Cloud Computing and Privacy -- What's the solution?
4 views
Skip to first unread message
Michael Moran
Aug 22, 2008, 9:16:25 AM8/22/08
to cloud-c...@googlegroups.com
Yesterday on the radio, I heard an interesting piece on NPR that discussed the issue of privacy (or lack thereof) as it relates to cloud computing:
Privacy in the age of cloud computing? Is it possible?
Would anyone on this forum like to comment about their experiences with privacy (or the lack thereof) and cloud computing? Any solutions? If you were to build a cloud computing platform, how would you go about addressing the issue of privacy in general?
Best regards,
Michael Moran
Miami, FL
Chris Marino
Aug 22, 2008, 12:38:00 PM8/22/08
to cloud-c...@googlegroups.com
Not
sure how closely you've been following this group, but I think you may have
stuck a nerve w/this question......
May I
suggest that you separate the policy issues (privacy) from the technical issues
(security). Unless you make this distinction you're going to have people
talk past one another.....
CM
Wayne
Aug 22, 2008, 2:46:50 PM8/22/08
to Cloud Computing
I just got this from a fellow privacy researcher:
http://www.theregister.co.uk/2008/08/20/cloud_computing_privacy/
Basically details how the difference in where the data lies has an
impact on what the government can do in terms of access (search and
seizure), notification, and breadth of inquiry as compared to what
would have happened if the end-user was storing his data (email)
locally instead of in the cloud.
I'm currently pursuing a doctorate with my research area being privacy
in the cloud and so far the clouds are full of holes!
Specifically - if you were to rationalized the basic privacy tenants
down to seven C's of privacy (from IEEE 2005 Article: "Sociotechnical
Architecture for Online Privacy" by Dawn N. Jutla and Peter Bodorik)
which were:
Comprehension - Users should understand how personal identifiable
information (PII) is handled, who’s collecting it and for
what purpose, and who will process the PII and for what purpose. Users
are entitled to know all parties that can access their PII, the limits
to processing transparency, why the PII data is being requested, when
the data will expire (either from a collection or database), and what
happens to it after that. This category also include legal rights
around PII, and the implications of a contract when one is formed.
Consciousness - Users should be aware of when data collection occurs,
when a contract is being formed between a user and a data collector,
when their PII is set to expire, who’s collecting the data, with whom
the data will be shared, how to subsequently access the PII, and the
purposes for which the data is being collected.
Choice - Users should have choices regarding data collection
activities in terms of opting in or out, whether or not to provide
data, and how to correct their data.
Consent - Users must first consent (meaning informed, explicit,
unambiguous agreement) to data collection, use, and
storage proposals for any PII. Privacy consent mechanisms should
explicitly incorporate mechanisms of comprehension,
consciousness, limitations, and choice.
Context - Users should be able to change privacy preferences according
to context. Situational or physical context—such as crowded situations
(for example, when at a service desk where several people can listen
in on your exchange when
you provide a phone number, or when you’re in an online community chat
room)—is different from when you perform a buy transaction with
Amazon.com or in rooms with cameras (where digitization makes the
information permanent and unmistakably you) and data context (such as
the sensitivity of data, for example, health data) could dictate
different actions on the same PII in different contexts.
Confinement - Users should be able to set limits on who may access
their PII, for what purposes, and where and possibly when it may be
stored. Setting limits could provide some good opportunities for
future negotiation between vendors
and users.
Consistency - Users should anticipate with reasonable certainty what
will occur if any action involving their PII is taken. That is,
certain actions should be predictable on user access of PII or giving
out of PII.
And then look at the technical instruments that exist to protect
privacy for cloud based technology - they include web and some general
tools - though I've yet to see anything that really is end-to-end. On
the cloud side there was work done with Globus tool kit and WS-Privacy
but I believe much of the privacy elements of this got deprecated in
latest releases.
Web & Web Browser Tools:
P3P - Platform for Privacy Preferences Project is a W3C standard. This
is technology that is integrated into most browsers and some (few)
websites. The website has a browser understandable privacy policy that
browser reads and assuming settings in the browser are turned on the
browser is then able to let the user know if there is an issue related
to privacy information collection. IE only supports protections
related to Cookies at this time. Several researchers and users have
added functionality (plug-ins) to firefox to extend this
functionality.
Privacy Seals - A website owner (personal or commercial) can sign-up
(and pay) for the use of a Privacy Seal denoting that the user is
connecting to a legitimate website and that you can safely provide
private information with them. The company providing the seal
regulates the use of the seals. TRUSTe and BBBOnline are the big ones
out there today.
