Tanya L. Forsheit, Esq., CIPP writes about the EU Data Protection Directive and Cloud Computing:
The most notable thing about the EU Directive and member state laws for purposes of cloud computing is this -- in the absence of specific compliance mechanisms, the EU prohibits (yes, you read correctly, prohibits) the transfer of personal information of EU residents out of the EU to the US and the vast majority of countries around the world.
What does this mean for cloud computing? If you want to put data in the cloud that includes personal information of EU residents (and that might be something as simple as an email address or employment information), and the data will flow from the EU to almost anywhere in the world, you cannot simple throw the data in the cloud and hope for the best. You need to have, at a minimum, one or more of the following:
- International Safe Harbor† Certification (which allows data transfer from the EU to the US, but not from the EU to other countries);
- model contracts (which allow data transfer from the EU to non-US countries, but do not always work well with multi-tiered vendor relationships); or
- Binding Corporate Rules (which are designed for a multinational company and therefore may not function well for cloud provider relationships).
Read more .. ..
† Safe Harbor Act also known as the European Union Data Protection Directive
- The act prohibits the transfer of personal data to non-European Union nations that do not meet the European "adequacy" standard for privacy protection.
- US based companies should try to obtain Safe Harbor Certifications
- Slightly higher standard than California Privacy Laws. Somewhere between EU and US
- Requires you to do the work up-front. 6 months - 1 year of work required. Annual re-certification required
- Attaining Safe Harbor certification elevates reputation of the company
The following is one of those pestiferous and nettlesome Facebook quizzes. But this one is designed by the A.C.L.U. to show you how much private information you reveal by taking them:
What Do Quizzes Really Know About You? on Facebook
Ever take one of those Facebook quizzes to find out which superhero most resembles your dog, or have a friend who seems to spend most of their life doing so? Then you might be in for a surprise when you take this quiz and learn just how much of your personal information these quizzes can access.
Even if your Facebook profile is "private," when you take a quiz, an unknown quiz developer could be accessing almost everything in your profile: your religion, sexual orientation, political affiliation, pictures, and groups. Facebook quizzes also have access to most of the info on your friends' profiles. This means that if your friend takes a quiz, they could be giving away your personal information too.
But don't take our word for it - take this quiz and see for yourself!
Nice cheat sheets for creating accessible documents:
For finding web accessibility issues use WAVE:
I ran the WAVE accessibility checker on my website
, and found few issues, which I fixed promptly :)
A federal appeals court says employees are not liable for damages under anti-hacking laws for accessing their employers’ computers for disloyal purposes.
The 9th U.S. Circuit Court of Appeals ruled that workers authorized to access company computers do not lose or exceed that access under the Computer Fraud and Abuse Act (CFAA) even if their intent was to acquire data to open a competing business (.pdf). CFAA is the "root" law that criminalizes an attack on any computer connected to the internet.
There is no language in the 1984 anti-hacking statute, the San Francisco-based appeals court said Wednesday, supporting the “argument that authorization to use a computer ceases when an employee resolves to use the computer contrary to the employer’s interests.”
Lew Tucker (CTO, Sun Microsystems): Cloud computing is not so much a definition of a single term as a trend in service delivery. It's the movement of application services onto the Internet and the increased use of the Internet to access a variety of services traditionally originating from within a company's data center.
Werner Vogels (CTO, Amazon): If you run your services inside the company, privately, utilization becomes an issue. It amortizes your costs over a number of cycles. If you run services outside, on a public service, it is no longer an issue for you.
Greg Olsen (CTO, Coghead): Cloud computing presents a compelling opportunity for consumers of information technology and producers of information services.
Read more .. ..
Following are some of the notes I took from the lecture.
Socio-technical systems: It is not just the technology that causes privacy issues. It is the technology embedded in the social system. e.g. RFID implanted into humans or RFID enabled passports.
Three classifications of socio-technical system:
- Tracking and monitoring systems e.g. Web browser cookies.
- Systems that aggregate and analyze - Choicepoint, Amazon's personalized recommendation system.
- Systems that broadcast, disperse, distribute, propagate, publicize and disseminate information. - e.g. making court records, which are public, available online. In this case the web is technical system that disseminate the court records.
Controversial vs non-controversial socio-technical systems. Medical devices in use at hospitals are non-controversial and maybe beneficial. However, using information electronic toll collection on freeways to track someone's movement is controversial.
Traditional approaches to privacy:
- Private / Public duality (dichotomy). This is an oversimplified approach. It may be argued that what is public maybe disseminated by any medium. e.g. Google's street view, license plate recognition is not a privacy breach as both streets and license plates are public in nature. Private / Public dichotomy maybe good in political philosophy, but it is problematic in privacy realm.
- The measure of respect for privacy is the control of information by the subject. i.e. the subject has control over what gets revealed and what does not.
- Lobbying for what is constitutes as a privacy breach and what doesn't. Especially problematic if the privacy is considered a preference rather then a moral right.
