Will the government get serious on cloud security, data privacy?

When the federal government finally does undertake the task of legislating around cloud computing, it seems very likely that security measures and data privacy will drive the ship. On Tuesday the TechAmerica Foundation’s CLOUD2 commission announced a data- and security-heavy set of recommendations to guide the federal government’s efforts in regulating, adopting and promoting the cloud, following up on a recent Brookings Institution discussion on a proposed Cloud Computing Act that focuses on those two issues. This isn’t surprising, given that these are two areas in which the government can most directly affect the nature of the cloud.

I covered TechAmerica’s CLOUD2 commission when it kicked off in April, highlighting its mission to advise the Obama administration on cloud computing best practices. The commission is comprised of representatives of more than 70 organizations and is spearheaded by Salesforce.com CEO Marc Benioff. Of the 14 recommendations it made today, 8 of them are focused on security and/or data privacy. They call for everything from the creation of an industry-wide security framework to updating the Electronic Communications Privacy Act (also the goal of the Digital Due Process coalition) to leading the charge to open up transnational data flows across cloud infrastructure.

The commission also calls for, among other things, increased data portability among clouds — something Commissioner Kurt Roemer of Citrix told me it would back in April — and for the modernization of our broadband infrastructure to better support cloud services.

Here’s one particularly meaty recommendation from the report summary released today:

Transnational Data Flows – Recommendation 6 (Government/Law Enforcement Access to Data): The U.S. government should demonstrate leadership in identifying and implementing mechanisms for lawful access by law enforcement or government to data stored in the cloud.

Under this recommendation, the Commission suggests three steps to increase clarity around the rules and processes cloud users and providers should follow in an international environment. Without U.S. leadership and cooperative international efforts, the world will face a far more complex legal environment, one that is not conducive to fully leveraging the cloud. The three steps are: (1) modernize legislation (the Electronic Communications Privacy Act) governing law enforcement access to digital information in light of advances in IT; (2) study the impact of the USA PATRIOT Act and similar national security laws in other countries on companies’ ability to deploy cloud in a global marketplace; and (3) have the U.S. government take the lead on entering into active dialogues with other nations on processes for legitimate government access to data stored in the cloud and processes for resolving conflicting laws regarding data.

A fuller version of the report is available here.

The CLOUD2 commission’s recommendations come just more than a month after the Brookings Institution convened a panel to discuss proposed legislation called the Cloud Computing Act of 2011. As I explained at the time, that potentially forthcoming bill will focus on cybersecurity practices and punishments, as well as providing clarity on moving and storing data across international boundaries. The transcript of that panel is available here.

Again, it’s not surprising that much of the talk about how the federal government might get involved with cloud computing focuses on security and privacy. After all, these are areas where it can more easily effect change because it can define policy rather than trying to dictate technological standards. Only the federal government can enact federal security-breach-notification laws like CLOUD2 suggests or rewrite the ECPA to bring the Fourth Amendment up to speed to how and where data is stored in the cloud. The federal government is certainly the only institution in our country that can enter into the international data treaties that both CLOUD2 and the senators proposing the Cloud Computing Act think are necessary.

On topics such as interoperability and uniform security protocols, though, the government likely will have to tread lightly and lead with its checkbook. Although both are laudable goals, they’re probably best left for the companies involved to solve. Cloud computing might be a sea change in the way we access IT, but it’s ultimately not too different from past standardization efforts that were driven by the private sector looking to increase revenues while making consumers’ lives easier. They weren’t always pretty, but it’s probably not the government’s place to decide how clouds will be built or how they’ll work together.

In fact, private-sector efforts around both interoperability and security standards already in place. The Cloud Security Alliance is focused on security, and a new organization called the Open Cloud Initiative launched today to push for interoperability among cloud platforms.

The government does have a mega IT budget, though, and is pushing a cloud-first strategy when it comes to buying new resources. Amazon Web Services, Google and others already have proven willing to bend to the government’s needs in order to get its business, so perhaps it can drive industry standards around interoperability and security by demanding certain levels of both in order to get federal business.