Pop-up Blockers - These are designed into web browsers such as IE and
Firefox and are designed to stop new browser windows from
automatically being opened that can contain inappropriate or dangerous
(spyware/adware) from being installed on your machine.
Cookie Managers - P3P is certainly one cookie mananger - but many of
the AV (anti-virus) products also provide help here.
Spyware Tools - Products such as Windows Defender fit in this
category. They usually include pop-up blockers, downloading scanners,
etc. to stop the user from unknowingly downloading spyware/adware.
Anti-phishing Tools - There are a whole range of tools to address this
now including add-ons to antivirus software and special toolbars that
you can download to your browser. Some of the toolbars use color
coding system that turn red when you are pointing at a site that is
listed as a fraudulent site and some also perform co-relation
comparisons with sites that you have visited before.
General Tools (usually inside an application):
Encryption - messages are obscured from being understood or readable
but not hidden. A common example is used in your wireless router at
home - using WEP or AES keys which garble up the information you send
so it can't be understood by an eavesdropper.
Steganography - messages hidden in pictures. Encryption doesn't hide
the fact that there is a message whereas Steganography hides the
message from being seen except by the sender and receiver.
Blind Signatures - this is a fairly technical concept that is used for
things like digital money/eBanking. One possible example is that it
allows an item to be transacted between Alice and the bank and then to
Bob without the bank knowing that Alice and Bob are the source and
targets of the transaction. Their relationship is hidden.
Biometrics - By using a fingerprint reader WITH technologies such as a
password and a PIN # privacy protections can be enhanced. Privacy
advocates are also worried about how your biometric information can be
breached and used for negative purposes also so this is one that is
still highly debated.
Psuedo-anonymous and anonymous systems - these include technologies
such as proxies, onion routers, and re-mailers. Proxies allow the user
to connect to a server that anonymizes the connection to the target
site only passing on the proxy server address and hiding the original
client address. Onion routers are similar in that a message is sent to
other proxies along a path that is random so that source and target
are untraceable. Re-mailers are used by marketing companies (good and
bad) to send out emails where the source site is not included in the
message.
EPAL - Enterprise Privacy Authorization Language is a language that
allows a system developer allow a user a very fine grained
authorization at the data element level. For example if an application
contained your name, address, and social security number code could be
written in EPAL to only show name and address to specific authorized
users. EPAL is not approved as a standard (though submitted) and is
considered a subset of the XACML standard.
XACML - eXtensible Access Control Markup Language is a more
comprehensive and ISO standard for privacy protections
Message Filtering - This can apply to several things but the most
common one is having an email client filter specific messages or on an
email server filter out messages from getting to you from known
spammers. This is generally based on message content, message title,
domain/IP address source, or lack of appropriate destination. It is
also possible to implement message filter privacy controls in what is
called "privacy agent" technology which will be addressed in a future
blog.
In summary - these are all Privacy Enhancing Technologies that are
employed in various degrees today with varying success rates. There
are several missing elements in terms of implementation - one of which
is a standardization of methods employed so that you as the user know
what your privacy expectations should be and how you are being handled
in any given interaction with an Cloud based resource. On a positive
note - convergence is affecting web browsers in terms having more
types of PET enhancements being included with a standard browser that
were once separate add-ons. It still up to you to review what the
settings are set to, set them to flag you when an issue is found, and
pay attention (don't click through) when they tell you about a
problem.
-w
http://www.theregister.co.uk/2008/08/20/cloud_computing_privacy/
Basically details how the difference in where the data lies has an
impact on what the government can do in terms of access (search and
seizure), notification, and breadth of inquiry as compared to what
would have happened if the end-user was storing his data (email)
locally instead of in the cloud.
I'm currently pursuing a doctorate with my research area being privacy
in the cloud and so far the clouds are full of holes!
Specifically - if you were to rationalized the basic privacy tenants
down to seven C's of privacy (from IEEE 2005 Article: "Sociotechnical
Architecture for Online Privacy" by Dawn N. Jutla and Peter Bodorik)
which were:
Comprehension - Users should understand how personal identifiable
information (PII) is handled, who’s collecting it and for
what purpose, and who will process the PII and for what purpose. Users
are entitled to know all parties that can access their PII, the limits
to processing transparency, why the PII data is being requested, when
the data will expire (either from a collection or database), and what
happens to it after that. This category also include legal rights
around PII, and the implications of a contract when one is formed.
Consciousness - Users should be aware of when data collection occurs,
when a contract is being formed between a user and a data collector,
when their PII is set to expire, who’s collecting the data, with whom
the data will be shared, how to subsequently access the PII, and the
purposes for which the data is being collected.
