The @WholeChainCom™ Blog

The following video is provided by UChannel, a collection of public affairs lectures, panels and events from academic institutions all over the world. This video was taken at a conference held at Princeton University's Center for Information Technology Policy on January 14, 2008. The conference was sponsored by Microsoft.

What you will see is a panel and discussion format moderated by Ed Felten, Director of the CITP. The panel members are:

1. Joel Reidenberg, Professor of Law, Fordham University
2. Timothy B. Lee, blogger at Technology Liberation Front and adjunct scholar, Cato Institute
   
3. Marc Rotenberg, Executive Director, Electronic Privacy Information Center
   

Here is a paragraph descriptive of the questions addressed by the panel. 

"In cloud computing, a provider's data center holds information that would more traditionally have been stored on the end user's computer. How does this impact user privacy? To what extent do users "own" this data, and what obligations do the service providers have? What obligations should they have? Does moving the data to the provider's data center improve security or endanger it?"

The video, entitled "Computing in the Cloud: Possession and ownership of data", is useful and timely. And the panel is well constructed.

Tim Lee, who readily states that he is not a lawyer, very much serves as an apologist for the online companies who believe that "total, one-hundred percent online privacy would mean ... that there wouldn't be any online [sharing] services at all" (Video Time ~ 2:07).

The online services Lee briefly touches upon by way of example are the ubiquitous use of Web cookies for collecting a wide variety of information about usage of the Internet by online users (~5:30), Google's Gmail which employs a business model of examining contents of users' e-mail and tailoring advertising presented to users (~8:05), Facebook's News Feed service which permits users to keep track of changes to their 'friends' accounts, and Facebook's Beacon service which sends data from external websites to Facebook accounts for the purpose of allowing targeted advertisements (~10:54).

Joel Reidenberg, a professor of law, believes that the distinction between government and the private sector loses its meaning when we think of computing in the cloud (~ 15:10), but that the prospect of cloud computing also reinforces the need for fair information practice standards (~16:00). He is of the opinion that as computing moves into the cloud it will be easier to regulate centralized gate-keepers by law and/or by technical standards (~23:50).

• This is my first 'take away' from this video clip in that Professor Reidenberg reinforces the need for centralized standard setting bodies as I concluded in Portability, Traceability and Data Ownership - Part IV.
  

Marc Rotenberg, also a law professor, emphasizes that without user anonymity, and without transparency provided by the online companies, there will be no privacy for users in the cloud (~29:47 - 37:20). And in doing so Rotenberg challenges Tim Lee for his statement that there cannot be complete user privacy for online companies to provide the services they provide (~33.30). This actually makes for the most interesting exchanges of the video from the 38:00 minute mark to the 44:00 minute mark. 

There is also an interesting dialogue regarding the application of the Fourth Amendment. One of the conference attendees asked the panel why there had been no mention of the Fourth Amendment in any of their presentations. Here is the response from Reidenberg at the 53:30 mark:

"Cloud computing is threatening the vitality of the Fourth Amendment ... [because] the more we see centralization of data [by private, online companies], and the more that data is used for secondary purposes, the easier it is for the government to gain access outside the kind of restraints we put on states in the Fourth Amendment."

In other words, why should the government worry about overcoming Fourth Amendment hurdles about confiscating a person's data when it can sit back and relatively easily purchase or otherwise obtain the same personal data from the big online companies? And do so even in real-time? Why, indeed.

For me, the second 'take away' from this video is found in another cogent comment by Professor Reidenberg at the 88:53 mark:

"The [online] company that ... figures out ways of ... building into [its] compliance systems ... [privacy] compliance mechanisms ... will be putting itself at a tremendous competitive advantage for attracting the services to operate in [the cloud computing environment]."

The technological data ownership discussed and described in Portability, Traceability and Data Ownership - Part IV, supra, is a privacy compliance mechanism.

For those who are interested in the legalities and government policies revolving around burgeoning data ownership issues related to software as a service, the Semantic Web and Cloud Computing, and who are motivated to sit through a 90 minute presentation, here is the video clip ....

Update on Thursday, June 5, 2008 at 12:09PM by Steve Holcombe

In the United States, and notwithstanding the impotency of the Fourth Amendment protections against government search and seizure, it is an irony that the growing centralization of the Cloud may well render it more amenable to government regulation and lawsuit liability.

"Cloud computing opens doors for privacy enhancements [driven by regulation]. It's easier to target for regulation by law or by technical configuration [the] gatekeepers. So to the extent there is a central management, they're easier to find, they're easier to regulate, and they're easier to hold liable than distributed systems."

Quoting Reidenberg at the 23:50m mark.