Image courtesy of TechAmerica Foundation

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

window.fbAsyncInit = function() {FB.init({appId: 180650338636285, status: true, cookie: true, xfbml: true});FB.api({method: 'links.getStats',urls: 'http://gigaom.com/cloud/will-the-government-get-serious-on-cloud-security-data-privacy/'},function(response) {jQuery('#react-fb-count-button').html(response[0].commentsbox_count);});FB.Event.subscribe('comment.create', function(response) {var ajaxurl = 'http://gigaom.com/wp-admin/admin-ajax.php?action=new_fb_comment&post_id=';jQuery.get(ajaxurl + 383900);});};var e = document.createElement('script');e.type = 'text/javascript';e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';e.async = true;document.getElementById('fb-root').appendChild(e);

var _comscore = _comscore || []; _comscore.push({ c1: "2", c2: "6036014" }); (function() { var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true; s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js"; el.parentNode.insertBefore(s, el); })();

Click to log in with: Not you? Remember me Submitting comment...
;(function($){$.fn.trackClick = function(){// track the clicktry {_gaq.push(['_trackEvent', this.parents('[id!=""]:first').get(0).id, 'clicked', (this.text() || this.children('img:first').attr('alt'))]);}catch (err) {}// wait a moment for the tracking to process, then follow the linksetTimeout('document.location = "' + $(this).attr('href') + '"', 200);};$('#brand-explorer a, #navigation a, .widget-wrap a').click(function () {$(this).trackClick();return false;}); })(jQuery);

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Does Google+ solve the privacy problem or make it worse?

Amid all the coverage of Google’s launch of its fast-growing Google+ social network, some — including New York Times  technology writer David Pogue, in his recent review of the service — have argued that the new platform improves on Facebook in terms of privacy protections, because it allows you to filter your friends into groups via the “Circles” feature and only share with them. But is this really a big improvement? Not everyone is convinced that it is. And some critics say the way Google has structured its new network could actually make things worse, because the company misunderstands what privacy means in a practical sense.

In his review, Pogue says Google+ shares so many features with the other social network that it looks like “a shameless Facebook duplicate.” But the New York Times writer says there is one big difference between the two that makes Google+ much better, and that is the Circles feature, which he calls “towering” and “brilliant.” Because you can share specific things with specific followers or friends, says Pogue, the service is inherently more private. He adds:

In one fell swoop, Google has solved the layers-of-privacy problem that has dogged Facebook for years… Senators embarrassed by their children’s drunken party photos. Potential employers reading about your crazy nightlife. Girlfriends learning accidentally about their beaus’ proposal plans. All of it goes away with Circles.

There’s just one problem with seeing this as a huge advantage for Google+, however, which is that Facebook has had something similar to Circles for some time. In the beginning, the network had Lists that users could create in order to share specific items with a certain group of friends (Pogue mentions Lists in his piece, but says this feature is “buried, and a lot more effort to use” than Circles). But more recently, Facebook created Groups as a way of making this ability even more obvious, and easier to configure (although some have had privacy issues with it as well).

While some users like Pogue seem to love Circles because it is so easy and intuitive — in part because of the cool graphical interface created by former Apple designer Andy Hertzfeld — others have said that the process of filtering hundreds or even thousands of people into groups is time-consuming and somewhat frustrating. This is an example of what psychologist Barry Schwartz has called the “Paradox of Choice” problem, where giving someone too much choice actually makes it less likely they will take advantage of a feature. Some argue Circles could suffer from this as well.

I’ve actually noticed this myself, despite having used Google+ for only a few weeks now: I’m already putting people into the default circles, such as the broad Following group or the default Friends group, because I can’t be bothered to decide where else to put them. In some ways, this is another example of what some call “social networking fatigue” : so many people to sort and photos to tag and status updates to read that it becomes overwhelming. The result is that many people will likely never take advantage of Circles, just as many people have never taken advantage of Facebook lists or groups.

In a recent Quora post, former PayPal and Facebook engineer Yishan Wong argues that the way Google+ is structured actually makes the privacy of the service worse than Facebook in practical terms, and this could be exacerbated for those who don’t make full use of Circles. Wong’s main point is that Google+ makes a lot more of your activity public by default because it is structured as an “asymmetric” network like Twitter — in other words, people can follow you without you having to follow them — rather than a symmetric one like Facebook where following has to be reciprocal.

