smart usage of cloud services 2
TRANSCRIPT
SMART USAGE OF CLOUD SERVICES II
Christoph Hechenblaikner
REVIEW
REVIEW
• Cloud Computing
• CC-Forecast
• Evolution of CC
• CC-Models
Christoph Hechenblaikner
XAAS
Christoph Hechenblaikner
End User
Developer
System Engineers Developers
user
valu
e
SaaS
PaaS
IaaS
REVIEW
• Cloud storage today:
• Service-structure
• Business models
• Problems
Christoph Hechenblaikner
REVIEW
• Security / Privacy
• Management systems
• Smart Systems
• myCloud
Christoph Hechenblaikner
SMART USAGE OF CLOUD SERVICES
• Last time:
• Smart system to use cloud services
• Today:
• Smart selection of cloud services (business)
• Legal issues / privacy issues
Christoph Hechenblaikner
TERMS OF SERVICE
OBJECTIVES
• Give an overview / idea
• Point out major differences / similarities
• Provide examples
• Illustrate impact on myCloud
Christoph Hechenblaikner
DATA OWNERSHIP
Christoph Hechenblaikner
Usage Rights
Responsibility
[2] Van Alstyne, M., Brynjolfsson, E., & Madnick, S. (1995). Why not one big database? Principles for data ownership. Decision Support Systems, 15(4), 267–284. doi:http://dx.doi.org/10.1016/0167-9236(94)00042-4
+
Assign rights
[1] http://www.niu.edu/rcrportal/datamanagement/dotopic.html
DROPBOX - TOS
• DB does not own files
• Use data according to privacy regulations
• Exception: files not owned by user
• Deletion of files is possible (DB)
Christoph Hechenblaikner
[3] http://www.digitaltrends.com/web/terms-conditions-dropbox-terms-and-privacy-policy/
[4] https://www.dropbox.com/privacy#terms
DROPBOX - TOS
• Files deleted (not retained) on account / file deletion
• Account can be deleted without reasons
• Warnings are issued to the user !
Christoph Hechenblaikner
[3] http://www.digitaltrends.com/web/terms-conditions-dropbox-terms-and-privacy-policy/
[4] https://www.dropbox.com/privacy#terms
DROPBOX - TOS• Users must not
• Hack DB or use DB to hack other sites
• Distribute Spam / Viruses
• Host illegal / misleading / deceptive content
• Use bonus programs or additional mail-addresses to increase space
Christoph Hechenblaikner
[3] http://www.digitaltrends.com/web/terms-conditions-dropbox-terms-and-privacy-policy/
[4] https://www.dropbox.com/privacy#terms
DROPBOX - PRIVACY!Name Credit card number (if you pay for service) Billing address (if you pay for service) Email address of anyone with whom you share a Dropbox folder Email address of anyone you refer to Dropbox IP address
Browser type Website visited prior to arriving on Dropbox.com Location data Mobile device type (if applicable) Wireless carrier information (if applicable) Date and time of transactions All files you upload or download from Dropbox
Christoph Hechenblaikner[4] https://www.dropbox.com/privacy#terms
[3] http://www.digitaltrends.com/web/terms-conditions-dropbox-terms-and-privacy-policy/
DROPBOX - PRIVACY
• Use of data:
• Analytics (GoogleAnalytics)
• Offers (DB and partners)
• Running service (!) / not assigning rights
Christoph Hechenblaikner
[3] http://www.digitaltrends.com/web/terms-conditions-dropbox-terms-and-privacy-policy/
[4] https://www.dropbox.com/privacy#terms
GOOGLE DRIVE - TOS
Christoph Hechenblaikner
• “Unified terms of service and privacy”
• Google does not own files
• Rights needed to run service
• Keep rights after account / data deletion
[6] http://news.cnet.com/8301-1023_3-57421406-93/google-drive-terms-of-service-a-toxic-brew/
[5] https://www.google.com/intl/en/policies/terms/
[7] http://www.theverge.com/2012/4/25/2973849/google-drive-terms-privacy-data-skydrive-dropbox-icloud
GOOGLE DRIVE - TOS
Christoph Hechenblaikner
• Rights needed to run service:
• use
• host
• store
• reproduce
• modify
• create derivative works
• communicate
• publish
• publicly perform
• publicly display and distribute
• Operating / Promoting / Improving / Development
[6] http://news.cnet.com/8301-1023_3-57421406-93/google-drive-terms-of-service-a-toxic-brew/
[5] https://www.google.com/intl/en/policies/terms/
[7] http://www.theverge.com/2012/4/25/2973849/google-drive-terms-privacy-data-skydrive-dropbox-icloud
GOOGLE DRIVE - TOS
Christoph Hechenblaikner
• Users must not
• Access the service via anything not the interface
• Use service against law
• Google might suspend users
• not comply to TOS
• investigating suspected misconduct
[6] http://news.cnet.com/8301-1023_3-57421406-93/google-drive-terms-of-service-a-toxic-brew/
[5] https://www.google.com/intl/en/policies/terms/
[7] http://www.theverge.com/2012/4/25/2973849/google-drive-terms-privacy-data-skydrive-dropbox-icloud
SKYDRIVE - TOC
Christoph Hechenblaikner
• “Microsoft service agreement”
• Microsoft does not own files
• “[...] Your content remains your content, and you are responsible for it. We do not control, verify, pay for, or endorse the content that you and others make available on the services. [...]” [8]
• Rights needed to protect (MS and you) and run the service
[8] http://windows.microsoft.com/en-us/windows-live/microsoft-services-agreement
SKYDRIVE - TOC
Christoph Hechenblaikner[8] http://windows.microsoft.com/en-us/windows-live/microsoft-services-agreement
• Rights needed to protect (MS and you) and run the service
• use
• modify
• adapt
• save
• reproduce
• distribute
• display
• Interpretation of protection is crucial
SKYDRIVE - TOC
Christoph Hechenblaikner[9] http://windows.microsoft.com/en-US/windows-live/code-of-conduct
• Users must not upload content in a way that• depicts nudity of any sort including full
or partial human nudity or nudity in non-human forms such as cartoons, fantasy art or manga.
