Cloud computing and the Internet part II

As announced on yesterday’s post “Cloud computing and the Internet part I, E-Crime Expert is posting the second part on cloud computing.

In addition to the methods in which Cloud computing is delivered, there are different types of the cloud computing which include: public cloud, hybrid cloud and private cloud.

Public cloud which is when a service provider offer services such as application usage, development or storage of data, to anyone on the Internet.

Hybrid cloud is when a business uses some applications in house and some provided by an external provider such as storage of data, etc.

Private cloud is when a provider offers cloud computing solutions, but on a private infrastructure network. A business does not want its employees files to be accessible for example on a public cloud and so it rents/buys a private cloud that no one else except that business has access to.

Besides the usefulness of cloud computing solutions, there are questions regarding how the Data Protection Directive applies to this situation? How the personal data of users is dealt with, stored, accessed, manipulated, and processed by the cloud-computing providers. A unique characteristic of cloud computing is that data is floating around from server to server located within the EU or also outside the EU for example to India, the US, etc. Part of someone’s data could be at the same time in the EU and India, on different servers.

There are some questions regarding cloud computing in Facebook’s. Facebook provides services to its clients such as: storage of information (e.g. pictures, videos, profiles, personal data, etc.), application access (e.g. Facebook Places or other applications where the user should agree with the access of that particular application to her personal data), or infrastructure for sending messages, invitations, updates, and posting comments which all deal with private information and data. Everything is done on the Facebook’s platform, which could host the users’ personal information on different servers inside or outside the EU.

The question is who has access to users’ personal data when uploaded and processed on Facebook? According to EU Data Protection Directive (DPD) the users have the right to know which personal data is stored and processed in regards at least to the online marketing advertisers that could be granted access to that data for advertising purposes, profiling, and delivery of targeted advertising. In addition, when a user delete her Facebook account, this operation is not done in real time, it has a delay and the account basically is not deleted but becomes inactive. For example, I ran a search under my name, and some entries showed pictures from my Facebook account that I deleted in the past. This shows that even if the users want to delete some information concerning his person, it would be still available on the Internet.  Furthermore, some entries generate pictures or names of my friends on Facebook by associating them with my Facebook account friends’ list.

In other words, even if a user asks for all of his personal data provided on Facebook to be removed, this most likely would not happen. Facebook claims that some users’ personal data would not be available to any other user on Facebook, but some personal information and data will be kept for technical reasons (such as to provide service to other users which are inter-connected with the account that was deleted).

Regarding the compliance with the EU DPD, it is not clear which rules and regulations could apply to cloud computing, as the cloud concept itself is “volatile” (continually changing). Cloud computing is subject to multiple jurisdictions as the information is moved from one server to another or is stored on different servers located in different geographical areas. Kumaraswany and Latif scholars asked: how does moving the private information to the cloud impact the current privacy compliance requirements?  Is information kept on the server, in the cloud or in a data center? These are questions that momentarily have no answer, at least in regards to how Facebook deals with, makes accessible, stores, and “floats” the users’ private data.

Who has the technical capabilities, jurisdiction and access to verify whether Facebook complies with these requirements?

For how long is the users’ personal data stored on its servers, cloud or in data centers?

According to the EU DPD, the user owns her personal data, but when this data is transferred and stored outside the EU, does the user still own her data?

How could a user enforce her right in this case?

If Facebook had provided the answers to these questions, there would be more transparency and less tensions regarding how users’ personal data is dealt with. The burden of proof regarding that the personal data is dealt with, stored, processed, and made available according to the EU DPD, falls on the provider’s shoulders, at least on an informal level when users are questioning more and more how their privacy is protected.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Do you think that cloud computing is a threat to privacy? Do you think that cloud computing is “out” of jurisdiction?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Cloud computing and the Internet part I

From the same series that aims to contribute to a better understanding regarding why privacy and personal data are so vulnerable in relation to the Internet and its adjacent services/platforms today, E-Crime Expert shows in two different posts (today and tomorrow), what cloud computing is and how it works.