Choice - Users should have choices regarding data collection
activities in terms of opting in or out, whether or not to provide
data, and how to correct their data.
Consent - Users must first consent (meaning informed, explicit,
unambiguous agreement) to data collection, use, and
storage proposals for any PII. Privacy consent mechanisms should
explicitly incorporate mechanisms of comprehension,
consciousness, limitations, and choice.
Context - Users should be able to change privacy preferences according
to context. Situational or physical context—such as crowded situations
(for example, when at a service desk where several people can listen
in on your exchange when
you provide a phone number, or when you’re in an online community chat
room)—is different from when you perform a buy transaction with
Amazon.com or in rooms with cameras (where digitization makes the
information permanent and unmistakably you) and data context (such as
the sensitivity of data, for example, health data) could dictate
different actions on the same PII in different contexts.
Confinement - Users should be able to set limits on who may access
their PII, for what purposes, and where and possibly when it may be
stored. Setting limits could provide some good opportunities for
future negotiation between vendors
and users.
Consistency - Users should anticipate with reasonable certainty what
will occur if any action involving their PII is taken. That is,
certain actions should be predictable on user access of PII or giving
out of PII.
And then look at the technical instruments that exist to protect
privacy for cloud based technology - they include web and some general
tools - though I've yet to see anything that really is end-to-end. On
the cloud side there was work done with Globus tool kit and WS-Privacy
but I believe much of the privacy elements of this got deprecated in
latest releases.
Web & Web Browser Tools:
P3P - Platform for Privacy Preferences Project is a W3C standard. This
is technology that is integrated into most browsers and some (few)
websites. The website has a browser understandable privacy policy that
browser reads and assuming settings in the browser are turned on the
browser is then able to let the user know if there is an issue related
to privacy information collection. IE only supports protections
related to Cookies at this time. Several researchers and users have
added functionality (plug-ins) to firefox to extend this
functionality.
Privacy Seals - A website owner (personal or commercial) can sign-up
(and pay) for the use of a Privacy Seal denoting that the user is
connecting to a legitimate website and that you can safely provide
private information with them. The company providing the seal
regulates the use of the seals. TRUSTe and BBBOnline are the big ones
out there today.
Pop-up Blockers - These are designed into web browsers such as IE and
Firefox and are designed to stop new browser windows from
automatically being opened that can contain inappropriate or dangerous
(spyware/adware) from being installed on your machine.
Cookie Managers - P3P is certainly one cookie mananger - but many of
the AV (anti-virus) products also provide help here.
Spyware Tools - Products such as Windows Defender fit in this
category. They usually include pop-up blockers, downloading scanners,
etc. to stop the user from unknowingly downloading spyware/adware.
Anti-phishing Tools - There are a whole range of tools to address this
now including add-ons to antivirus software and special toolbars that
you can download to your browser. Some of the toolbars use color
coding system that turn red when you are pointing at a site that is
listed as a fraudulent site and some also perform co-relation
comparisons with sites that you have visited before.
General Tools (usually inside an application):
Encryption - messages are obscured from being understood or readable
but not hidden. A common example is used in your wireless router at
home - using WEP or AES keys which garble up the information you send
so it can't be understood by an eavesdropper.
Steganography - messages hidden in pictures. Encryption doesn't hide
the fact that there is a message whereas Steganography hides the
message from being seen except by the sender and receiver.
Blind Signatures - this is a fairly technical concept that is used for
things like digital money/eBanking. One possible example is that it
allows an item to be transacted between Alice and the bank and then to
Bob without the bank knowing that Alice and Bob are the source and
targets of the transaction. Their relationship is hidden.
Biometrics - By using a fingerprint reader WITH technologies such as a
password and a PIN # privacy protections can be enhanced. Privacy
advocates are also worried about how your biometric information can be
breached and used for negative purposes also so this is one that is
still highly debated.
Psuedo-anonymous and anonymous systems - these include technologies
such as proxies, onion routers, and re-mailers. Proxies allow the user
to connect to a server that anonymizes the connection to the target
site only passing on the proxy server address and hiding the original
client address. Onion routers are similar in that a message is sent to
other proxies along a path that is random so that source and target
are untraceable. Re-mailers are used by marketing companies (good and
bad) to send out emails where the source site is not included in the
message.
EPAL - Enterprise Privacy Authorization Language is a language that
allows a system developer allow a user a very fine grained
authorization at the data element level. For example if an application
contained your name, address, and social security number code could be
written in EPAL to only show name and address to specific authorized
users. EPAL is not approved as a standard (though submitted) and is
considered a subset of the XACML standard.