The problem, says Wong, arises when someone posts a comment or status update on Google+, which is then available for anyone to comment on — even people who the author of the original comment has never followed or put in a Circle. While Facebook doesn’t allow anyone you don’t follow to comment on your status update, Google+ does. The result, Wong says, is that “strangers consider it perfectly normal to insert themselves into a conversation between you and your friends any time you make a public post,” something users may find uncomfortable and even disturbing (commenters can be blocked, but that takes an extra step):

The core failure here is that Google does not understand privacy in a social context. Google understands privacy in an information-security way, i.e. privacy means maintaining the security and integrity of confidential data. But privacy in a social realm… has less to do with maintaining integrity of information — rather, it strongly revolves around the concepts of circumspection and discretion.

Wong’s view of how Google+ handles this kind of practical, day-to-day privacy (as opposed to the protection of user profile information) may not be shared by everyone, and as a longtime director of engineering at Facebook, he may be biased against Google. Several other users have posted comments on Quora saying they disagree with him about whether the structure of Google+ is a good thing or a bad thing. Some users, they argue, may not mind that strangers can comment on their posts, and in fact may want to get input from people outside their normal Circles.

But will most people fall into this category? That’s not clear. If most people don’t use Circles properly, either because they are suffering from social-networking fatigue or the “paradox of choice,” then will they be turned off by the influx of strangers who can comment on or share their posts? If they do, Google may find itself in the midst of its very own privacy brush fire, just like the giant social network it is trying to compete with.

Post and thumbnail photos courtesy of Flickr user Josh Hallett

Related content from GigaOM Pro (subscription req’d):

window.fbAsyncInit = function() {FB.init({appId: 180650338636285, status: true, cookie: true, xfbml: true});FB.api({method: 'links.getStats',urls: 'http://gigaom.com/2011/07/14/does-google-solve-the-privacy-problem-or-make-it-worse/'},function(response) {jQuery('#react-fb-count-button').html(response[0].commentsbox_count);});FB.Event.subscribe('comment.create', function(response) {var ajaxurl = 'http://gigaom.com/wp-admin/admin-ajax.php?action=new_fb_comment&post_id=';jQuery.get(ajaxurl + 376297);});};var e = document.createElement('script');e.type = 'text/javascript';e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';e.async = true;document.getElementById('fb-root').appendChild(e);

var _comscore = _comscore || []; _comscore.push({ c1: "2", c2: "6036014" }); (function() { var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true; s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js"; el.parentNode.insertBefore(s, el); })();

Click to log in with: Not you? Remember me Submitting comment...
;(function($){$.fn.trackClick = function(){// track the clicktry {_gaq.push(['_trackEvent', this.parents('[id!=""]:first').get(0).id, 'clicked', (this.text() || this.children('img:first').attr('alt'))]);}catch (err) {}// wait a moment for the tracking to process, then follow the linksetTimeout('document.location = "' + $(this).attr('href') + '"', 200);};$('#brand-explorer a, #navigation a, .widget-wrap a').click(function () {$(this).trackClick();return false;}); })(jQuery);

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Zynga focuses on privacy in run-up to IPO

It looks like Zynga is polishing up the proverbial silver in the run-up to its planned IPO.

On Thursday, the San Francisco-based social gaming company is launching “PrivacyVille,” a new game-like tutorial that rewards users with zPoints, Zynga’s virtual currency, for learning more about the company’s privacy practices.

According to Zynga, PrivacyVille is modeled after CityVille, the company’s most popular game. The tutorial is centered on Zynga’s privacy policy and also includes resources to teach users about controlling their information online.

The timing of the PrivacyVille launch, less than two weeks after Zynga filed documents for a $1 billion initial public offering, is probably no coincidence. Today’s big Internet companies such as Google  and Facebook are constantly criticized for perceived privacy violations, and potential Zynga investors want to be assured that the company is serious about its own data protection. In fact, Zynga’s S-1 mentions the word “privacy” no fewer than 25 times, mostly in relation to the potential risks a privacy breach would have on its valuation. PrivacyVille is a unique –albeit slightly hokey — way for Zynga to show Wall Street that it is taking the issue seriously.

Here are some screenshots of PrivacyVille:

Related content from GigaOM Pro (subscription req’d):

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Has Dropbox set the stage for a privacy revolution?

Life has been something of a rollercoaster ride for Dropbox lately. In May, the consumer cloud-storage service was hit with an FTC complaint based on allegedly misleading contractual language about data security. Last month, a group of consumers filed a class-action lawsuit against Dropbox for how it handled a temporary security hole in the service.

