Security and Privacy Concern about Logos4 Phonning Home

[quote]If you make it possible for users to disable some key feature of the
product, some of them will do it, and a certain percentage of those will
not read the fine print and will not understand what is really being
disabled. Then they'll come crying to Logos if their computer crashes
and they lose all their Notes. And it will be a support cost for Logos
to give those people (even if it's just a small fraction of the users)
some cold comfort over the phone when they are distraught over their
years of sermon notes being blown away in one moment. And a certain
number of those users will be upset at Logos for NOT backing up their
data like it was supposed to, even though they disabled it themselves.
And some of those ones will demand their money back. And it's yet
another complexifying of the code, so an opportunity for subtle bugs to
creep in, thus causing more potential user support calls. So none of
this is easy for Logos to handle.

Four points to consider:

1. Are you saying that people should be responsible enough to read the fine print on the acceptable use agreements, and realize they should not put personal data in the software, but they shouldn't be responsible enough to know what they're doing when they turn off synchronization of some specific pieces of that same personal data? it's a long stretch to say, "my users aren't responsible enough to
understand what they're doing when they turn off the synchronization of
specific pieces of personal data, but they're responsible enough to know
what sorts of personal data should, and should not, be placed into my
software." The argument on personal responsibility cuts both ways, so
it's a wash in either direction.

2. If someone reads the fine print on the acceptable use agreements, and comes to the conclusion that they cannot store personal data in Logos in good conscious, how does that change the situation in regards to their personal data being lost, specifically? Are they less likely to lose their personal data because they are forced to store that information in a different piece of software? The underlying logic is, "I'll protect the data you put into my software, but if you put something in there I don't think you should have, I'm not responsible, and if you put something in another piece of software and lose it, I'm not responsible." It's a bit contorted, to say the least.

3. How do the other pieces of software already on your computer deal with this situation? Does Microsoft require that you back your Word, Excel, or Powerpoint documents up to their server to keep you from losing them? In fact, I have several pieces of software that pop a dialog box when I exit that asks me, specifically, if I want to save backups of my work every X number of days (Embird, for instance). The point is no-one else forces me to lose privacy to save my data to cut their support costs; there are other reasonable solutions that have been found to this problem in the past, and any number of them could be successfully applied here, as well.

4. Will it be cheaper for Logos to deal with a few users who lose their personal data, or with a single court cases when data is unintentionally exposed? It seems to me it's a foolish bet to advertise, "your personal data is synchronized so you won't ever lose it," and then expect a "fine print waiver" stating you shouldn't put "really personal stuff," in the software in the first place. IMHO, the "fine print" is a legal fiction, and Logos would lose this one in court. Other companies have, in fact, lost on this line of argument (which is why there are many warning stickers on ladders, not just one).

I'm sorry, but this line of argument simply doesn't hold up. I completely understand the issue of keeping the software up to date--again, whether or not I agree with it is immaterial, really, when dealing specifically with personal data. But there is no argument for synchronizing personal data that doesn't cut both ways. In legal terms, I think Logos is setting itself up to be sued. Ethically, I think the idea of forcing users to synchronize their personal data, and then putting a "loophole" in place to try and protect yourself legally from the consequences of that synchronization, is questionable, at best.

:-)

Russ

==

Added:

You're also expecting people to understand the importance and implications of metadata in the data they do decide to store on Logos' servers when you say they should "know" they can't store "really personal stuff" in the software. Is this a reasonable expectation? In my experience, no. And it again runs counter to the claim that Logos is just covering for people who aren't responsible by backing their data up for them.

Finally, it's a defensible position for Logos to say, "we gave people the option, and this specific user decided to place this data on our server, contrary to our terms of use." It's not very defensible to say, "the terms of use say not to store this sort of data on the server. If the user didn't like those terms of service, their other option was simply not to use the software." I don't know of a single court case where the court has held in favor of the argument, "well, the user could have simply not used my product in the first place." You took the money for the software, you're responsible, end of story.

Russ White said:

Does Microsoft require that you back your Word, Excel, or Powerpoint documents up to their server to keep you from losing them?

It is my understanding that MS Office 2010 will be making use of the cloud to store files - so they become accessible from any hotspot.  I do not know how much control they will give to the user to decide what goes into the cloud and what does not.

Floyd Johnson said:

Russ White said:

Does Microsoft require that you back your Word, Excel, or Powerpoint documents up to their server to keep you from losing them?

It is my understanding that MS Office 2010 will be making use of the cloud to store files - so they become accessible from any hotspot.  I do not know how much control they will give to the user to decide what goes into the cloud and what does not.

In which case Microsoft will lose every corporate, military, and government client it has.