According to Forrester, “Cloud Computing is buying Information Technology (IT) capacities and utilities as need for a utility provider”. Cloud computing is the IT capabilities delivered as an internet-based service, software or IT infrastructure by a service provider accessible through the Internet protocols and accessible from any terminal (e.g. computer or smartphone). These services could be accessible through pay-per-use, pay-as-you-go or the provider could support it from the revenue generate by advertising (e.g. Google docs). One of its main characteristics is customer self-service, which means that the customer needs no assistance in uploading, modifying, accessing her files, applications, documents, etc. It is accessible anytime and anywhere, and has instant scalability.

Cloud computing is delivered under three forms: software as a service (SaaS); Infrastructure as a service (IaaS) and Platform as a service (PaaS).

Software as a service is when someone needs, for example, to create a word document; the person goes on Google docs where the word processor is located and creates the document without having Microsoft Office installed on her computer. The document is created on the server by having access to Google docs, which is a software being used as a service.

Infrastructure as a service is when a business, for example, does not have the technical capabilities to store all its information in house and they need to store and access it on a server. That server is the host that provides service in storing the data. That service rents the infrastructure (e.g storage medium) to the client.

Platform as a service is when the provider offers facilities for application design, development, testing, computer coding or hosting. For example, GoDaddy is a platform service provider as it offers website hosting services to its clients. Another example related to this research is Facebook, which provides the platform for its clients to upload photos, videos, play games, send messages, etc.

Stay tunned for the second part of this blog tomorrow.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Did you know what cloud computing is? Do you realize that already you are using it?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Targeting and profiling users on the Internet for advertising purpose

From the same series that aims to contribute to a better understanding regarding why privacy and personal data are so vulnerable in relation to the Internet and its adjacent services/platforms today, E-Crime Expert shows how targeting and profiling users on the Internet for advertising purpose it is done.

In order to sell advertising, the Social Network Services (SNS) need traffic and also to know what their users preferences are. As similar to TV or Radio advertising, where the commercials are addressed to a certain group of people based on age, sex, needs, preferences (i.e. milk, beauty products, cars, clothes), online advertising has the same goal. But because online the audience is much broader and the target is reached very fast, sometimes in real time, the advertising is offered or delivered differently and it opens huge potential exposure to the audience. In the case of TV advertising, companies provide advertisements and after the post-advertisement sales are monitored for a certain period of time to determine if the commercial clip was effective and reached its target audience.

The audience for TV advertising is established by market studies and questionnaires were the subjects are interviewed in person, anonymously and they have the opportunity to refuse to participate. In the case of online advertising, the profiles of the audience’s preferences are established mostly by the users’ behavior.

Also online and offline advertising are directly connected to the market shares in terms of revenue generated from advertising. In December 2008, according to Mary Meeker from Morgan Stanley publication’s chart named: “Media Time spent vs. Ad spent Out of Whack”, the traditional media which includes TV, radio, and newspapers it is accountable for 8% of the users’ time (in the US) but receives 20% of the advertising money when the online media (the Internet) is accountable for 29% of the user time (in the US) but receives just 8% from the advertising money.

These numbers will balance out between them in the coming five years but in order for the appropriate revenue to be reached and counter-balanced to reflect the real market situation, more online advertising will be generated and produced which implies different ways of approaching and delivering the advertising in order to meet the target (the customers).

More behavioral advertising could be generated along with better user profiling. For example, a user wants to buy something from an online store (which often are advertised or connected to SNS); the user logs in, and first he is presented with the options related to his previous purchases and shopping history on that particular online store. For example, someone shops for Nike shoes, and all the online options are related to the Nike brand based on his previous shopping history. By predicting the user’s preferences based on his shopping history, it is not always accurate because it could be the case that he uses a shared computer where his father regularly uses it, and their personal preferences are totally opposite. Providing a user with products or services based on his shopping history is called targeted advertising. This new type of advertising (i.e. targeted advertising) is seen on SNS and is based on users’ behavior, search history and preferences. However, it is not always the case that the subject’s behavior and search history lead to the subject’s preferences (e.g. the father uses his son’s computer).

The users are monitored for their web browsing history in an attempt to sell them specific products or advertising based on their known preferences. The question, which comes from this model of advertising, could be more complex in terms of: how can someone else’s personal preferences be used for targeted advertising without their acknowledgment?

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Do you feel monitored on the Internet? Does it ever happened to you to be surprised by the advertisng you were delivered on a particular site? Does the advertising changes to you when you are in a different location?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.