Then, on July 1, when Dropbox tried to do right by its users by clearing up much of the language in its terms of service, privacy policy and security overview, another uproar ensued. It appears this was the first time many customers bothered to read these documents, because the commenters on a blog post announcing the changes, as well as forum members across the web, began loudly criticizing certain Dropbox practices.

Of particular concern was terms of service language about data ownership, which some customers took to mean that Dropbox claimed ownership to their data. After a couple of attempts to clarify the issue on the July 1 blog post, Dropbox completely rewrote the section regarding data ownership and updated its terms of service again on July 6.

Despite all this, when the smoke clears, Dropbox’s newfound focus on transparency could turn out to be a great thing. Especially if it triggers an avalanche of other web-service providers following in its footsteps.

The federal government is eyeing up regulation of consumer web services regarding their privacy practices, and the resulting rules have the potential to be detrimental to companies like Dropbox, Facebook and Google. Part of the reason for the proposed rules is that companies haven’t been willing to regulate themselves. Facebook, which finds itself in a privacy snafu seemingly monthly, exemplifies the problem.

Dropbox’s efforts are so potentially meaningful because the FTC states that, among its chief priorities for any federal rules, are clear, reader-friendly contractual language and privacy policies. While Google is fighting such efforts with lobbyists, Dropbox is giving an example of how to cut legalese from a contract and let users know exactly what they’re signing up for.

Take this excerpt from the hotly contested copyright section, for example:

By using our Services you provide us with information, files, and folders that you submit to Dropbox (together, “your stuff”). You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below. …

To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to.

Dropbox General Counsel Ramsey Homsany, who joined the company about a month ago after spending years leading a legal team within Google, said he doesn’t think the contractual changes have anything to do with Dropbox’s legal issues. He said the company disagrees with the premise of FTC complaint, so it isn’t making changes in an attempt to resolve that matter. In fact, the company began rewriting its terms in April, and so the changes were already underway when he joined.

Rather, Homsany said, Dropbox knows that its users — some of whom rely on Dropbox for their life’s work — are passionate about the service, and it wants to help them make informed choices. “We don’t have a pride in being right,” he explained. If some users think the terms are unclear, Dropbox will be even clearer, he said.

Both the federal government and users still care about what customer agreements actually permit a company to, though, regardless how clearly those permissions are written. Dropbox hasn’t materially amended how it uses customer data, and Homsany doesn’t think it has to right now. It can be a delicate balancing act to retain only the necessary rights while letting users keep the rest, but he thinks that customers by and large understand that creating a quality product does require some flexibility to use their data.

Dropbox rewriting its terms, privacy and security policies isn’t the be-all, end-all of the discussion over consumer rights online, but it’s a heck of a start. Someone had to get the ball rolling and show that web services actually are paying attention to the privacy firestorm surrounding them. As the villain du jour, it might as well be Dropbox who does it.

But for their own sakes, Dropbox’s peers might want to follow the company’s lead. If enough sites spell out for their users exactly what they’re signing up for, by the time they get around to formally proposing new laws, the FTC, Congress and any other federal bodies might forget what they were so mad about in the first place.

Feature image courtesy of Transparency Camp.

Related content from GigaOM Pro (subscription req’d):

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Facebook, Privacy and the Wild Wild Web

Facebook recently unveiled several changes to its service that give users more sharing options, but in the process the company demonstrated what many have come to believe is its intentional disregard for user privacy.

This mistake feels a lot like Facebook's February 2009 debacle when the company changed its user agreement in an "all take, no give" arrangement that gave the company the right to use, in perpetuity, all information shared by its users on the site. Users rebelled and Facebook backed down immediately.

But this time it's different. With these recent updates, Facebook has given users two important things: Easier ways to share and participate among communities of interest within the network and more privacy and protection settings to accommodate this new structure.

Facebook's mistake is two-fold. First, the default privacy settings for the new Facebook are not Friends, Friends of Friends, or all of Facebook, but the entire Internet. Second, Facebook has provided no easy road map for just how to navigate to the 50 privacy settings in order to choose from among the more than 170 privacy options.

Users' confusion over the default settings and how to change them, along with lackluster explanations of the benefits of the new changes, has created the usual uproar we've come to expect each time Facebook tweaks our home away from home.

Unfortunately for Facebook, this update has also created what analysts suspect is an increase in the number of users wanting to delete their Facebook accounts. The number of searches for "how do i delete my facebook account [sic]" have increased dramatically since the changes were announced, and a mass exodus from Facebook has been scheduled for May 31.