Okay, I have a challenge for those on this thread who think it's perfectly fine for Logos to require you to synchronize personal data (such as notes and prayer lists):

1. What possible cost savings could there be to Logos to force this issue beyond the cost of coding the feature itself? The cost of people losing their private data is a nonsense claim, so don't bother with that one. Find a real reason creating such a feature would cost Logos money, explain it, and given an example.

2. What is your objection to such a feature? Is it that you are afraid of losing your data if Logos created such a feature?

IMHO, this is such a simple request, with absolutely no downside, with a strong moral and legal force behind it, that I really cannot understand why people are against providing such a feature. What is your motivation for arguing against a feature that allows you to choose which private data to store on the Logos server? I've given my reasons such a feature should exist, but they've been generally "poo-poo'd," treated as if they have no basis in fact. Now, what are your reasons? Let's see why you think Logos should force users to synchronize notes files, prayer lists, etc, onto their servers--other than the claim that it will "save people from themselves."

Russ

P.S. It frightens me that a group of people should be so unaware of the privacy and security implications of their actions, and even actively support losing their privacy.

It's still the same problem in a sense. Even *IF* Microsoft allows what is sent to/from the cloud they still need to secure its transport AND its storage. I still have no clue how Logos is doing EITHER. If I'm really enterprising I could fire up Wireshark and see what's going on but it doesn't appear that there is any information as to what the program is doing by way of securing transportation of data and then storage.

Russ is correct, Microsoft can't force the storage of data into the cloud. There's too much sensitive data out there. Even if Microsoft put up in BOLD letters everytime you hit save not to send it into the cloud that doesn't prevent lawsuits. Its a matter of who has more lawyers and can afford the attrition of the legal system and last time I check...that would be the government and military .

Finally, as Russ said I'm baffled as to the resistance of people in this scenario...but just as the people arguing for it isn't willing to back away from the discussion the only people I really care to hear from is Logos as to what they're going to do about it. If their answer is they're not concerned and there's nothing they're going to do about it then I need to know and act accordingly. If they are planning to "fix" it then I want to know too.

The part that is absolutely annoying is the silence from Logos other than the prior posting which clearly wasn't addressing the main issues.

James Ng said:

Microsoft can't force the storage of data into the cloud. There's too much sensitive data out there. Even if Microsoft put up in BOLD letters everytime you hit save not to send it into the cloud that doesn't prevent lawsuits.

Give me the last three cases Microsoft was held liable for security breaches across their product line.How much were the damages awarded?  [:D] Even God gets sued in the United States. (Really. Check the record.) The judge dismissed the case because 1) God wasn't properly served papers & 2) the court's jurisdiction did not include wherever God resides.

If ye are the light of the world, why do you want to hide under a bushel? Martha is right. There are plenty of real life issues to deal with. I don't care if the world finds out I use Logos. And the only thing Logos sees is; I spend too much time on their product pages coveting more stuff.

Ray Timmermans said:

It really doesn't matter what I think about the matter because I have agreed to the EULA with a click of a button. What matters is what has been agreed to by the parties. That is the EULA. In my book,  that settles the matter legally.  I will let others debate the question of morals and ethics. I am satisfied that Logos 4 has met its obligation in advising me about the product's usage . But I don't expect moral arguments to be compelling to a court of law (nor should you) where the rights and duties of the parties are specifically spelled out in the EULA and have been agreed to. Nor do I feel I can blame Logos for not being more protective of my privacy rights when I have the opportunity to turn off Internet access, work offline, etc., etc. 

So if LOGOS has a security hole and a third party gets a hold of your confidential prayer requests or other notes, LOGOS is not responsible.  But that does not keep you from being sued by a parishioner or his or her non-believing spouse.  Of course, you have the opportunity to turn off Internet access, work offline, etc., etc.  But then how many of us have really done this?

I am not terribly concerned - I have not turned Internet access off.  But I would like to know how our information is being stored on LOGOS' servers.

Bob's "reply" doesn't address any of my questions and the disclosure of any of that information isn't/shouldn't be a threat. They explain EXACTLY how their webpage is secured. I'm looking for the same information for their program.

No I haven't changed my questions, I'm simplifying it for them since it seems that people are confusing a number of topics. When they tell me those answers it'll tell me what I need to do.

ETA: I just opened a ticket with them with my specific questions as this thread really isn't yielding any answers for me.

Exactly. I want to know for my DATA, but everyone says Logos has answered this question and they clearly haven't. The OP seemed to indicate you don't share this type of information which isn't true. I'm pointing out there's nothing secret about this or shouldn't be. They shared the information with their webpage which is protect Credit Card information. I want the SAME information for my data from the Logos 4 program.

I want to know HOW they send it to their server and what type of encryption if any. Depending on how they answer the basic questions determines how I respond.

ie, What transport are they using?

What security algorithm?

I'm not even concerned about their server protection yet, I'm not convinced they're protecting my data on the WAY there. If they're not even protecting the data on its way there then I clearly can't trust them to protect it on the server.

Floyd Johnson said:

So if LOGOS has a security hole and a third party gets a hold of your confidential prayer requests or other notes, LOGOS is not responsible.  

Correct. If I am using Logos as a prayer diary, I am not using it properly--in fact I would be using it outside the terms of the EULA. That would not be Logos' fault, it would be mine. Furthermore, knowing that this type of information is of the kind not protected via the EULA, a case could easily be made that I would have a professional responsibility NOT TO use it in this manner because of the EULA. I expect Logos Bible Software to save my searches and give me the ability to make my research easier, not to manage every aspect of my life. And, just as I don't use a spreadsheet program to do my word processing, I don't and shouldn't use a research tool to store prayer requests. That's not its function.

Floyd Johnson said:

But that does not keep you from being sued by a parishioner or his or her non-believing spouse.  Of course, you have the opportunity to turn off Internet access, work offline, etc., etc.  But then how many of us have really done this?

I'm thinking probably more should.  ;-)

Ray Timmermans said:

And, just as I don't use a spreadsheet program to do my word processing, I don't and shouldn't use a research tool to store prayer requests. That's not its function.

But the whole reason this has become such an issue with some folks is that is part of its function. Logos has a Prayer List feature, specifically for storing your prayer requests and tracking when they are answered. Why should people be expected not to use that feature, just because of some fine print in the EULA, when it is part of the software?

Russ White said:

Find a real reason creating such a feature would cost Logos money, explain it, and given an example.

I think that the real reason that Logos created the feature was to avoid the cost of helping users synchronise their files between two or more systems. This was always a challenge in Logos 3 especially for users who actively use two systems and never knew which if any version of a user file was the master. When we first started looking at the feature in the Beta the discussions centred on the ability to synchronise and not backup files. As I see it the backup capabilities in Logos 4 are a side effect of the synchronise feature rather than a carefully planned backup solution.

Matthew C Jones said:

Something really bugs me about a bunch of Pastors who document sensitive, potentially devastating data on their computers

I don't store personal information in Logos, but most pastors will "document sensitive, potentially devastating data on their computers", so I'm not at all sure the right attitude is to be 'bugged'. Where else would you store minutes of elders' meetings, pastoral letters to members of the congregation, notes of church discipline issues, etc.?

(In my case, my entire HDD is encrypted; my Windows-logon is secured with a password; and any highly sensitive material would also secured with a document password. Backups are done offsite, doubly encrypted. That makes store data on my computer significantly more secure than storing it in a filing cabinet, or even a safe.)

Matthew C Jones said:

But what if a court subpoenas your computer?

That's obviously an issue that matters more in the US than it does here in the UK. In Scotland (which actually has a different legal system than that of England), if I am asked to produce documentation for a court proceeding, I can refuse on the grounds of pastoral confidentiality. To have any chance of getting its hands on my material, the prosecution in a criminal case would have to prove in advance that I had something which was material, say to a crime of murder or theft, to the proceedings, before a court would even try to insist. It's a defence that has always been accepted in the past, as with the Roman Catholic confessional. In a civil case it wouldn't even get that far. In Scotland, say in a divorce case, I am free to refuse to testify if I choose. Being a witness in a civil case is entirely voluntary. I have in the past refused to testify and that was that!

What I think this little example points out is just how fraught international business is and how careful Logos has to be in trusting to its EULAs. (Microsoft was fined eye-watering amounts by the EU for infringing EU anti-competition law. And though it fought it to the bitter end, Microsoft lost and had to cough up and comply, or stop selling in the EU.) When Logos used resellers in the UK, first Hodder & Stoughton and then Sunrise Software, the resellers were responsible for ensuring that they operated within EU and UK law. Since Logos now sells directly online into the EU, then they have to take responsibility for that. There are subtle and not-so-subtle differences. The relatively common language and culture that we share disguises important differences under law.

I just wouldn't use Logos 4 to hold that kind of information. I wouldn't put pastoral stuff on it, simply because I respect my people's confidentiality. I don't even write it down. My memory is such that I just lift "Jeannie Smith" and her situation before the Lord and I trust Him to know the details that I know – and much more! What my folks have told me, will die with me!

Rosie Perera said:

Graham Owen said:

Russ White said:

Find a real reason creating such a feature would cost Logos money, explain it, and given an example.

I think that the real reason that Logos created the feature was to avoid the cost of helping users synchronise their files between two or more systems. This was always a challenge in Logos 3 especially for users who actively use two systems and never knew which if any version of a user file was the master.

I think even more of a support cost for them was the much larger number of users who had only one computer and couldn't figure out the arcane unlock mechanism for buying books that were already on a CD they owned but which they didn't have access to. The move to L4's new system of having purchases all occur over the Internet was designed to simplify things for the users and cut down on support calls

In the context of the original issues that synchronising was designed to address I think that everyone would agree it has simplified the way that we manage Logos and is a general improvement. I think that the issue is that it has also introduced a new type of complexity because the act of storing data to synchronise it has created a 'backup' of our data (as well as our licenses) on a central server. I'm pretty sure that Bob will not want to introduce a mechanism that will allow us to control what files are synchronised on an individual file level as that will not be consistent with the design goal for Logos 4 to reduce configuration options as a way to drive down support calls.

Mark Barnes said:

It would be relatively simple to introduce a 'private' tick-box that we could place on individual note fields if Logos wished to do so, or indeed to switch syncing off all together. Again, I have no need for such a feature.

Hi Mark

I agree that it would be easy to program but I'm pretty sure that a mechanism like this will be seen as costly to support because it will generate calls about why certain files are not on my other system, etc. A major principle in the design of Logos 4 is that it is easier to support than Logos 3 a technical reality for the users of this decision is that we inevitably have fewer configuration choices.

tom collinge said:

Russ White said:

P.S. It frightens me that a group of people should be so unaware of the privacy and security implications of their actions, and even actively support losing their privacy

Hi Russ,

It sounds like to me that you have the same privacy concerns that I have.  I recommend that you, if you live in the U.S., contact your senators and/or your congressperson of your privacy concerns (not just with Logos, but with your personal data being stored out in 'cloud' in general).  I also recommend that you also contact privacy activist groups like EPIC (Electronic Privacy Information Center).  We are not going to change the privacy laws in the U.S. if our leaders do not know how we feel about the issue.

The forums are for discussing Logos, I don't think Congress cares about that issue (cloud synching.) Are we going to start posting URLs for our representatives next?

The greatest Constitutional mind of the 20th Century is Robert Bork. He was right to say privacy rights are NOT enumerated in the US Constitution. The US 9th Circuit Court of Appeals agreed when they allowed the FBI to hack a 15 yr old's computer to catch him making bomb threats.

Logos synching with the Cloud is not a new threat to your privacy. Pandora's box was opened years ago. Your private details are all over the web. Ever bought from Am@zon? They use a half-dozen database mirrors located around the world. Mainland China hosts one of their server farms. The US Govt. secured 100,000 blank, reusable, re-assignable, domestic wiretap warrants to fight "terrorism." Are there really 100,000 terrorists out there? Recently millions of credit card numbers were stolen in one breach.  Madison Avenue hs been collecting your purchasing data for decades. Your new cable TV boxes can report back what you watch and what commericials you skip. It's a little late to start worrying, if you haven't already been wary. Logos 4 is the least of your worries.

When Lady Godiva rode the horse through town nude, she gave up her rights to privacy! So did the Emperor when he donned his new clothes.
(If I were the Feds in charge of watching you, I would use the "privacy tick" box (the one you are demanding Logos add) to help find the data I should watch closer.) [:|]

Thank you Bob, for such a reasoned and gracious reply. I'm with you 100%.

Bob Pritchett said:

This PCI Security Standard is an obligation of large merchants who charge credit cards. (See https://www.pcisecuritystandards.org/) PCI compliance has required us to implement name badges, visitor logs, run background checks on certain employees, implement two-factor authentication for certain systems, and to physically and digitally reconfigure our networks. It took us a year to comply, and we get audited.

Bob I hear you, working in the software business where our end-users run their businesses and take crdit card have also just received our PCI compliancy and are rolling our software to all of these sites. It's taken a tremendous amount of work to get there. Thanks for the information on that point and I am glad not to share my credit card info [:P].

I use my prayer list but I can make it cryptic enough so no one knows who it is that I am referring to, but if it's highly sensitive then I would store it else where. It is not unreasonable to do that. I'd rather Logos focus on their strengths and that is providing a powerhouse of a sermon prep and Bible study tool. That's why I invested with Logos and am a promotor of Logos.

Bob Pritchett said:

The world is moving to cloud-based web services over installed desktop apps.

I will admit that I was hesitant about the cloud-based app, and I see where it is becoming more and more prominent. I may not be a full proponent of it yet, but my feelings on it are much better than in the beginning. I still like having the off-line capabilities and I don't see that going away anytime soon as there are places that I do not have net services and I use Logos regularly.

Thank you again for your comments on this issue, as usual your Christian response is greatly appreciated.

God Bless.

Jim Towler said:

I feel disapointed in this direction, but for now, will attempt to obtain value from what I have already spent on the resources.

Jim, How about just using Logos for study and getting some more secure small program to keep your sensitive content "for your eyes only?" It would be a shame to shelve the seacrh engine Logos has developed. OneNote can fill the niche.