Adopting cloud computing can mean entrusting data to a third-party vendor. For agencies responsible for personally identifiable information or mission-critical applications, this raises a host of privacy concerns, chief among them the issue of data sovereignty and the question of determining appropriate government and commercial uses of private citizens’ data. This section of the SafeGov.org site analyzes the risks to privacy associated with cloud adoption and explores ongoing means to mitigate them.
Friday, April 17, 2015
This week the European Commission took not one but two momentous actions against Google. The first was the filing of formal antitrust charges accusing Google of abuse of dominance in online search. The second, was the launch of an investigation into Google’s practice of forcing mobile device manufacturers to use its purportedly open source Android operating system in only the way that Google prefers. Android of course is the world’s most widely used operating system, with a rapidly growing user base that now numbers more than one billion. While we usually think of it as something for consumers, Android devices are also used in countless enterprises, schools and government agencies. It’s worth taking a look at what the EU’s Android investigation means for those users.
Tracy Mitrano, Inside Higher Ed, Monday, April 13, 2015
While many readers may not be familiar with the International Standards Organization, the rigorous formal standards established by this UN-sponsored body form the backbone of data security best practices in large organizations everywhere. Collectively the standards are known as the ISO 27000 family. American colleges and universities in particular, which are busily outsourcing many key online services to outside cloud providers, would do well to pay close attention to the newest member of this family, ISO 27018, which sets out best practices for personally identifiable information (PII) held in the cloud. ISO 27018 is the first international standard for privacy practices. Published in July 2014, the standard warrants the full attention of higher educational institutions as they consider the procurement of cloud services.
Ben Patterson, PC World, Monday, April 13, 2015
Turns out that each time you say something to the Google Now search box, Android saves a copy of what you said in your "Voice & Audio" history. Your voice history can go back months or even years, and it includes a transcript of what you said plus a playback button, so you can relive the moment. That's not all. Your Android device—and, indeed, all your Google accounts, mobile or otherwise—can also save a "history" of your web searches and clicks, as well as what you've searched for and watched on YouTube. Android can also save a map of where you and your phone or tablet have been, even when you weren't actively using your handset.
Larry Darrell, Bidness Etc, Monday, April 13, 2015
Last month, the US government fined AT&T, accusing it for inadequate and unsatisfactory protection of consumer data. However, cyber security experts believe that the punishment was not strict enough to intimidate other players in the industry to take extra safety precautions. In the event that the carriers are faced with a similar situation as AT&T, perhaps they would take better and more adequate measures to ensure consumer privacy if AT&T was dealt with more strictly.
Brad Smith, Microsoft on the Issues, Friday, April 10, 2015
Last evening, we filed our reply brief in our ongoing legal challenge to the U.S. government’s attempt to force us to turn over a customer’s email stored in our Irish data center. As we stated in our brief, we believe the law is on the side of privacy in this case. We were gratified by the large number of organizations and individuals that filed amicus briefs in this case in December. They include leading technology and media companies, expert computer scientists, and trade associations and advocacy organizations that together represent millions of members on both sides of the Atlantic. As we said then, this case involves a broad policy issue that is important to the future of cloud computing. In a nutshell, this case is about how we best protect privacy, ensure that governments keep people safe, and respect national sovereignty while preserving the global nature of the internet.
Katy Bachman, Media Post, Friday, April 10, 2015
The Federal Communications Commission will examine Verizon’s use of supercookies for potential privacy violations. Verizon Wireless came under fire earlier this year from privacy advocates for using a tracking technology known as “supercookies” or “zombie cookies.” The technology -- which relies on injecting a unique code into a user's mobile traffic -- allows the company to track users' mobile Web browsing in order to serve them targeted ads. The injected code also enables Verizon and other companies to recreate information about people's Web activity, even if they delete their cookies.
Dale Kunkel, San Jose Mercury News, Thursday, April 09, 2015
First, Google overlooked all of the relevant research on children's limited ability to recognize and defend against television advertising, the most similar venue for an app that displays video cartoons, many of which are recycled from TV. Young children lack fully developed cognitive defenses against screen-based commercial persuasion. As a result, youngsters are readily susceptible to commercial influence, much more so than adults. Given this evidence, federal regulators as far back as the 1970s ruled that special protections are required when advertising targets kids. So the second mistake Google made was to overlook existing legal precedent. The FCC long ago specified there must be "clear separation" between entertainment and marketing content when kids are involved. If it's unfair for TV programs to use a star character such as Fred Flintstone to introduce products during a show, why should it be any different for a digital app? Is a child any less exploited because the commercial pitch was delivered via the Internet rather than a TV signal?
Chris O'Brien, Venture Beat, Wednesday, April 08, 2015
Google lost another battle on the European regulatory front today when a German privacy commissioner ordered the Silicon Valley search giant to implement strict new controls on how it uses customers’ data. The Hamburg Commissioner for Data Protection and Freedom of Information had originally ordered the changes last fall following an investigation launched earlier in 2014. Google filed an appeal of that decision, but the commissioner, while making some small modifications, overruled the objections and fundamentally upheld the previous decision.
Barbara Kollmeyer, MarketWatch, Tuesday, April 07, 2015
YouTube’s Kids, which made its debut in February, allows children to pick entertainment and educational programs from hundreds of channels. But the coalition maintains that McDonald’s, Mattel and others have put ads into the mix, and it is often difficult to tell them apart from entertainment.
Cecilia Kang, The Washington Post, Tuesday, April 07, 2015
The Federal Trade Commission on Tuesday said it will review complaints by consumer groups that YouTube Kids is a hyper-commercial app with junk food and toy ads flooding the video service. Several consumer advocacy groups filed a complaint with the commission saying YouTube's free app that launched in February contains too many ads that young children can't distinguish from entertainment. On television, federal rules keep advertising to a minimum on children's programs but on the app and others like it, the groups say those rules are disregarded.