Unfortunately, as someone who works closely with Cloud technology, I am acutely aware of all the potential ways your data can be compromised when using centralized Cloud solutions. This frustrated me enough to develop Angelfish. Nearly all modern personal finance apps are Cloud-based, storing all of your financial data on a central Cloud service’s database, which a company is responsible for managing and keeping secure.
While Cloud-based apps provide some advantages, such as keeping your data backed up, letting you access your account data from multiple devices, and also allowing multiple users to collaborate and share the data in your account easily, I believe that new advances in decentralized technology will enable users to have all these benefits, without giving up control of their data to a company’s centralized Cloud service.
I don’t believe absolute privacy is an issue for most users, including myself, and regularly use convenient Cloud services like Facebook and Gmail. However, there are two areas where I would not be comfortable storing my data in the Cloud: personal financial data and personal health/medical data. Both of these are extremely personal to me. If compromised, it would give a 3rd party a lot of insight into where my money and assets are or health conditions that I may not want to be shared publically or even privately with insurance companies or governments.
While most people imagine hackers are the only risk here, who would use this data to blackmail or steal money from you, there is far more risk from governments and companies abusing this data than the risk of hackers, as I will share below.
The Risk of Hacking
First, I will cover most people’s concerns when they think about putting their data in a Cloud service, hacking. There are 1,000’s of data breaches
in the USA alone every year. Worldwide, billions of records are stolen and shared on hacker mailing lists, enabling hackers to access your accounts and data. In the worst case, even steal your identity to open up credit cards or hijack your bank accounts to steal money.
Unfortunately, even with even the latest security technology, every Cloud service is built and managed by humans. Humans who take shortcuts or make mistakes or can get disgruntled and go rogue, compromising the data they are responsible for. Because all the data is stored centrally, once a hacker gains access to the servers or databases running the Cloud service, they can usually start running scripts to take massive data dumps or find specific data they want to export.
While many Cloud personal finance apps will have some paragraph on their website about how they encrypt and store all your financial data securely, the fact remains, at some point, they will need to decrypt your data so you can access the app. This means they still have access to the encryption keys, which hackers can find and also use to view your data.
Cloud services also need to be operated and fixed when they have issues like the app going down. Usually, a few “trusted” company employees will have access to the backend service to troubleshoot and fix problems when they occur. This leaves a back door that Hackers can use or allows for rogue employees to do a lot of damage, and unfortunately, this is the trade-off needed so the company can maintain and keep the Cloud service up and running for their users.
However, while hacking is usually the primary concern for most users, I believe there are more significant concerns for user’s that choose to use Cloud services to manage their personal finances that are usually
not top of mind, but a genuine threat to their privacy.
The Risk of Companies
Nearly all the major online companies provide “free” Cloud services, whether it’s Facebook’s social networking services or Google’s Search, Gmail, or Drive products. They have an insane amount of data about each of us, and they are all trying to access the treasure trove that is your financial data. Facebook is doing this by trying to launch its own crypto-currency, Libra (renamed Diem recently after the backlash Libra received), and Google, Apple and Amazon are all playing around with their own wallets/currencies to gain access to all your spending habits, all “free” to their users, of course. In fact, Google is already doing this behind our backs in GMail, collecting a list of our purchases from email receipts we receive to collect more information on us for advertisers:
Mint by Intuit, which is probably the most popular app by the number of users in the personal finance space, also provides a “free” app supported by advertiser referalls using your financial data.
They want to do this and can give it to you for “free” because the data is immensely valuable to them, as they can sell “you” to advertisers. There’s a saying in Silicon Valley: “If You’re Not Paying, You’re The Product.” In Mint, you are bombarded with offers from other credit cards and banks when using the app because they can see all your current banks and cards and use that data to upsell you different offers from other banks and card providers.
Facebook, Google, and the other large tech companies will be able to send you extremely targeted advertising once they get access to all your income and expense transactions. A few years ago,
Target was in trouble because they could tell from their customer’s purchases if someone was pregnant, and start sending advertising for new baby products. When the dad of a teenage daughter complained after receiving lots of baby coupons in the mail, he found out that his daughter was actually pregnant, taking away any opportunity to tell her parents by herself first.
Imagine what a “free” Cloud app, with all your financial data in one place, would be able to do with that spending data, targeting you with ads, sharing that data with 3rd parties.
But even this, for me, isn’t the most significant threat to my privacy as I can ignore a few ads or use a paid service that doesn’t share or use my data for advertising.
The main risk is the Government.
The Risk of Government
Over the past 20 years, many people have started losing trust and faith in the Government. For my generation, I believe it began in 2003 after the US and UK decided to invade Iraq, lying to the press and their citizens
about the “risks” Saddam Hussain posed to our countries. When no “weapons of mass destruction” were found, and the information they used to go to war was discredited, it became a clear example of the Government lying to protect its interests, in this case, access to oil. The cost was the entire region is now a mess, creating a vacuum for new terrorist organizations to appear like ISIS due to their short sighed poor strategy and planning. In the last few weeks, we’ve seen how $2 Trillion and countless lives over 20 years in Afghanistan made no difference after the Taliban took over again in days after the US decided to pull out.