- Privacy vs. other values (e.g. security).
These approaches are limited and do not work.
Dr. Nissenbaum's proposed approach: Contextual Integrity. Based on privacy as a human/moral right.
Contextual Integrity is a measure of how closely the flow of personal information conforms to context relative information norms. Contextual integrity is breached when these norms are violated and is respected when these norms are enforced.
Context relative information flow norms: In a context the flow of information (particular attribute) about a subject from a sender to a recipient is governed by a particular transmission principle. Context (circumstance), attributes (information about the subject), actors (subject (information owner), sender and receiver) and transmission principles are the key parameters. All these parameters must be taken into account when performing a analysis of the information flow. Google street map argument fails because it only takes one principle i.e. attributes (streets are public) into account and ignores the other key principle i.e. the context (distributing it over the web and making it widely available).
Fiduciary transmission principle: You trust someone with private information about yourself under the assumption that your private information will be used to benefit you and not harm you.
Privacy is not secrecy but rather appropriate flow of information.
What is privacy?
- "Privacy is the right to control information about and access to oneself." – Regan, P. M. (1995). Legislating Privacy: Technology, Social Values, and Public Policy. University of North Carolina Press.
- "Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves." – Fried, C. (1984). Privacy (a moral analysis). In F. D. Schoeman, Philosophical Dimensions of Privacy (pp. 203-222). Cambridge University Press
- "Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. .....privacy is the voluntary and temporary withdrawal of a person from the general society through physical or psychological means, either in a state of solitude or small-group intimacy or, when among larger groups, in a condition of anonymity or reserve." – Alan F. Westin, Privacy and Freedom (New York, NY: Atheneum, 1967).
- “A loss of privacy occurs as others obtain information about an individual, pay attention to him, or gain access to him. These three elements of secrecy, anonymity, and solitude are distinct and independent, but interrelated, and the complex concept of privacy is richer than any definition centered around only one of them.” – Gavison, R. (1984). Privacy and the Limits of Law. In F. D. Schoeman, Philosophical Dimensions of Privacy (pp. 346-404). Cambridge University Press.
- "Privacy is a limitation of others’ access to an individual through information, attention, or physical proximity." – Ruth Gavison
- Common Law Right to Privacy (as defined by Samuel Warren and Louis Brandeis, 1890): An individual’s right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others.
Speeches from the Enterprise 2.0 Conference in SF are available on [E2 TV]. I posted some interesting tweets from the conference attendees earlier, here are some more:
- When people talk about “breaking down” silos they add fuel to the fire that E20 is a crock. Silos collaborate they don't break down. (@mikojava)
- Change agents have always existed, 2.0 tech brings agents together (@nitinbadjatia)
- Knowledge Management used to be a dusty destination, ent 2.0 allows it to be dynamic and responsive to individual requests (@paulmirvine)
- @CarolineDangson: E2.0 should perhaps be considered more like digital dna, the knowledge backbone of an organization (@paulmirvine)
- Start behind the firewall, open to all employees, educate rather than prohibit, trust is returned (@dcoleman100)
- Clara Shih: people are using FB and Twitter so their friends can serve as social filters for content. (@cjnash)
- @nenshad: “Marketing creates the brand, Support keeps the brand alive.” (@JuliaMak)
- Luxury hotel implemented Six Sigma and eliminated it because it didn’t allow them to overdeliver on Customer Service (@uwehook)
- E2.0 culture change: “Imagine if a store with low sales accused their customers of “resistance”!” (@timoelliott)
- Adoption is not a matter of resistance. If your store that wasn’t being trafficked, would you blame resistance?(@marciamarcia)
- “When you grow up on the internet, client-server looks like green screen today.” (@nenshad)
- Nike talks about “lessons shared”, rather than “lessons learned”. (@lehaweslive)
- @rotkapchen: Why do so many people use the term “enterprise-wide” then? Why not “enterprise-deep”? (@richardveryard)
- @rotkapchen: The first sign that someone has absolutely no clue about E2.0…when they keep referring to “users”. (@ekolsky)
- @marciamarcia: If culture eats strategy for breakfast, how do you feed culture? (@ajeanne)
- Innovation occurs at the intersection of contextually disparate concepts brought together creatively and with an open mind(@paulguyandersen)
The following three-part presentation explores why merely implementing a wiki style knowledge management system, such as Sharepoint or Confluence does not work for an enterprise, and why social software, like Lotus Connections are required to create a collaborative culture in an enterprise.
People at the Center
Clay Shirky once made the following observation:
"Every time social software improves, it is followed by changes in the way groups work and socialize. One consistently surprising aspect of social software is that it is impossible to predict in advance all of the social dynamics it will create.”
If your organization currently uses Lotus Connections, and you have stumbled upon some new (unexpected) social dynamics with the use of the software, please share them here.
Modified on by Saqib Ali