A customer tries out the new Apple iPhone 5C at the Berlin Apple Store. Sean Gallup/Getty Images
Marketplace Whiteboard®

In the cloud, you are the weakest link

Paddy Hirsch Sep 2, 2014
A customer tries out the new Apple iPhone 5C at the Berlin Apple Store. Sean Gallup/Getty Images

To those people who argue nothing is safe on the Web, and if you keep pictures of your naked self in the cloud then you deserve what you get, I say, HealthKit!

Yes, you’re a highly moral, entirely sensible person who would never be: a) depraved enough to take those kinds of photos, and b) stupid enough to keep anything private in the cloud. The Web ain’t safe, people! You’re just asking for trouble if you do that, right?

But what about your health information? Would you be happy to keep your scans and your pharmaceutical records up there? What about your doctor’s notes on that nasty rash you got last summer? And your payment records?

Cause it’s happening, people.

Your most private personal data is headed for the cloud, and if you were worried about your nudie selfie collection, you should be petrified about your medial and financial records. Apple’s HealthKit initiative is aimed at getting health care providers and patients to keep all their health care data in one place. HealthKit hasn’t happened yet, but it’s coming, and when it does happen, your data will be stored up there, in the cloud (OK, the cloud is actually a huge server farm, but you get the picture), protected only by encryption and a password.

And we know how useful that is: There are already services out there that provide cloud services for health care, and studies show that more than 13 percent of these services are high-risk, and 77 percent are medium risk.

Initial reports on the celebrity photo hack suggested that the hacker in question had broken into Apple’s iCloud, which is where HealthKit data would be stored.

So far there’s no proof iCloud was hacked, and Apple has denied iCloud was breached, saying it was a targeted attack. Apple must be sweating hard right now, not least because some of the hacked celebrities are pointing the finger. More seriously, much of the success of Apple’s business has been due to its reputation for invulnerability: Its computers were famously resistant to hacks and bugs. The last thing it wants now is for its iCloud to appear as full of holes as Swiss cheese.

The fact is that networks are always going to be vulnerable, and as soon as Apple opens HealthKit for business, some anarchist or criminal is going to try to hack it. And the easiest way in is going to be through you and me. iCloud’s weakest spot is the user interface, because while Apple can spend billions to build huge walls around its networks, it can’t do anything to force its users to be more secure.

The fact is that we’re lazy. We’re going to use the same old passwords we’ve always used, the ones that are easiest to remember and replicate and guess. We’re going to connect all our devices, because it’s simpler that way, and we’re going to effectively dig a long tunnel into the fortress of iCloud that any half-decent hacker will be able to navigate. We may put a lock on the door to the tunnel, but the chances are it’ll be some rusty old thing that’ll be a cinch to pick open.

You’re all rushing to change your passwords now, aren’t you? No, I didn’t think so. But if you do, here are some tips. 

There’s a lot happening in the world.  Through it all, Marketplace is here for you. 

You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible. 

Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.