XACML - eXtensible Access Control Markup Language is a more
comprehensive and ISO standard for privacy protections
Message Filtering - This can apply to several things but the most
common one is having an email client filter specific messages or on an
email server filter out messages from getting to you from known
spammers. This is generally based on message content, message title,
domain/IP address source, or lack of appropriate destination. It is
also possible to implement message filter privacy controls in what is
called "privacy agent" technology which will be addressed in a future
blog.
In summary - these are all Privacy Enhancing Technologies that are
employed in various degrees today with varying success rates. There
are several missing elements in terms of implementation - one of which
is a standardization of methods employed so that you as the user know
what your privacy expectations should be and how you are being handled
in any given interaction with an Cloud based resource. On a positive
note - convergence is affecting web browsers in terms having more
types of PET enhancements being included with a standard browser that
were once separate add-ons. It still up to you to review what the
settings are set to, set them to flag you when an issue is found, and
pay attention (don't click through) when they tell you about a
problem.
-w
Chris Marino
Aug 23, 2008, 10:17:05 AM8/23/08
to cloud-c...@googlegroups.com
I tried to get though this whole post. I really did. Kinda lost me at
WS-privacy....
WS-privacy....
My point is not that this isn't important, but that it's f'n
complicated. This is daunting challenge simply because in almost every
case convenience trumps privacy. We hand our credit card to strangers
all the time. Is there a technical solution to address the hazard here?
Sure there is, but I don't think many of use would endure the hassle
that comes along with it.
And it's only getting worse. Its mind boggling to me that: a) services
today routinely ask for passwords to other services so they can access
info and b) people actually provide it!
CM
>according to context. Situational or physical context-such as
>crowded situations (for example, when at a service desk where
>several people can listen in on your exchange when you provide
>a phone number, or when you're in an online community chat
>room)-is different from when you perform a buy transaction
Jeremy Sawyer
Aug 23, 2008, 11:07:14 AM8/23/08
to cloud-c...@googlegroups.com
In my opinion, privacy and security play a bigger role in Cloud Computing. You are transmitting your confidential data and over public Internet (most insecure network) on to someone else property. Suppose you account gets hijacked, you have access to all documents and etc online. The hijacker deletes are you important data, or and it takes. What you going to do? How are going to call? You be out of luck.
1. There are more and more adware, malware, trojans, virus coming out each day. A lot of them written to hijack web browsers, redirect your browsing, logs your key strokes, track where you go, and etc. It's only a matter of time before someone writes something specifically for cloud computing like Google Apps.
2. From what I seen, most Cloud Computing apps don't even use HTTPS/SSL and usual only one authentication mechanism, some time with SSO which opens another can of worms for internal security. What is this treated so lightly? This should be just as secure as online banking, multiple layers security. Your looking at confidential data, not only yours, but now for entire company.
Final note, it's not necessary the cloud you have worry about. It's how your data reaches it.
Jeremy
Matt Lynch
Aug 24, 2008, 12:31:07 AM8/24/08
to cloud-c...@googlegroups.com
It seems odd to me that people interpret ‘Cloud computing’ as a reason to throw away what we know about application architecture. If you take the standard enterprise n-tier architecture and drop it in a cloud, it should not be prone to the security issues listed below if you have followed best practices.
For those of you who are building a .Net application for a cloud, these issues are relatively easy to solve. Ie. Use WCF to secure your web service channels, SSL on the browser if required, etc.
sa...@samj.net
Aug 24, 2008, 3:28:52 AM8/24/08
to cloud-c...@googlegroups.com
Marking data for deletion and sitting tight for a few days is a good
way to handle this threat, and making /all/ account data available at
a URL for regular backup or separating apps from data would help this
and lockin too. Ever wondered why google apps takes 5 days or so to
relinquish usernames for reuse? I wouldn't say the reason is technical
but I'm not sure 5 days is the right time; this could be a 'best
practice' we could advise on.
Similarly, salesforce require you to open your account up for
assistance from within the account, before which time support
personnel presumably don't have access to it. This sounds like a
sensible best practice too... and there are no doubt others.
Sam
way to handle this threat, and making /all/ account data available at
a URL for regular backup or separating apps from data would help this
and lockin too. Ever wondered why google apps takes 5 days or so to
relinquish usernames for reuse? I wouldn't say the reason is technical
but I'm not sure 5 days is the right time; this could be a 'best
practice' we could advise on.
Similarly, salesforce require you to open your account up for
assistance from within the account, before which time support
personnel presumably don't have access to it. This sounds like a
sensible best practice too... and there are no doubt others.
