Sidekick Disaster Shows Data's Not Safe in the 'Cloud'

Silicon Insider: The furor over Sidekick data loss reveals a dangerous gap.

Oct. 16, 2009 -- If you own a T-Mobile/Microsoft Sidekick smartphone, I don't have to tell you this. But if you are among the millions who don't: on Oct. 1, literally every user of the Sidekick data service lost the private personal records – e-mails, notes, calendar entries, contacts, etc. -- they had stored on the system.

Initially, it was believed that information was lost forever. The official statement from Microsoft/Danger (the latter being the company that builds the Sidekick) and T-Mobile was that the data "almost certainly has been lost as a result of a server failure at Microsoft/Danger." Then, yesterday, Microsoft announced that it had managed to recover "most" of the lost data and blamed a "system failure in the core database and backup."

Needless to say, the lawsuits have already begun: The Sidekick's 1 million users had a deep emotional (and often financial) investment in the device … and that loyalty had been betrayed.

T-Mobile tried to assuage all of those hurt feelings by offering users, by way of apology, a $100 gift card and one month's free data service. As you can imagine, that only made many users even more angry. A hundred bucks? For the hours it will take to reconstruct a lost contact list and full appointment book? A month's free service? For that last photo of grandma in the hospital – now lost forever?

My friend Scott Budman, the veteran tech reporter for KNTV-TV in San Jose, Calif., and the "TechNow" television series, has just written an interesting analysis of the Sidekick debacle. In it he suggests that, ultimately, this is a case of misplaced trust in the reliability of far-off servers operating in that imprecise, ineffable reality of "The Cloud."

"Hardly a day goes by where I don't get a pitch for something new involving 'The Cloud,'" he writes. "And, really, in a rough economy, what could be softer than a cloud? The banks have let you down, your house has crumbled in value, your CDs have all but stopped paying interest. But the Cloud? It's tech-friendly, safe, and always there to protect your personal data … except when it's not."

In other words, and I think Budman is right on this, we have a dangerous gap between consumers' expectations and what the supplier believes it is obliged to deliver. In this case, Sidekick users expected the data they put on their devices would be sent to some safe place in the computing cloud where it would always be protected as part of the contract with Microsoft and T-Mobile.

Apparently, those two companies thought differently; that their job was to provide the highest quality product and service possible, and to make a good effort to keep customer data secure – an effort that, it seems, did not include creating redundancies and backup files.

As I've noted before, almost every service scandal in the history of tech -- dating back to the Intel Pentium 'bug' of 1994, or even the delivery of 'dead' Apple III's in 1980 and HP 3000's in 1973 – has to do with a disastrous disconnect between what the purchaser believes he or she is buying and what the seller believes it is obliged to deliver.

In these cases, the supplier is always wrong. Why? Because without the marketing surrounding the product or service, consumers would have no expectations whatsoever. And when you have a million or more angry customers who think you betrayed them, you can be damn sure that somewhere in your marketing/PR/advertising program you said something – explicitly or implicitly – that gave them an overblown expectation.

Sure, Microsoft and T-Mobile can logically argue that they were under no obligation to provide perfect data integrity -- after all, smartphone manufacturers aren't required to guarantee that data stored on their phones will be secure forever. But logic has nothing to do with it. Sidekick users expected their data to be safe in the cloud – and if Microsoft and T-Mobile didn't know that, they were negligent in their understanding of their users, and in violation of the resulting implied contract. And I predict that a judge -- if there isn't a mass settlement first -- will determine that this is true, even if there was some fine print on the Sidekick Terms of Usage that held the two companies not responsible for any loss of data.

The real damage, however, will not come from the lawsuits, but from the loss of faith. It's hard to believe that anyone will ever again trust their Sidekick. There will always be the nagging fear, every time to store some important piece of information on the device, that any second it might be lost … and the only response will be a shrugged 'Sorry' from Microsoft and T-Mobile, a small cash payment, and another month's free usage of a service you don't want to use anymore.

As for the rest of us, this little debacle should serve as a warning. Every day we place more and more of our trust in computing Clouds – that is, we shift an ever-greater fraction of our personal information from stand-alone personal devices to unknown servers off in some distant data center. We assume that information is safe – from hackers, from data miners and bad guys, from the government, and from erasure.

Fifteen years ago, when Oracle's Larry Ellison first proposed the idea of 'net' computers – i.e., cheap laptops that would use the Web for both software applications and data storage – he was met with derision. What fool, people asked, would entrust their vital medical records and family photographs to the Internet, where they might be lost or tampered with?

These days, it seems, we are all that fool. What, after all, is a Blackberry -- or a Sidekick -- but one of Ellison's net computers with, thanks to Moore's Law, a little bit more processing power? Yet, somehow, during those intervening years -- perhaps merely through habituation -- we've lost our fears about the risks associated with the Cloud. Now that we're fully committed, it appears that we have made a mistake.

Perhaps this Sidekick mess is merely a one-off event. But, once again, that doesn't matter. What counts is that we never really ever trust the Cloud again . . .and that's a pretty big deal when you consider that the notion of a 'cloud' is rapidly becoming the defining metaphor -- of business organizations, markets, educational institutions, search engines, and of course, computing -- in the 21t century.

In one respect, this lack of trust is a good thing. As consumers, we have been given fair warning, and should never allow ourselves to be blindsided again. And, if I was a company right now that provided any good or service connected with any kind of information Cloud, I would be putting plans in place right now for secure, redundant and back-up information storage -- because the next company this happens to will have no excuse.

This is the opinion of the columnist and in no way reflects the opinion of ABC News.

Michael S. Malone is one of the nation's best-known technology writers. He has covered Silicon Valley and high-tech for more than 25 years, beginning with the San Jose Mercury News as the nation's first daily high-tech reporter. His articles and editorials have appeared in such publications as The Wall Street Journal, The Economist and Fortune, and for two years he was a columnist for The New York Times. He was editor of Forbes ASAP, the world's largest-circulation business-tech magazine, at the height of the dot-com boom. Malone is the author or co-author of a dozen books, notably the best-selling "Virtual Corporation." Malone has also hosted three public television interview series, and most recently co-produced the celebrated PBS miniseries on social entrepreneurs, "The New Heroes." He has been the ABCNews.com "Silicon Insider" columnist since 2000.