David Navetta, Esq. CIPP, has published an interesting blog post on the topic of Legal Implications of Cloud Computing.
Mr. Navetta emphasize the need to understand the increasingly complex and interlocking relationships in the Cloud:
The party with whom a company is dealing will often not be the party actually processing data or providing computing services. This poses compliance challenges (e.g. how to perform/show due diligence) and contracting challenges (e.g. how to obtain/enforce contractual rights / remedies when one or two layers removed from the company actually doing the processing).
The blog post also highlights the need for proper data retention and destruction policies.
What if the SaaS provider is working on a Cloud Platform that creates residual copies of data that the Cloud User has a legal obligation to delete? What if the SaaS provider works with a Cloud Platform that does not have the technology or capability to properly wipe data? Even if the Cloud Platform has these capabilities, what if the SaaS provider has not negotiated for the right to obtain these services?
My thoughts on Legal Obligation to Delete:
Internet has created a world where "absolute destruction" of data is not easy to achieve. Even when the services are hosted in-house, this type of data destruction is not possible. There could be replicas, backups, off-site backups, DR backups, user created offline replicas, user archives and even printed copies.
I think what is a more achievable is delete in context. Data that loses its context, loses its meaning and is not of much use. So going back to Cloud Services, when I delete an email from my SaaS powered Inbox, the SaaS provider may still have some residual "Sharded" copies of the data. But these residual copies have completely lost their context. And as you traverse down the layers of Cloud Service aggregators (Saas –> PaaS –> IaaS), this residual data becomes more and more meaningless. Re-animating an email from this sharded residual data would be like trying to re-construct a needle by searching for its pieces in a haystack! :-)
… well at least about the proper translation of the term "Cloud Computing" to French:
A group of French experts had spent 18 months coming up with "informatique en nuage," which literally means "computing in cloud."
"What? This means nothing to me. I put a 'cloud' of milk in my tea!" exclaimed Jean Saint-Geours, a French writer and member of the Terminology Commission.
"Send it back and start again," ordered Etienne Guyon, a physics professor on the commission.
The problem was the word "cloud." In French, to be "dans les nuages" – or in the clouds – is a common expression meaning to be distracted.
"I think we can survive without the term 'cloud computing,'" said physics expert Mr. Guyon, slamming his hand on the table.
… is Now available
This layer, developed by Sunlight Labs, allows people to visualize stimulus package contributions through an augmented reality application on any iPhone and Android.
A constitutional right granted in many Latin American countries is "Habeas Data" i.e. the right to own your data. Habeas Data can be brought up by any citizen against any manual or automated data register to find out what information is held about his or her person. That person can request the rectification, actualization or even the "destruction" of the personal data held.
Can a writ of Habeas Data be issued to a Foreign Entity?
Any volitional disclosure of PII to a entity that is not under the jurisdiction of the said Country would not be covered by this (IMO). Besides, how would you obtain a writ of Habeas Data for an entity that is outside of the jurisdiction of issuing authority?
Please share your thoughts on this as comments below:
For limited time only :
Sign up here
Tanya L. Forsheit, Esq., CIPP writes about the EU Data Protection Directive and Cloud Computing:
The most notable thing about the EU Directive and member state laws for purposes of cloud computing is this -- in the absence of specific compliance mechanisms, the EU prohibits (yes, you read correctly, prohibits) the transfer of personal information of EU residents out of the EU to the US and the vast majority of countries around the world.
What does this mean for cloud computing? If you want to put data in the cloud that includes personal information of EU residents (and that might be something as simple as an email address or employment information), and the data will flow from the EU to almost anywhere in the world, you cannot simple throw the data in the cloud and hope for the best. You need to have, at a minimum, one or more of the following:
- International Safe Harbor† Certification (which allows data transfer from the EU to the US, but not from the EU to other countries);
- model contracts (which allow data transfer from the EU to non-US countries, but do not always work well with multi-tiered vendor relationships); or
- Binding Corporate Rules (which are designed for a multinational company and therefore may not function well for cloud provider relationships).
Read more .. ..
† Safe Harbor Act also known as the European Union Data Protection Directive
- The act prohibits the transfer of personal data to non-European Union nations that do not meet the European "adequacy" standard for privacy protection.
- US based companies should try to obtain Safe Harbor Certifications
- Slightly higher standard than California Privacy Laws. Somewhere between EU and US
- Requires you to do the work up-front. 6 months - 1 year of work required. Annual re-certification required
- Attaining Safe Harbor certification elevates reputation of the company
You must love your [SaaS] vendor. You must trust your [SaaS] vendor. You must have your [SaaS] vendor's cell, home and wife's cell phone number. Your [SaaS] vendor is your lifeline. Do your research, make sure your cloud computing vendor has been in business for a long time, and with reasonable certainty, will continue to be in business for a long time. If a bank can go under, so can a cloud computing company. Maybe the answer is to use several different clouds. Don't put all of your documents into one cloud. Diversify. It's a tough economy out there, and at any given time, any company could be trudging up the bankruptcy court steps. The best you can do is to protect yourself as best you can.
