23 June 2012

Privacy in the Clouds you ascend, fly and fall through

Richard Hall recently uploaded a good presentation, The Cloud and Higher Education, with the main thrust being around the questions of who owns data on cloud services. This is a question of sovereignty, and whether data on cloud services are governed wholly or in part by the laws of the country where the server or company is head quartered (predominately major quake zones in the USA).

My work interfaces with the Northern Territory Government from time to time, and while they've put out a number of pretty good guidelines regarding agency use of cloud services,
  1. Cloud Computing Policy and Guidelines 
  2. Cloud computing and record keeping 
Both from NTG Dept of Business and Employment
apart from these documents (which in short advise the use cloud services for anything that is classified less than Restricted) the general tone of conversations I find myself in with government staff and the like is one of defensiveness, ignorance and risk aversion. It reminds me a little of the sorts of 'conversations' I was in back in 2004 when "Web2.0" was their problem. I'm not dismissing their concerns, not at all, but isn't it all just pissing in the wind? Can we find a way to identify and discuss the deeper more complicated issues please? Richard acknowledges these in his slides on 'values' and local economic considerations...

I want to introduce a different take on the questions of privacy and security though.

Do government agencies and universities really think that data stored on their servers is secure and private? Climategate, Wikileaks, News International, Windows GodMode, or a Timeline of Security Hacking. Do we seriously think The Patriot Act and other legislation enables or reins in surveillance already taking place? As more and more data moves to open, can we maintain service in an efficient and reliable way?

Safe Browsing—protecting web users for five years and counting. Google Blog June 2012

Energy efficiency in the cloud. Google Blog June 2012

Assuming you're answers to these rhetorical questions fall into line with what I'm thinking, then we might agree that government servers are not only as insecure as any server out there, they are probably targeted if not openly used for the collecting data -  legitimately or not. Shouldn't we instead be asking where can we store data that is more reliable, efficient and secure? We might ironically find it to be the very place we not accepting - the Cloud. It's a slightly different tone of questioning from the one used to date, that wants to imply that servers other than our own can't be trusted. 

And, just to confirm with all the skeptics out there, yes, I really am drinking the Google cool aid, big time!

Google recently published a report on all the government and private take down requests they received for the period 2009-2011, in their effort to become more 'transparent'. While the level of detail revealed could have been more, and I guess we have to just trust they are being honest in both content and intent, if Google keep going down this route we - the average jo citizen, might gain just a little more than relatively simple cloud services for our agencies, we might gain a bit of insight on their work as well. 

Australian Government requests to Google for data on individual users for the July to December period of 2011. Google Transparency Report, June 2012.
Unfortunately, what we’ve seen over the past couple years has been troubling, and today is no different. When we started releasing this data in 2010, we also added annotations with some of the more interesting stories behind the numbers. We noticed that government agencies from different countries would sometimes ask us to remove political content that our users had posted on our services. We hoped this was an aberration. But now we know it’s not. Google Blog June 2012.

But who watches the watchers? Thankfully there's Google-Watch, but we need more and better. I note the disturbing absence of a Criticism or Reception section in the Wikipedia article for Google or Google Drive, yet there is such a section on DropBox!?

I would dearly love to hear a way we might achieve the functionality and service offered by the likes of Google, but without necessarily compromising our conviviality, local capacity building, and local employment etc.


Alexander Hayes said...

Nice post. Thinking through your points here...

Glen Speering said...

But ownership is a different kettle of fish to security and privacy.

Unfortunately the two are being discussed together, because of potential ownership issues in the agreements of Facebook and Google etc.

However, it has been well established that the IP belongs to the creator, despite the reasons for and place of creation, and that the University is just the guardian of that IP.

For original work, my opinion is that I would be silly to put it up on shared drives - not for security reasons - but for other reasons, such as plagiarism and authorship issues, which become harder to manage in such circumstances.

Leigh Blackall said...

Most universities I know, claim ownership over all "IP" generated within their walls. Many think to include student work in that grab. I've managed to convince at least one that this is a silly position to have, and found no satisfactory argument against the position of openness as a default, at Knowledge Commercialisation Australasia's AGM 2010.

Publishing original work in an open space, even on external servers, maybe the best way to check plagiarism. It exactly the closed approach that gives the Turn It In a monopoly. In the open, no secrets last.

I'm not sure I understand the point your making about ownership, security and privacy... can you expand?

Emma said...

I remember reading in "The Age" the debate about IP in universities. In that article they had someone paid to research something or other, and after a few years he took off, taking his IP with him, leaving the University nothing but wasted money. So at that point IP was the owners, but more and more universities are writing it into their contracts that the IP belongs to them as they are paying for it. Hmmmmm...

TommyK Atanasow said...

Awesome perspective. Gives me an understanding of privacy history. To me it still seems, where i focus my attention, thats were i can nitpick and go further in the rabbit hole.
I choose to focus on collaboration.