FTC to Explore Cloud Security, Privacy

The Federal Trade Commission will hold a privacy roundtable debate on Jan. 28 on the security implications to consumers of cloud computing, mobile computing, and social networking. The FTC wants a public debate into the issue as part of its recommendations for the Federal Communications Commission's broadband plan, expected to be released early this year.

cloudsThe Federal Trade Commission will hold a privacy roundtable debate on Jan. 28 on the security implications to consumers of cloud computing, mobile computing, and social networking. The FTC wants a public debate into the issue as part of its recommendations for the Federal Communications Commission's broadband plan, expected to be released early this year.

In a letter to the FCC by David Vladeck, director of the FTC's Bureau of Consumer Protection, Vladeck notes that "the ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers."

Broader Initiative on Privacy
He adds that the FTC is "considering cloud computing and identity management as part of a broader initiative to re-examine various models to promote consumer privacy."

The roundtable is the second in a series of three discussionsconvened by the FTC to discuss consumer-related privacy. A roundtable on Dec. 7 discussed behavioral advertising, and how well existing legal and self-regulatory regimes are working to address privacy interests. Details of the third roundtable, scheduled for March 17, are to be announced.

New Technology, New Issues
The January roundtable should be a lively debate, particularly as Google is widening its ability to gain more and more intimate knowledge of its users. Google's new Nexus One phone, announced this week, enables users to back up their settingsto Google servers. Such settings could include a user's Wi-Fi passwords, bookmarks, and downloaded apps. Users of other Google apps may already be aware that Google has the ability to retain and track their search terms, recent online transactions, events, photos and more.

Consumer fears about cloud security heightened last summer when Twitter acknowledged that a hacker had gained access to the company's data residing on a number of Google apps, including Docs, Calendar and others. Twitter co-founder Biz Stone was quick to point out in his blog post that the "attack had nothing to do with any vulnerability in Google Apps which we continue to use ... This isn't about any flaw in web apps, it speaks to the importance of following good personal security guidelines such as choosing strong passwords."

Cloud Reliability Under Scrutiny
However, the reliability of cloud computing came under the spotlight on a number of occasions last year when cloud services including Gmail, Windows Azure, and Salesforce.com all suffered high-profile outages.

Data governance is also a murky issue for cloud computing apps, particularly if a user's data is moved around the cloud provider's different servers around the world. Do consumers need to be aware of the different data privacy laws in the countries that may hold their data? According to a World Privacy Forum report "Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing" (PDF), "A user's privacy and confidentiality risks vary significantly with the terms of service and privacy established by the cloud provider."

It's time to read those terms and conditions carefully.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish