It was at about this time that I started thinking about the ramifications of this problem beyond our own situation, desperate as that situation felt to us just then. Through more than 30 years of computing, I’d had my ups and downs with data storage. My very first computer, a Processor Technology SOL-20, was nearly incinerated along with all of its electronic contents when a lightning bolt hit our house in the early 1980s. (The contents included the notes and drafts for my book National Defense, which fortunately I’d printed out on paper.) Hard disks fail; laptops get dropped. But I’d never before imagined the chance of total, catastrophic, years’ worth of loss. This was a loss whose sweeping magnitude was possible only because my wife had entrusted her data exclusively to the most professional of pros: Google’s operation in the cloud. If we had thought that data security was strictly up to us, we’d have made backups of some sort to limit the potential damage—much as we would lay in our own firewood and keep our own chickens and cows to be sure we’d never freeze or starve if normal supplies were cut off. In my own version of Depression-style thinking, and with that lightning strike in mind, I had always made triply redundant backups of anything that mattered to me, including e‑mail. Local on-disk backups of Gmail archives, via programs like Eudora and Thunderbird—or both. Online backups of those local backups, through SugarSync and Dropbox—and then more local backups on my other machines. But my wife had trusted the cloud and Google. And now?
Her move to the cloud had coincided with the larger and irreversible shift of business, personal, governmental, and every other sort of activity to the cloud. The shift is irreversible because it brings so many advantages. Who would go back to searching for addresses on paper maps after using online mapping services? Needing to save and file canceled paper checks rather than inspecting them online, or doing a thousand other chores in pre-cloud form? In addition to these corporate and public services, whose users are increasingly conducting their business and storing their data in the cloud rather than on paper, our personal data has moved to the cloud as well, with the premise that we’ll be able to retrieve and work on our correspondence, our contacts, our photos and documents, from any computer connected to the Internet. But, of course, the more we rely on the cloud, the more we expose ourselves to its vulnerabilities. These include the breakdowns that affect any complex system. When much of Washington had a multiday power outage after a snowstorm last January, the loss of Internet service seemed almost as crippling as the loss of light and heat. They also include deliberate attacks—for criminal gain, spying, or sabotage—that are sure to increase as the value of cloud-based information does. “Where the money is, that is where the criminals will go,” a former National Security Agency official named Ken Silva, who now works as an online-security specialist for Booz Allen Hamilton, told me this summer. “Where the sensitive information is concentrated, that is where the spies will go. This is just a fact of life.” The more important online storage becomes, the more relentlessly it will be under attack.
For instance: Chastened by my wife’s experience, I decided to make my online passwords “stronger,” and to shift to an online storage site to manage them. The following week, that site—LastPass.com—was itself hacked and some of its data stolen. (I still use it, as I’ll explain.) At around the same time, the anonymous hacker group LulzSec, operating under the motto “Laughing at your security since 2011” (the first part of the name is phonetic for “LOLs”; the second stands for “security”), started functioning as a kind of tech-world version of WikiLeaks, penetrating corporate sites and then publishing large numbers of usernames and passwords.
Sony, Citibank, Veterans Affairs, major hospitals, tech firms like Intel, Cisco, and Google—I stopped keeping track of the institutions that announced intrusions, after security experts told me that essentially every major organization suffers ongoing attacks. But I used the shock of my wife’s experience as an occasion to educate myself about the vulnerabilities and new rules of operation in the cloud era, as they involve corporations and institutions as well as individuals. What I found is not all good news, but it is better than I might have feared. It includes some hopeful signs about the way corporations and governments are defending their data, and manageable practical steps individuals can take to avoid scares like the one my wife had that day.
