Should privacy regulation be more than just data protection?

Inga Kroener, The Guardian,  Wednesday, December 17, 2014

To get to grips with the surveillance risks that emergent technologies carry, policymakers need to broaden their scope of what privacy is. Rather than solely focusing on data, impact assessments need to address the range of privacy issues that emerge when new technologies, products and services are developed – who might be affected by privacy or surveillance risks, and how they might be harmed.

Halvorsen formalizes new DOD cloud procurement policy

Sean Lyngaas, FCW,  Wednesday, December 17, 2014

Acting Defense Department CIO Terry Halvorsen has issued a memo outlining the Pentagon’s new cloud procurement policy, formally allowing the military services and other DOD agencies to procure commercial cloud services rather than leaving that authority to the Defense Information Systems Agency.

Tips from NIST on Picking the Right Cloud Vendor

Joseph Goedert, Health Data Management,  Wednesday, December 17, 2014

The draft guidance seeks to bring uniformity to the vocabulary of cloud service measurements that include abstract metric, abstract metric definition, cloud service property, concrete metric definition, context, measurement, measurement result, metric, observation, and unit of measurement. The guidance also describes the “cloud service trifecta” which can be broken down into three general areas: service selection, service agreement and service verifications, along with supporting metrics. It further defines in detail a “cloud service metric model” with 23 elemental descriptions of the foundation diagram that describes a metric definition.

What the Future Holds for FedRAMP

Nicole Blake Johnson, FedTech,  Wednesday, December 17, 2014

Big changes are ahead for the Federal Risk Authorization Management Program, better known as FedRAMP. A new two-year road map that will be released Wednesday details more than 40 initiatives aimed at accomplishing three overarching goals: increasing stakeholder engagement, including the number of agencies implementing FedRAMP; improving program efficiencies, by automating FedRAMP documentation; and adapting FedRAMP to support evolving cloud offerings and security policies while focusing on risk management rather than compliance. The road map groups initiatives in six-, 12-, 18- and 24-month intervals.

Tech, media firms back Microsoft in digital privacy case

Ellen Nakashima, Washington Post,  Tuesday, December 16, 2014

Ten groups of top technology, media and business organizations on Monday filed legal briefs in support of Microsoft’s argument to a federal appeals court that the U.S. government cannot issue a search warrant to obtain customers’ e-mails held in another country. The unusually high number of friend-of-the-court briefs and the breadth of groups that signed on reflect how significant the issue of privacy in the digital age is to U.S. industry. “This is not a case about a narrow legal issue but rather a broad policy issue that is of profound importance to the future of the Internet,” Brad Smith, Microsoft general counsel, said in an interview Monday.

How CIOs Can Prepare for Healthcare ‘Data Tsunami’

Kenneth Corbin, CIO,  Tuesday, December 16, 2014

The volume of healthcare data is growing at a staggering rate, bringing with it a host of technical, compliance and governance challenges for CIOs working in that sector. A recent report from EMC and the research firm IDC offers a few imaginative ways at visualizing that proliferation, anticipating an overall increase in health data of 48 percent annually.

How Microsoft’s battle with the Justice Department could reshape privacy laws (+video)

Jaikumar Vijayan, Christian Science Monitor,  Tuesday, December 16, 2014

“Seldom has a case below the Supreme Court attracted the breadth and depth of legal involvement we’re seeing today,” Microsoft general counsel Brad Smith said Monday. “This case involves not a narrow legal question, but a broad policy issue that is fundamental to the future of global technology.” It is a position that has garnered widespread support from a variety of quarters. On Monday, a coalition of 28 leading technology companies, 35 computer scientists, and 23 trade associates filed a total of 10 amicus briefs in support of Microsoft. Among the companies throwing their legal weight behind Microsoft are AT&T Inc., Verizon Communications Inc., Cisco Systems Inc., and Apple Inc.

Microsoft Takes on U.S. Government in Fight to Protect Consumers' Private Data

Shirley Brady, Brand Channel,  Monday, December 15, 2014

As consumers are increasingly aware how fragile their personal data is in the wake of hacks including Sony's current meltdown, Microsoft is backing a call for a new digital privacy law in the U.S.—and refusing to turn over private emails from its Irish data center to the U.S. government General counsel Brad Smith spoke out today in Washington for citizens' right to privacy of their data and the right for citizens' emails and other digital information to be protected by companies and the government, whether stored in the U.S., internationally or in the cloud. Microsoft is fighting the U.S. Justice Department over a warrant for data stored on a server in Ireland, and today noted in a blog post that the court has received supporting amicus briefs filed by other tech companies supporting its move, including Verizon, Apple, Amazon, Cisco, Salesforce, HP, eBay, Infor, AT&T, and Rackspace.

French researchers find that Android apps exploit permissions

Peter Sayer, PCWorld,  Monday, December 15, 2014

Android apps really do use those permissions they ask for to access users’ personal information. French researchers found that one online store records a phone’s location up to 10 times a minute. The tools to manage such access are limited, and inadequate given how much information phones can gather. In a recent study, ten volunteers used Android phones that tracked app behavior using a monitoring app, Mobilitics, developed by the French National Institute for Informatics Research (INRIA) in conjunction with the National Commission on Computing and Liberty (CNIL).

Cloud Metrics Could Provide the Goldilocks Solution to Which Cloud Vendor Is 'Just Right'

National Journal,  Monday, December 15, 2014

As government agencies and other organizations invest in cloud computing services, they are challenged to determine which cloud provider and service will best meet their needs. As the nation's official measurement experts, the National Institute of Standards and Technology (NIST) has developed a guide to creating cloud metrics that could aid decision makers in finding the cloud service that is "just right." The new NIST guide, which is being offered as a draft for public comment, proposes a model for developing metrics-objective measures of capabilities and performance-that cloud-shopping organizations can use to navigate a rapidly expanding marketplace.