Sam
jamesurquhart
Aug 24, 2008, 7:09:48 PM8/24/08
to Cloud Computing
If you are concerned about security and privacy, this ought to scare
the bejeezus out of you:
http://www.theregister.co.uk/2008/08/20/cloud_computing_privacy/
The courts are moving to declare that any information provided to a
third party in order to utilize web-based services is implicitly
supplied with the expectation that the information will be consumed by
the service, thus is can no longer be expected to remain private. The
case(s) pushing this concept are largely against individuals, but the
way the courts are writing these decisions, I believe it can quickly
be mapped to enterprises as well.
It is almost time for the legislative branch to get involved in cloud
computing...
James
On Aug 23, 8:07 am, "Jeremy Sawyer" <jeremy.d.saw...@gmail.com> wrote:
> In my opinion, privacy and security play a bigger role in Cloud Computing.
> You are transmitting your confidential data and over public Internet (most
> insecure network) on to someone else property. Suppose you account gets
> hijacked, you have access to all documents and etc online. The hijacker
> deletes are you important data, or and it takes. What you going to do? How
> are going to call? You be out of luck.
>
> 1. There are more and more adware, malware, trojans, virus coming out each
> day. A lot of them written to hijack web browsers, redirect your browsing,
> logs your key strokes, track where you go, and etc. It's only a matter of
> time before someone writes something specifically for cloud computing like
> Google Apps.
>
> 2. From what I seen, most Cloud Computing apps don't even use HTTPS/SSL and
> usual only one authentication mechanism, some time with SSO which opens
> another can of worms for internal security. What is this treated so lightly?
> This should be just as secure as online banking, multiple layers security.
> Your looking at confidential data, not only yours, but now for entire
> company.
>
> Final note, it's not necessary the cloud you have worry about. It's how your
> data reaches it.
>
> Jeremy
>
> ...
>
> read more »
the bejeezus out of you:
http://www.theregister.co.uk/2008/08/20/cloud_computing_privacy/
The courts are moving to declare that any information provided to a
third party in order to utilize web-based services is implicitly
supplied with the expectation that the information will be consumed by
the service, thus is can no longer be expected to remain private. The
case(s) pushing this concept are largely against individuals, but the
way the courts are writing these decisions, I believe it can quickly
be mapped to enterprises as well.
It is almost time for the legislative branch to get involved in cloud
computing...
James
On Aug 23, 8:07 am, "Jeremy Sawyer" <jeremy.d.saw...@gmail.com> wrote:
> In my opinion, privacy and security play a bigger role in Cloud Computing.
> You are transmitting your confidential data and over public Internet (most
> insecure network) on to someone else property. Suppose you account gets
> hijacked, you have access to all documents and etc online. The hijacker
> deletes are you important data, or and it takes. What you going to do? How
> are going to call? You be out of luck.
>
> 1. There are more and more adware, malware, trojans, virus coming out each
> day. A lot of them written to hijack web browsers, redirect your browsing,
> logs your key strokes, track where you go, and etc. It's only a matter of
> time before someone writes something specifically for cloud computing like
> Google Apps.
>
> 2. From what I seen, most Cloud Computing apps don't even use HTTPS/SSL and
> usual only one authentication mechanism, some time with SSO which opens
> another can of worms for internal security. What is this treated so lightly?
> This should be just as secure as online banking, multiple layers security.
> Your looking at confidential data, not only yours, but now for entire
> company.
>
> Final note, it's not necessary the cloud you have worry about. It's how your
> data reaches it.
>
> Jeremy
>
>
> read more »
Wayne
Aug 27, 2008, 12:28:06 PM8/27/08
to Cloud Computing
This article just came out about adoption of Google offers in the
enterprise:
http://money.cnn.com/2008/08/19/technology/google_apps.fortune/index.htm?postversion=2008082707
Interesting comments on the pro/con side regarding the use of google
apps:
>Even so, eight IT directors interviewed for this story say they're reluctant to switch to Google Apps. They cite a number of reasons common to all "cloud computing" providers, including concerns about reliability and the risks of storing employee records or trade secrets on another company's servers.<
Perceived or not - this issue isn't going to just go away on its own
enterprise:
http://money.cnn.com/2008/08/19/technology/google_apps.fortune/index.htm?postversion=2008082707
Interesting comments on the pro/con side regarding the use of google
apps:
>Even so, eight IT directors interviewed for this story say they're reluctant to switch to Google Apps. They cite a number of reasons common to all "cloud computing" providers, including concerns about reliability and the risks of storing employee records or trade secrets on another company's servers.<
Perceived or not - this issue isn't going to just go away on its own
Reply all
Reply to author
Forward
0 new messages