I say “scare” rather than “trauma” because—to skip ahead in the story—my wife eventually got her e‑mail back, through Google’s recent “Undeletion Project,” as I called it when I learned of it. But it was a long time before that happened, and our attitude toward Google got much worse before it got better. I concentrate on Google here because that’s where we had our problem, and more generally because of its exceptional international role. But everyone I spoke with there and at other organizations emphasized that our experiences with Gmail—the brush with disaster and subsequent revelation of the gulf between data professionals’ view of reality and what the rest of us assume—were not exceptional at all but were variations on a cloud-wide theme. And our experience and revelation would apply to most people using most online services, including Apple’s pending “iCloud” services and Microsoft’s continuing movement of Windows services to the cloud.
I felt antsy rather than sleepy on that first night after the attack, as I kept fielding calls and e‑mails from friends and spending time on hold trying to change our credit-card numbers. So I was still at the computer a little after 2 a.m., monitoring both of our e‑mail accounts, when Google’s recovery team sent its response to our “My e‑mail is missing” form. I’ve boldfaced the parts that jumped out at me:
From: The Google Team
Date: Thu, Apr 14, 2011 at 2:01 AM
Subject: Re: [#791225671] (no subject)
We have processed your request to recover mail that may have been inappropriately purged from your Gmail account. Any previously deleted messages that we were able to recover will now be in your account in a newly added label called ‘recovered <time stamp>.’ If the message(s) you are looking for are not in this label, they unfortunately are not recoverable.
If you have not already done so, we suggest that you take the steps outlined in our Security Checklist to ensure the security of your account: http://mail.google.com/support/bin/static.py?page=checklist.cs&tab=29488
We unfortunately will not be able to respond to any further emails on this case.
The Google Team
I looked immediately at the “recovered <April 14>” folder. A little over a thousand messages were there, reaching back to January of this year. But from the preceding six years, nothing at all. And that was it? “Unfortunately” they are not recoverable and Google “will not be able to respond to any further emails on this case”?
I waited until my wife got up a few hours later to rant and rave and yell. A company presents itself as the world’s leader in handling big data; it attracts users to its services (albeit free, but indispensable to the company as advertising vehicles) with the idea that trusting cloud services is moderne; and then it exposes them to something few sane users would accept on their own—the risk of “single-point failure” that could in a few minutes eliminate many years’ worth of crucial data. This is the same company famed for making every bit of data part of the world’s “permanent record.” That embarrassing picture of you in a nightclub, that subversive definition of “santorum”—they and other ephemera are eternal, but all your e‑mail can disappear before noon?
At this point I thought: To hell with journalistic detachment. Over the years I’d come to know lots of people at Google, and I decided to forward the “Unfortunately …” message to one of them. This friend was not Eric Schmidt, the company’s longtime CEO and now executive chairman, whose family my wife and I had gotten to know long before his Google era. (Embarrassingly enough for us, and possibly for him, he had received one of the “Mugged in Madrid” notes, which he passed on to me with a terse “Deb’s e‑mail has been hacked” subject line.) But the person I sent it to, Michael Jones, Google’s “Chief Technology Advocate,” was in a position to direct extra attention to the problem. My message was: You (Google) cannot be serious about this. You cannot entice people into relying on your services, and be so cavalier about the risks they are exposed to. Can you?
A little more than a week later, after several more warnings that “unfortunately” nothing might be recoverable, my wife did in fact get her messages back, all 4+ gigabytes. The first thing I did was to back them all up onto her hard disk, with Thunderbird—and then back up those archives elsewhere, just in case. But one of the next things I did was to arrange a trip to Mountain View to try to understand what had happened. My main discoveries exposed the gulf between the way information professionals understand the realities, vulnerabilities, and responsibilities of the cloud era and the way the rest of us do.
After interviews at Google with staff members ranging from the senior officials who set security policy to the young engineers who had eventually figured out how to recover maliciously deleted e‑mail (including my wife’s), plus follow-up interviews elsewhere, I had three “key takeaways,” as they say in the tech world. They involved the scale of the hacking problem, not just for individual users like us but for organizations; the nature of the arms race between people trying to steal or alter data and those trying to protect it; and the expectations of what citizens need to do to protect themselves.