… is Now available
This layer, developed by Sunlight Labs, allows people to visualize stimulus package contributions through an augmented reality application on any iPhone and Android.
Saqib Ali 2700018529 1,277 Views
Saqib Ali 2700018529 1,199 Views
David Navetta, Esq. CIPP, has published an interesting blog post on the topic of Legal Implications of Cloud Computing.
Mr. Navetta emphasize the need to understand the increasingly complex and interlocking relationships in the Cloud:
The blog post also highlights the need for proper data retention and destruction policies.
My thoughts on Legal Obligation to Delete:
Internet has created a world where "absolute destruction" of data is not easy to achieve. Even when the services are hosted in-house, this type of data destruction is not possible. There could be replicas, backups, off-site backups, DR backups, user created offline replicas, user archives and even printed copies.
I think what is a more achievable is delete in context. Data that loses its context, loses its meaning and is not of much use. So going back to Cloud Services, when I delete an email from my SaaS powered Inbox, the SaaS provider may still have some residual "Sharded" copies of the data. But these residual copies have completely lost their context. And as you traverse down the layers of Cloud Service aggregators (Saas –> PaaS –> IaaS), this residual data becomes more and more meaningless. Re-animating an email from this sharded residual data would be like trying to re-construct a needle by searching for its pieces in a haystack! :-)
Saqib Ali 2700018529 1,296 Views
A constitutional right granted in many Latin American countries is "Habeas Data" i.e. the right to own your data. Habeas Data can be brought up by any citizen against any manual or automated data register to find out what information is held about his or her person. That person can request the rectification, actualization or even the "destruction" of the personal data held.
Can a writ of Habeas Data be issued to a Foreign Entity?
Any volitional disclosure of PII to a entity that is not under the jurisdiction of the said Country would not be covered by this (IMO). Besides, how would you obtain a writ of Habeas Data for an entity that is outside of the jurisdiction of issuing authority?
Please share your thoughts on this as comments below:
Saqib Ali 2700018529 1,015 Views
For limited time only :
Sign up here
Saqib Ali 2700018529 1,950 Views
Read more .. ..
† Safe Harbor Act also known as the European Union Data Protection Directive
Saqib Ali 2700018529 1,285 Views
Saqib Ali 2700018529 1,490 Views
… well at least about the proper translation of the term "Cloud Computing" to French:
Saqib Ali 2700018529 1,689 Views
Last year Dr. Helen Nissenbaum of NYU gave an extremely interesting, engaging and stimulating lecture entitled "Privacy in Context" at UC Berkeley.
The audio recording of the lecture is available @
Following are some of the notes I took from the lecture.
Socio-technical systems: It is not just the technology that causes privacy issues. It is the technology embedded in the social system. e.g. RFID implanted into humans or RFID enabled passports.
Three classifications of socio-technical system:
Controversial vs non-controversial socio-technical systems. Medical devices in use at hospitals are non-controversial and maybe beneficial. However, using information electronic toll collection on freeways to track someone's movement is controversial.
Traditional approaches to privacy:
These approaches are limited and do not work.
Dr. Nissenbaum's proposed approach: Contextual Integrity. Based on privacy as a human/moral right.
Context relative information flow norms: In a context the flow of information (particular attribute) about a subject from a sender to a recipient is governed by a particular transmission principle. Context (circumstance), attributes (information about the subject), actors (subject (information owner), sender and receiver) and transmission principles are the key parameters. All these parameters must be taken into account when performing a analysis of the information flow. Google street map argument fails because it only takes one principle i.e. attributes (streets are public) into account and ignores the other key principle i.e. the context (distributing it over the web and making it widely available).
Fiduciary transmission principle: You trust someone with private information about yourself under the assumption that your private information will be used to benefit you and not harm you.
Privacy is not secrecy but rather appropriate flow of information.
What is privacy?
Saqib Ali 2700018529 1,547 Views
Vendor lock-in is an issue with any data storage system - in the cloud or hosted in-house. We need to look into and investigate the tools that the vendor provides to extract the data out of the system.
From what I seen (and experimented with), Google provides excellent set of APIs to access the data stored in Google's Cloud. And Google is always working on to improve the APIs. Google usually first adds functions to the API, and then introduces them in the UI. Compare this to other software vendors, who usually introduce the new functions in the UI and then at a later time provide API access to those functions - if it all.
I currently use both Google Docs and Windows Live Workspace to store my personal / school related stuff. I use both of these because they both have their benefits. Windows Live Workspace provides complete integration with Office 2007, whereas Google Docs provide editing capabilities in a Web browser. Recently I have been thinking of writing an application that will synchronize the content of both of these repositories. Google provides APIs that make this task easy from Google's side, but there are no Windows Live Workspace APIs, so I have to devise a workaround to get documents into the Windows Live Workspace.
No amount of precautions can avoid problems that we do not yet foresee. We need to find solutions to the problems, not just avoid them. An ounce of prevention equals a pound of cure, but that's only if we know what to "prevent". We should be looking into ways to reduce the security and privacy risks associated with Cloud Computing and improve data-portability- efficiently and cheaply.
Oh btw, also check out Data Liberation Front