Just a quick note to say that the full text of Obama's cyber security bill is now available online.
Should be interesting to watch this develop and see how this will impact Internet business and cloud computing.
The Case for Cloud is an ongoing discussion about cloud computing and how it impacts business and the economy.
May 18, 2011
Cloud perspectives survey: private cloud computing
Just posted a short survey on private cloud computing.
I'm interested to know more about the different perspectives on private cloud computing throughout organizations, from the corner office down to Individual Contributors who are the backbone of any organization.
The survey itself shouldn't take more than 10-15 minutes to complete and, if you provide your email address at the end of the survey, I will send you a free copy of the report for your private use.
So please head over to the survey and fill it out!
Thanks!
I'm interested to know more about the different perspectives on private cloud computing throughout organizations, from the corner office down to Individual Contributors who are the backbone of any organization.
The survey itself shouldn't take more than 10-15 minutes to complete and, if you provide your email address at the end of the survey, I will send you a free copy of the report for your private use.
So please head over to the survey and fill it out!
Thanks!
May 16, 2011
Shouldn't companies WANT to protect their assets?
Last week, CNET reported on the White House's proposed cyber security law "[that is] designed to force companies to do more to fend off cyberattacks".
The law seems to address shortcomings in critical infrastructure security moreso than private industry though there does appear to be language that requires the disclosure of security breaches by private companies. this approach, presumably, would provide consumers with information regarding a business' security policy and could affect the choices consumers make. This non-regulatory position adopted by the White House is interesting because as it echoes the Canadian Radio and Television Commission's (CRTC) position of letting market forces shape the industry.
Is a non-regulatory approach appropriate? Would the US Government randomly audit companies to determine their level of security? Would that be sufficient to force companies to do more to ensure security? Probably not, given the number of companies in t he US and the rate at which new vulnerabilities are discovered. Requiring companies to disclose breaches could work if market forces are adequately informed.
It will be interesting to see how this legislation is applied to the cloud and which of the parties, vendor or consumer, will be held accountable for maintaining appropriate levels of security given that most contracts currently put that burden squarely on the shoulders of consumers.
The fact that legislation is even required to force companies to maintain adequate cyber security systems begs the question: wouldn't companies WANT to protect their assets anyway?!
The law seems to address shortcomings in critical infrastructure security moreso than private industry though there does appear to be language that requires the disclosure of security breaches by private companies. this approach, presumably, would provide consumers with information regarding a business' security policy and could affect the choices consumers make. This non-regulatory position adopted by the White House is interesting because as it echoes the Canadian Radio and Television Commission's (CRTC) position of letting market forces shape the industry.
Is a non-regulatory approach appropriate? Would the US Government randomly audit companies to determine their level of security? Would that be sufficient to force companies to do more to ensure security? Probably not, given the number of companies in t he US and the rate at which new vulnerabilities are discovered. Requiring companies to disclose breaches could work if market forces are adequately informed.
It will be interesting to see how this legislation is applied to the cloud and which of the parties, vendor or consumer, will be held accountable for maintaining appropriate levels of security given that most contracts currently put that burden squarely on the shoulders of consumers.
The fact that legislation is even required to force companies to maintain adequate cyber security systems begs the question: wouldn't companies WANT to protect their assets anyway?!
Labels:
cloud,
government,
security
May 2, 2011
What does the election in Canada and cloud computing have in common? Issues with Article 329.
Canada is a big country. Really. Big. So big, it has 6 time zones; by the time the West coast wakes up, the East coast has already had 3-4.5 hours of productive time. So big, in fact, that election results from the East coast are available before polling stations close on the West coast. And, if you Tweet, blog, or post on a wall in Facebook about results in the East before polls have closed in the West, you're breaking the law. Go figure.
In this day and age of social media and ubiquity of computing, the ability to share information is so great, that it can accelerate revolution. You know, the kind that deposes authoritarian governments? Despots aside, this technology can land you in trouble if you share election results. There is a section of the Canada Elections Act that governs "Premature Transmission":
In a sense, social media is the wild west: it is difficult to control and regulate, applicable laws are a grey area at best, and there are as many opinions are there are users. What, then, is the responsibility of the service providers such as Twitter and Facebook? Private information being what it is, and terms of use being what they are, are Twitter and Facebook, US based companies, obligated to divulge private information of users who are being investigated by Elections Canada and/or the RCMP for violations of Section 329? Can Canadian users hide behind US companies?
Assuming that the charges are specific, which they would be considering the infraction, these organizations would simply comply with a subpoena or warrant. Not to mention that your hardware would be confiscated and used to collect evidence against you. What does this mean? Your footprint is out there. Even if you delete an account, data persists in backups and can be used to build a case against you.
Obviously this was intended to keep elections fair and to avoid influencing voters in an era of television and radio broadcasts. Clearly, the Elections Act never contemplated that information could be shared in such an environment as the Internet, and particularly, in social media. Changes to the electoral procedure have reduced this discrepancy between East and West down to 1.5 hours but this gap is sufficient to be in violation of the law.
Legalities and discourse on right and wrong aside, this is a good example of a Government's right to prosecute an individual and obtain private information in an effort to enforce law. However archaic it may be.
In this day and age of social media and ubiquity of computing, the ability to share information is so great, that it can accelerate revolution. You know, the kind that deposes authoritarian governments? Despots aside, this technology can land you in trouble if you share election results. There is a section of the Canada Elections Act that governs "Premature Transmission":
"329. No person shall transmit the result or purported result of the vote in an electoral district to the public in another electoral district before the close of all of the polling stations in that other electoral district."
Assuming that the charges are specific, which they would be considering the infraction, these organizations would simply comply with a subpoena or warrant. Not to mention that your hardware would be confiscated and used to collect evidence against you. What does this mean? Your footprint is out there. Even if you delete an account, data persists in backups and can be used to build a case against you.
Obviously this was intended to keep elections fair and to avoid influencing voters in an era of television and radio broadcasts. Clearly, the Elections Act never contemplated that information could be shared in such an environment as the Internet, and particularly, in social media. Changes to the electoral procedure have reduced this discrepancy between East and West down to 1.5 hours but this gap is sufficient to be in violation of the law.
Legalities and discourse on right and wrong aside, this is a good example of a Government's right to prosecute an individual and obtain private information in an effort to enforce law. However archaic it may be.
Labels:
government,
law,
privacy,
regulation
Subscribe to:
Posts (Atom)