Unfortunately, there is a saying: “Never let a good crisis go to waste,” and since 9/11, we’ve seen Western governments around the world use that incident as an “opportunity” to increase surveillance and put in laws that compromise the privacy and protection of their citizens. Forty-five days after 9/11, the US hastily passed the Patriot Act which gives the US government permission to force companies to get data on users and companies behind their back. The Patriot Act is a crucial reason why a lot of European companies will not put their data in US-headquartered Cloud services,
because it potentially gives the US government access to all their data stored with that company if they want it without any court defense or notification to the end-user.
In 2013, anyone who suspected the Government was spying on their citizens was vindicated when Edward Snowden leaked NSA documents showing an extensive government surveillance program from phone and internet companies. Again, the justification for this was to “protect” us from terrorism after 9/11, and perhaps it has, but we’ll never know for sure, or the cost we’ve paid with our privacy.
The US isn’t alone in increasingly invading our privacy. Many Western countries have followed suit, most recently with the Australian Government’s new Mass Suvailance Manadate
recently being passed. It’s also easy to forget living in the West, that while we feel relatively safe from the threat of Government, there are many countries, most prominently China, where those freedoms don’t exist. They are increasingly collecting and tracking data about all their citizens at a scale only made possible with recent technology like Big Data and Machine Learning.
And of course, Covid-19 has created another “crisis” for Governments to push further legislation and programs that go even further. They are all pushing for more aggressive tax collection to pay for the insane amount of “money printing” done in the past 12 months. This is an extension of the Quantative Easing started in 2008 after the Financial Crisis, another event that led many citizens to question their own Government’s interests after the massive bailouts and hardly any repercussions for the bankers that created the crisis in the first place.
You may believe that if you’re doing nothing wrong, then why does it matter? The issue many people aren’t aware of is that most major governments are going broke. Even before the Covid-19 pandemic, many governments increased their debt to unseen levels after the 2008 crisis. They were reducing the purchasing power of their currencies by printing more money to cover budget shortfalls while also arguing about how they were going to meet their existing obligations for pensions and social welfare as the Baby Boomers started to retire en-mass.
As a result, we see an increasing crescendo of news and debate about increasing taxes, everyone paying their fair share, and increasing the powers of their tax collection agencies. Not that it will solve the issue, and you have to ask why they bother when they can print more money instead and kick the can down the road to the next party in power to deal with, but it’s a good excuse to increase surveillance again.
Part of Biden’s new tax bill in the US not only increases taxes but will expand the size and power of the IRS to essentially go behind your back to get all your financial data and audit you without your permission. Now imagine having all your financial data in a centralized Cloud service with that law in place. They no longer need to ask my permission to see all my finances; they can go to the company holding all my financial data behind my back and get it all, including my Crypto holdings, foreign bank accounts, and assets I track in the app. Everything. And if they find some mistakes, you can find yourself fighting a court case, or worse, having your accounts frozen while they “investigate” your case for months, maybe years.
This happens already today, even without these proposed powers. I know a guy who had a partner in a business being investigated for tax fraud. Because they were linked via the business, he also had all his accounts frozen by the IRS for weeks while the IRS investigated their case. This left him without any money to pay his rent, food, and other expenses, creating an extremely stressful situation until he was proven innocent and his accounts unfrozen. Not quite the “innocent until proven guilty” approach I thought was at the core of American law.
The IRS has also been weaponized by political parties to target their rivals. In 2013, the IRS was caught targetting and using its powers to harass conservative groups with names including the word’s “tea party”. Imagine just how much more effective they could have been with the new law Biden is introducing to get all your financial data behind your back.
I pay my taxes, but I am an international citizen living in the US, and I have been shocked at how much more data the Government here collects than my more straightforward UK tax return before. The FBAR requires me to list all my international accounts and balances each year, and the IRS is now putting questions on the personal return trying to probe Crypto holdings. Unless I had a taxable event, why should the US government ever need to know about my international accounts and Crypto holdings? It feels like a massive overreach to me.
And for those in the Crypto space like me, considering the US government already confiscated and then repriced Gold in 1933 from its Citizens, am I at risk of being
targetted and being forced to sell my Crypto if they have information on all my holdings and decide to make it illegal as it becomes an increasing threat to Government’s ability to print and control their currencies and pay back their debts?
I strongly suspect that over time, most governments will become even more aggressive and invasive with their tax policies and laws, as they struggle to pay for their obligations and start losing their power to manipulate their currencies as Cryptocurrency matures. If that becomes the case, I certainly don’t want to make the IRS’s job super easy and find out some IRS agent has gone behind my back to see all my financial data because I put it all in some company’s Cloud app.
Conclusion
Fortunately, while technology has enabled Governments, Companies, and Hackers to have even more access to your data, it will also be technology that puts the power and control back into the user’s hands. This is why I strongly believe in “local-first” apps, where your data is stored locally on your own devices for you to securely store and retain ownership of your data without a “trusted” 3rd party looking after it on your behalf. It’s also why I’m excited by all the new decentralized technologies appearing in the past few years. These technologies will enable a Cloud-like experience for users without the app developer, company, or anyone else accessing your data behind your back without your express permission.
If you also think your financial data should be private and secure to you, then sign up for Angelfish so you can still track all your finances without compromising your security and privacy.