Following are some of the notes I took from the lecture.
Socio-technical systems: It is not just the technology that causes privacy issues. It is the technology embedded in the social system. e.g. RFID implanted into humans or RFID enabled passports.
Three classifications of socio-technical system:
- Tracking and monitoring systems e.g. Web browser cookies.
- Systems that aggregate and analyze - Choicepoint, Amazon's personalized recommendation system.
- Systems that broadcast, disperse, distribute, propagate, publicize and disseminate information. - e.g. making court records, which are public, available online. In this case the web is technical system that disseminate the court records.
Controversial vs non-controversial socio-technical systems. Medical devices in use at hospitals are non-controversial and maybe beneficial. However, using information electronic toll collection on freeways to track someone's movement is controversial.
Traditional approaches to privacy:
- Private / Public duality (dichotomy). This is an oversimplified approach. It may be argued that what is public maybe disseminated by any medium. e.g. Google's street view, license plate recognition is not a privacy breach as both streets and license plates are public in nature. Private / Public dichotomy maybe good in political philosophy, but it is problematic in privacy realm.
- The measure of respect for privacy is the control of information by the subject. i.e. the subject has control over what gets revealed and what does not.
- Lobbying for what is constitutes as a privacy breach and what doesn't. Especially problematic if the privacy is considered a preference rather then a moral right.
- Privacy vs. other values (e.g. security).
These approaches are limited and do not work.
Dr. Nissenbaum's proposed approach: Contextual Integrity. Based on privacy as a human/moral right.
Contextual Integrity is a measure of how closely the flow of personal information conforms to context relative information norms. Contextual integrity is breached when these norms are violated and is respected when these norms are enforced.
Context relative information flow norms: In a context the flow of information (particular attribute) about a subject from a sender to a recipient is governed by a particular transmission principle. Context (circumstance), attributes (information about the subject), actors (subject (information owner), sender and receiver) and transmission principles are the key parameters. All these parameters must be taken into account when performing a analysis of the information flow. Google street map argument fails because it only takes one principle i.e. attributes (streets are public) into account and ignores the other key principle i.e. the context (distributing it over the web and making it widely available).
Fiduciary transmission principle: You trust someone with private information about yourself under the assumption that your private information will be used to benefit you and not harm you.
Privacy is not secrecy but rather appropriate flow of information.
What is privacy?
- "Privacy is the right to control information about and access to oneself." – Regan, P. M. (1995). Legislating Privacy: Technology, Social Values, and Public Policy. University of North Carolina Press.
- "Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves." – Fried, C. (1984). Privacy (a moral analysis). In F. D. Schoeman, Philosophical Dimensions of Privacy (pp. 203-222). Cambridge University Press
- "Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. .....privacy is the voluntary and temporary withdrawal of a person from the general society through physical or psychological means, either in a state of solitude or small-group intimacy or, when among larger groups, in a condition of anonymity or reserve." – Alan F. Westin, Privacy and Freedom (New York, NY: Atheneum, 1967).
- “A loss of privacy occurs as others obtain information about an individual, pay attention to him, or gain access to him. These three elements of secrecy, anonymity, and solitude are distinct and independent, but interrelated, and the complex concept of privacy is richer than any definition centered around only one of them.” – Gavison, R. (1984). Privacy and the Limits of Law. In F. D. Schoeman, Philosophical Dimensions of Privacy (pp. 346-404). Cambridge University Press.
- "Privacy is a limitation of others’ access to an individual through information, attention, or physical proximity." – Ruth Gavison
- Common Law Right to Privacy (as defined by Samuel Warren and Louis Brandeis, 1890): An individual’s right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others.
Vendor lock-in is an issue with any data storage system - in the cloud or hosted in-house. We need to look into and investigate the tools that the vendor provides to extract the data out of the system.
From what I seen (and experimented with), Google provides excellent set of APIs to access the data stored in Google's Cloud. And Google is always working on to improve the APIs. Google usually first adds functions to the API, and then introduces them in the UI. Compare this to other software vendors, who usually introduce the new functions in the UI and then at a later time provide API access to those functions - if it all.
I currently use both Google Docs and Windows Live Workspace to store my personal / school related stuff. I use both of these because they both have their benefits. Windows Live Workspace provides complete integration with Office 2007, whereas Google Docs provide editing capabilities in a Web browser. Recently I have been thinking of writing an application that will synchronize the content of both of these repositories. Google provides APIs that make this task easy from Google's side, but there are no Windows Live Workspace APIs, so I have to devise a workaround to get documents into the Windows Live Workspace.
No amount of precautions can avoid problems that we do not yet foresee. We need to find solutions to the problems, not just avoid them. An ounce of prevention equals a pound of cure, but that's only if we know what to "prevent". We should be looking into ways to reduce the security and privacy risks associated with Cloud Computing and improve data-portability- efficiently and cheaply.
With problems that we are not aware of yet, the ability to put right - not the sheer good luck of avoiding indefinitely - is our only hope, not just of solving problems, but of making progress. - Physicist David Deutsch
Oh btw, also check out Data Liberation Front