyper-vigilant to an unreasonable extent, there may actually be some problems with storing a client's data on a traditional cloud server, and encryption is probably not a bad idea. Possibly not completely necessary, no, but why would it hurt? And distinctions can be made between the type of content being protected and the means with which it will be stored/transmitted.
For example, sometimes I translate content that is freely available on the public internet. In those cases, there isn't much privacy concern, at least with the actual content. However, if there is an NDA, it is likely about more than just the content. There is a sort of meta-content in these translator-client relationships, i.e., back office procedures, email addresses, names, etc. that for various reasons a client might want kept confidential. This might seem a bit insubstantial, but it's a factor nonetheless.
Then there is content which is highly sensitive and confidential. In my case, I'm not dealing with state secrets or anything, but often the content I translate does contain trade secrets and "know-how". Much of what I translate is explicitly marked "confidential" or "for internal company use only". That's the point of having contractors sign an NDA.
Of course on one hand, the "don't worry" argument does make some sense. Probably no one will look at and/or steal your data or that of your clients. Even if a cloud provider were hacked or there were a malicious sysadmin with read access to your volume, data could arguably be considered safe by virtue of it being a needle in a haystack. In other words, how would anyone know exactly where to look for something worth stealing in the mountains of data for just one user, let alone the multitude of all users? But it doesn't matter what I think the likelihood is of someone actually snooping or stealing. Any NDA I've ever signed has required complete confidentiality, not something like: "go ahead and hand over our stuff to a third party as long as you think it's reasonably unlikely to be accessed and/or used maliciously".
As for email, I have to admit that it is a little mystifying when clients who ostensibly are very serious about privacy send me sensitive documents as email attachments. Many of my clients use their own secure portals or secure FTP for file transfer, but not all of them. So, yeah, this does make the whole privacy concern seem like a storm in a teacup. We surely can't do away with email, and as was alluded to earlier in the thread, end-to-end email encryption is not a realistic solution.
But when it comes to encrypting cloud storage, what's the harm? As long as it's a technically reasonable solution it seems worth it to me. I might be a bit biased. For my part, I was a slow adopter of cloud storage, partly because I run my own server and don't need the cloud for mobility. But currently I do use the cloud for periodic (encrypted) backups, which seems like a reasonably prudent thing to do. I have a script that automatically backs up certain volumes, encrypts them, and uploads them to cloud storage. It's really not a big hassle for me to do this.
For real-time cloud storage, encryption might be more complicated, and admittedly I'm not very up-to-date on the storage services out there and how efficient it is to use encryption with them. Since I don't need this kind of service right now it hasn't been worth looking into. But if there is a reasonably efficient solution to encrypt, I don't see a problem in doing it.
[Edited at 2015-06-27 16:40 GMT]
Topic: Way to store my master TM on cloud and access it with CAT
Poster: Patrick Porter
Post title: privacy 102 ;)
[quote]Michael Beijer wrote:
...Google will not "harvest the content of your drive", don't worry. Google won't do anything sinister with the content of the documents on your computer. That would be insane. That's just an urban myth people like to tell around the campfire ;)...
...
...on a site or blog where this is discussed by a professional with sufficient legal knowledge and understanding to discuss this in a meaningful way?...
....
...So if you have sworn to never use a cloud service and feel all smug about your choice, maybe you ought to stop using email too, or encrypting all your email content and using encryption keys, etc., which is always a sure-fire way of making your daily interactions with your clients work smoother and more efficiently ;)...[/quote]
Well, I have studied law, and although I don't practice as a lawyer, I do know a bit about privacy and contracts and the like, and much of my translation work deals with these areas, especially information privacy. So based on that, I feel qualified to comment here, but of course the following is just my opinion and I am not claiming to be a legal expert on privacy or offering any actual legal advice, to anyone, on anything.
Data privacy is important and should be taken seriously. While it is possible to take it too far and be hyper-vigilant to an unreasonable extent, there may actually be some problems with storing a client's data on a traditional cloud server, and encryption is probably not a bad idea. Possibly not completely necessary, no, but why would it hurt? And distinctions can be made between the type of content being protected and the means with which it will be stored/transmitted.
For example, sometimes I translate content that is freely available on the public internet. In those cases, there isn't much privacy concern, at least with the actual content. However, if there is an NDA, it is likely about more than just the content. There is a sort of meta-content in these translator-client relationships, i.e., back office procedures, email addresses, names, etc. that for various reasons a client might want kept confidential. This might seem a bit insubstantial, but it's a factor nonetheless.
Then there is content which is highly sensitive and confidential. In my case, I'm not dealing with state secrets or anything, but often the content I translate does contain trade secrets and "know-how". Much of what I translate is explicitly marked "confidential" or "for internal company use only". That's the point of having contractors sign an NDA.
Of course on one hand, the "don't worry" argument does make some sense. Probably no one will look at and/or steal your data or that of your clients. Even if a cloud provider were hacked or there were a malicious sysadmin with read access to your volume, data could arguably be considered safe by virtue of it being a needle in a haystack. In other words, how would anyone know exactly where to look for something worth stealing in the mountains of data for just one user, let alone the multitude of all users? But it doesn't matter what I think the likelihood is of someone actually snooping or stealing. Any NDA I've ever signed has required complete confidentiality, not something like: "go ahead and hand over our stuff to a third party as long as you think it's reasonably unlikely to be accessed and/or used maliciously".
As for email, I have to admit that it is a little mystifying when clients who ostensibly are very serious about privacy send me sensitive documents as email attachments. Many of my clients use their own secure portals or secure FTP for file transfer, but not all of them. So, yeah, this does make the whole privacy concern seem like a storm in a teacup. We surely can't do away with email, and as was alluded to earlier in the thread, end-to-end email encryption is not a realistic solution.
But when it comes to encrypting cloud storage, what's the harm? As long as it's a technically reasonable solution it seems worth it to me. I might be a bit biased. For my part, I was a slow adopter of cloud storage, partly because I run my own server and don't need the cloud for mobility. But currently I do use the cloud for periodic (encrypted) backups, which seems like a reasonably prudent thing to do. I have a script that automatically backs up certain volumes, encrypts them, and uploads them to cloud storage. It's really not a big hassle for me to do this.
For real-time cloud storage, encryption might be more complicated, and admittedly I'm not very up-to-date on the storage services out there and how efficient it is to use encryption with them. Since I don't need this kind of service right now it hasn't been worth looking into. But if there is a reasonably efficient solution to encrypt, I don't see a problem in doing it.
[Edited at 2015-06-27 16:40 GMT]