When the “Lion” eats your data

Welcome to “Mountain Lion” - Apple’s most recent operating system for Macs. More than 200 new and useful functions come with this version*. But hold on! New and useful? With this Lion comes the full integration into Apple’s “iCloud”, the same iCloud already used for iPhones and iPads.


While iCloud might be pretty smart if you want to synchronize or back up all your data, it is a black hole for privacy and confidential documents. iCloud not only synchronizes your photos, music and videos, but also your e-mails, calendar entries, passwords (in encrypted form) and fully backs up your device. With “Mountain Lion” even your Microsoft Word documents locally stored on your Mac might be pushed over to the Apple computer centres. It is still unclear what Apple intends to do with these masses of data. Of course they don’t just do it because they are kind people. They have a business to run and money to earn. So maybe they will follow the Google/Facebook route and profile you and analyse your activities…

And this is where the problem starts. If you enable iCloud on your Mac (or iPhone/iPad), sensitive CERN information might leak out of the Organization. This could have serious consequences as external providers do not necessarily guarantee the same level of data privacy as that provided by CERN, as they are subject to national legislations which are less protective. Furthermore, once CERN documents are transferred, there are implications for CERN’s privileges and immunities as an intergovernmental organisation. We have just lost control over our sensitive assets…

Of course, this is not a Mac-only issue. If you forward your CERN e-mails to any external mail provider like Gmail.com and, thus, “let your mail leak” or if you “send your data into the cloud and make it… vaporize” at Dropbox or Rapidshare, for example, proper protection of this data can no longer be guaranteed. Worse, this cannot be reversed: once the documents are out of CERN, they are totally beyond control. Just recently, Dropbox lost a list of e-mail addresses of some its customers to an attacker.

Therefore, think twice if you enable “iCloud” on your Mac, iPhone or iPad, or use Dropbox, Gmail & co. For professional data, remember that CERN is also a cloud service provider. Your CERN mailbox is available, too, over the Internet, along with your files stored on DFS or AFS. Remote log-in is possible through the LXPLUS cluster or the CERN Windows terminal service. So why not use a service which you can trust? Check the different means to connect to CERN over the Internet here.

If you have any questions, suggestions or comments, please contact the Computer Security Team or visit our website.

* This new version is available on CERN DFS.

Access the entire collection of Computer Security articles here.

by Computer Security Team