Nothing On the Web Is Free

Facebook has over 400 million users, and after the mass exodus, the site will have over 400 million users.

The changes Facebook has made are part of Facebook's inevitable monetizing strategy. And that's the point. Nothing about Facebook is free. Facebook has never been in the game not to make money. And it's finally doing so. This year the company is expected to have revenues of between $1.2 and $2 billion. And yes, some of that will be profit.

Facebook will ultimately strike the necessary balance between its bottom line and its users. They always do. But what users have to realize is that one fact will remain: Facebook will make money off of the information users share on its site.

To those for whom this is a bad thing, Facebook is not the place to be. Profile information is the most valuable information for marketers on the Web, and no single Web service has more of this type of information than Facebook. Facebook will continue along its path to use this information to make money in order to stay in business and to continue to give users the services they sign up for in droves.

The critics are right: Facebook wants to make mountains of cash. But they can only do it if its users are happy.

The Wild Wild Web

A lot of the information you share on Facebook - your email address, phone number, physical address - is already public on the web and would remain so if Facebook went away tomorrow. This information was there before Facebook and exists online independently of Facebook.

Take a look at Pipl.com. Type in your name or the name of your best friend, or your worst enemy, and see what pops up. A recent search on this writer's name produced the following information:

Contact details from Whitepages.com, Spokeo.com, and two others
Background reports from Intelius.com
Personal profiles from MySpace, Spokeo, LinkedIn, Members-Base, Bebo and Flickr
Email addresses from Inelius that are so old I caught myself wanting to say they pre-date the Web
Public records including birth records from BirthDetails.com and Intelius
Videos from YouTube
Web pages
Blog posts
Documents

Many sites like this have emerged over the years. Pipl, Spokeo and Zillow.com, to name a few, all publish information many users feel is private. But in fact, it is not. It's quite public, and sites like these aggregate this information from public sources.

Which leads to a not-so-recent trend in social media, but one that is about to see the roof blow off because of yet another new initiative by Facebook.

The trend is social media aggregation, where information from different social media sites is pulled together in one location so that it can be more easily digested. Many aggregation services, like Gist, FriendFeed and NetVibes, offer tools and widgets that let users combine messages, search multiple social media sites at once, track friends, and even access their profile data all from one place, all in an attempt to simplify an individual's social media participation.

With the recent introduction of Open Graph, Facebook will attempt to take social aggregation into the stratosphere. In fact, Facebook wants to turn the entire Web into your personal aggregator.

Currently, different social media sites contribute to some part of the social graph. Yelp is mapping out the part of the graph that connects people to local businesses. Pandora is mapping out the part related to music. With Open Graph, Facebook plans to bring these graphs together.

"If we can take these separate maps of the graph and pull them all together," says Zuckerberg, as reported by CNET.com, "then we can create a Web that's smarter, more social, more personalized, and more semantically aware."

He goes on to say, "These connections aren't just happening on Facebook, they're happening all over the Web, and today with the Open Graph we're bringing all these things together."

If you use Facebook, you might be surprised to find you're already participating in its new social graph. Go to Account > Privacy Settings and click on Applications and Websites. There you'll see Instant Personalization Pilot Program. Click on it to see the beginnings of a monumental change on the Web.

Good Rules of Thumb

Just consider that anything you say on Facebook is public, and don't say anything that you would have to whisper to anyone whom you're dining with at an outdoor cafe.

Each time you allow a Facebook app to access your profile information, read the Terms and Conditions for that app. Apps are bound by neither Facebook's Privacy Policy nor its Terms and Conditions. They are third-party relationships, and when you share your Facebook information with them you do so independently of Facebook. Apps are how a lot of profile info leaks out of Facebook. Facebook should be clearer about this and should be more concerned for users' privacy when it comes to third-party apps, and it wouldn't be surprising if their approach to apps changes sometime soon.

Other sites offering FacebookConnect are safe. FacebookConnect is a service that lets users enjoy their Facebook relationships on other websites. Users can sign in with their Facebook username and password and discover what their friends find interesting on a particular site. The third-party website does not have access to your Facebook profile information.

Ian Huckabee is a writer and web marketing strategist. He creates social media marketing programs and solutions for organizations and individuals, and he specializes in integrating social media marketing with search engine marketing. He's an avid tweeter and enjoys creating short bursts of fiction 140-characters at a time.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.