- Is the same service available from several providers?
- Are there tools to move from one provider to another?
- Is the service available as software?
- Is the source code of the software published?
Trust is absolutely fundamental in any relationship—if we hadn’t grasped that already, then the PRISM scandal certainly exposed it. Trust in our government, trust in our service providers, and ultimately trust in other humans. But to what extent can we trust other organizations with access to our data, and the people within those organizations, to manage it appropriately and respectfully? In a post-PRISM landscape, it feels like the rulebook has been ripped up. Those who are sensible may still seek to hold data preciously close, but the revelation of Edward Snowden’s documents—detailing how the NSA broke into technology companies’ datacenters—begs the question: is anything safe online? The discussion has worryingly shifted from ‘how do we keep our data safe?’ to ‘how do we reclaim control of our data?’ Cloud services are precariously placed in this debate, given that data is stored and transferred virtually. Before a user invests time and trust in a service provider, several important questions need to be answered: most notably, whether the service provider acts responsibly with data entrusted to them, delivering the safe and secure service promised. Ultimately, trust is always relative to control, and how much trust you have in a provider rests on how much control you retain. The first and foremost requirement is therefore choice. If a service is only available from one provider, you are out of luck. Creating choice, and finding and securing control, can be defined by ‘four commandments’ as follows: