“Are you looking to gain control of your company’s digital information?

“Or maybe your sanity?

“Well, you’re in luck because now you can get ‘Friendly’ advice from a professional who’s truly passionate about helping you manage your data — Dr. Harold Twain Weck. That’s right, John Cleese is at it again as Dr. Twain Weck to give you friendly advice on your most critical digital information protection and storage challenges.”

This week’s InfoWorld GripeLine addresses the lack of warranties from online backup providers. A careful consumer went out to compare the license agreements from several services, including Mozy, which I’ve been using for a while, and Iron Mountain, which now owns LiveVault of the John Cleese Backup Trauma Institute videos.

The results of this investigation prompted a long letter to GripeLine and a column by Ed Foster. So what do these license agreements say?

All five [services] disclaimed the warranty of merchantability, fitness for purpose, and all damages beyond price paid. All disavowed that the product had to actually function at all except Iron Mountain, which in its warranty promises to at least try to fix bugs, and only Iron Mountain doesn’t say the product is sold ‘as is.’ Mozy, Iron Mountain, and SOS disavow damages even for negligence on their part. SOS and Xdrive disclaim responsibility for making sure their product is virus-free, and SOS also refuses to be responsible for any duty of good faith or reasonable care.

Naturally, the InfoWorld reader was a bit hot and bothered about this. While most companies of any kind disclaim as many kinds of responsibility and liability as their lawyers can think of, somehow it hurts more when the company’s job is protecting your data. Many people think of backups as a kind of insurance, there to save you in case of emergency.

Of course, anyone who’s ever had to file an insurance claim knows just how much turns out not to be covered and how long it can take to get the money—which will not necessarily put things back the way they were. My auto insurance company paid up very promptly after the accident last fall, and even gave me more than I thought the car was worth—but nowhere in my policy did it promise that I’ll be able to find the same car with the same mileage and a clean title for that money. And auto insurance costs a lot more than most online backup services.

Never mind the fact that there are lawyers whose job it is to investigate claims and tell insurance companies whether they really have to pay.

What’s more, if you look at offline backups, the warranties aren’t much better. If you buy an external hard drive, the manufacturer’s liability is limited to replacing the drive if the hardware fails within the warranty period—anywhere from six months to three years. After that, you can’t even get the data-free new drive you’d get if it crashes sooner rather than later. Data recovery is your own problem, and something that you have to undertake at your own expense.

If you back up onto CD and the CD rots, the best you’re going to be able to get is a blank CD to replace it. If you scratch the CD yourself, forget it. And if the CD gets damaged because your optical drive malfunctions, then you either get a new drive and a blank CD, if your machine is still under warranty, or you have to take the machine to a shop and pay for any repairs yourself.

As for backup software, here’s what the license agreement for Symantec Ghost says:

Symantec warrants that the media on which the Software is distributed will be free from defects for a period of thirty (30) days from the date of delivery of the Software to You. Your sole remedy in the event of a breach of this warranty will be that Symantec will, at its option, replace any defective media returned to Symantec within the warranty period or refund the money You paid for the Software. Symantec does not warrant that the Software will meet Your requirements or that operation of the Software will be uninterrupted or that the Software will be error-free.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL SYMANTEC BE LIABLE TO YOU FOR ANY SPECIAL, CONSEQUENTIAL, INDIRECT, OR SIMILAR DAMAGES, INCLUDING ANY LOST PROFITS OR LOST DATA ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE EVEN IF SYMANTEC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN NO CASE SHALL SYMANTEC’S LIABILITY EXCEED THE PURCHASE PRICE FOR THE SOFTWARE. The disclaimers and limitations set forth above will apply regardless of whether or not You accept the Software.

That sort of policy certainly isn’t going to encourage online backup providers to offer customers anything better. Only if one company starts providing a guarantee and steals everyone else’s business by doing so will anything change. And in order to steal anyone else’s business, they’ll have to advertise their guarantee prominently, because almost no one bothers to read license agreements. Why should we, when all they tell us is that the other party refuses to be liable for any problems?

The moral of the story is that your data is your responsibility. And if that data is important to you for either business or personal reasons, you’d better make multiple copies of it and store them in different locations. It’s not very likely that all of your backup systems will fail at once (as long as the data you’re backing up isn’t corrupted in some way). Do your best to minimize your risks, but recognize that in backups, as in life, there really are no guarantees.

Last week Faithful Reader Mike Van Horn suggested that since the real purpose of backup, and therefore this newsletter, is protecting data, I should talk about protecting data in other ways, specifically the issue of securing computers against theft.

Unfortunately, I know nothing at all about this subject, apart from the fact that when the Ur-Guru needs to leave his laptop in a hotel room, he puts it in his unbreakable Samsonite suitcase and then uses a cable with a combination lock and alarm to secure said suitcase to a large piece of furniture, like a bed.

I’ve owned and traveled with laptops since 1994 and never had one stolen, possibly because I don’t let them out of my sight (or, usually, grasp) unless locked in the trunk of the car. Mostly, though, I think I’ve been lucky. Actually, I know I’ve been lucky, as on a couple of occasions I’ve managed to leave the house unlocked when I went out, but came home to find all my possessions where I left them.

Iron Mountain hasn’t been so lucky: they just lost more backup tapes. Just because the storage giant acquired LiveVault and its Continuous Data Protection technology doesn’t mean all its data-storage customers have switched from tape-based to disk-based backup. But I’ve talked about the vulnerability of tapes in trucks before (in the March 4, 2005 backup reminder), and nothing much has changed on that front, so I won’t repeat myself here.

Instead I’ll replay my generally-uneducated answer to the theft question and then ask readers for their input.

Mike’s Question:

“I’ve done a few Google searches on security kits for computers. I’m surprised at the paucity of good solutions. Laptops have cable locks with flimsy connections to the computer that I’ve been told can easily be broken off. With larger computers, you can encase them in metal, like Robocop, or else super glue a D-ring onto the case, to which you can attach a cable and lock. Why aren’t computers designed with a better security connection?”

My Answer:

“I don’t know whether people prefer to have insurance, or what. Some people have systems with removable drives, so they can take their data home at night. (Complete computer towers and servers are bulkier to shift than laptops.) Of course, data centers have security guards at the doors and keep the machines in wire cages, with nothing but dumb terminals out in the open.

“The less accessible your machine is for thieves, the less accessible it is for you or your IT repair staff. Most modern tower machines can be opened with a simple latch pull, and unhooking the drive and the various boards is a trivial effort. That makes taking the whole tower away rather beside the point, particularly if it’s your business data they’re after and not just salable parts–though they can still realize a substantial profit on anything they rebuild from the components they take from you.

“I think protecting your computers is a bit like protecting your car. A garage that thieves can’t get into is going to do you a lot more good than a car alarm.”

One thing I didn’t think of at the time is that there’s a difference between protecting your data and protecting your hardware. Good encryption can protect your data from all but the most skilled hackers even if all your hardware gets hauled off in a truck. (Without off-site backups, though, you may not have any more access to your data than the thieves do.) But encryption, like locks and steel cages, makes working with the data yourself more trouble. This is part of why most of us only encrypt a few files at best. I password-protect my Quicken files and the PDFs of my tax returns, as well as invoices and contracts. I also password-protect sensitive client data, and my own collection of passwords. But anyone stealing my computer or my XHD would still get some pretty comprehensive information about me.

Mike asked what I’d heard from other readers on the subject of protecting computers against theft. Nothing, so far—but I’m hoping that will change. Any of you with experience in this area, please send your recommendations to sallie@fileslinger.com or post them here on the blog (click the little link below that says “comments”).

See you next week with more backup news!