• incites, advocates, or expresses pornography, obscenity, vulgarity, profanity, hatred, bigotry, racism, or gratuitous violence.
• misrepresents the source of anything you post or upload, including impersonation of another individual or entity.
• provides or creates links to external sites that violate this Code of Conduct.
• includes content that is protected by intellectual property laws, rights of privacy or publicity, or any other applicable law unless you own or control the rights thereto or have received all necessary consents.
• is intended to harm or exploit minors in any way.
• is designed to solicit, or collect personally identifiable information of any minor (anyone under 18 years old), including, but not limited to: name, email address, home address, phone number, or the name of their school.
• invades anyone's privacy by attempting to harvest, collect, store, or publish private or personally identifiable information, such as passwords, account information, credit card numbers, addresses, or other contact information without their knowledge and willing consent.
• is illegal or violates any applicable local and national laws; including but not limited to child pornography, bestiality, incest, illegal drugs, software piracy, and harassment.
• threatens, stalks, defames, defrauds, degrades, victimizes or intimidates an individual or group of individuals for any reason; including on the basis of age, gender, disability, ethnicity, sexual orientation, race or religion; or incites or encourages anyone else to do so.
• invades anyone's privacy by attempting to harvest, collect, store, or publish private or personally identifiable information, such as passwords, account information, credit card numbers, addresses, or other contact information without their knowledge and willing consent.
!
• is illegal or violates any applicable local and national laws; including but not limited to child pornography, bestiality, incest, illegal drugs, software piracy, and harassment.
• threatens, stalks, defames, defrauds, degrades, victimizes or intimidates an individual or group of individuals for any reason; including on the basis of age, gender, disability, ethnicity, sexual orientation, race or religion; or incites or encourages anyone else to do so.
• harms or disrupts, or intends to harm or disrupt, another user's computer or would allow you or others to illegally access software or bypass security on Web sites, or servers, including but not limited to spamming.
• attempts to impersonate a Microsoft employee, agent, manager, host, administrator, moderator, another user or any other person through any means.
• promotes or otherwise facilitates the purchase and sale of ammunition or firearms.
• contains or could be considered 'junk mail', 'spam', 'chain letters', 'pyramid schemes', 'affiliate marketing' or unsolicited commercial advertisement.
• mischaracterizes content you post or upload or contains the same or similar content to other content you have already posted.
• attempts to manipulate the services, including ranking and reputation systems in the services, by violating any of the provisions of this Code of Conduct, colluding with others on voting or using multiple profiles.
• offers to make international money transfers for amounts exceeding the asking price of an item, with intent to request a refund of any portion of the payment.
• contains advertising for money making schemes, discount cards, credit counseling, online surveys or online contests.
SKYDRIVE - TOC
Christoph Hechenblaikner[9] http://windows.microsoft.com/en-US/windows-live/code-of-conduct
• Users must not upload content in a way that• is illegal or violates any applicable
local and national laws; including but not limited to child pornography, bestiality, incest, illegal drugs, software piracy, and harassment.
• threatens, stalks, defames, defrauds, degrades, victimizes or intimidates an individual or group of individuals for any reason; including on the basis of age, gender, disability, ethnicity, sexual orientation, race or religion; or incites or encourages anyone else to do so.
• harms or disrupts, or intends to harm or disrupt, another user's computer or would allow you or others to illegally access software or bypass security on Web sites, or
servers, including but not limited to spamming.
• attempts to impersonate a Microsoft employee, agent, manager, host, administrator, moderator, another user or any other person through any means.
• promotes or otherwise facilitates the purchase and sale of ammunition or firearms.
• contains or could be considered 'junk mail', 'spam', 'chain letters', 'pyramid schemes', 'affiliate marketing' or unsolicited commercial advertisement.
• mischaracterizes content you post or upload or contains the same or
similar content to other content you have already posted.
• attempts to manipulate the services, including ranking and reputation systems in the services, by violating any of the provisions of this Code of Conduct, colluding with others on voting or using multiple profiles.
• offers to make international money transfers for amounts exceeding the asking price of an item, with intent to request a refund of any portion of the payment.
• contains advertising for money making schemes, discount cards, credit counseling, online surveys or online contests.
SKYDRIVE - TOC
Christoph Hechenblaikner[9] http://windows.microsoft.com/en-US/windows-live/code-of-conduct
“[...] Microsoft reserves the right, at its sole discretion, and without any obligation to do so, to review and remove user-created services and content at will and without notice, and delete content and accounts. Microsoft reserves the right, at its sole discretion, to ban participants or terminate access to services. [...]”[9]
SKYDRIVE - TOC
Christoph Hechenblaikner[9] http://windows.microsoft.com/en-US/windows-live/code-of-conduct
• Problem with protection and CoC
• Microsoft extensively scans and removes stored files / suspends accounts
• Scan expands to private folders
• Examples
• http://wmpoweruser.com/watch-what-you-store-on-skydriveyou-may-lose-your-microsoft-life/
• http://www.forbes.com/sites/kellyclay/2012/07/19/is-microsoft-spying-on-skydrive-users/
IMPACT ON MYCLOUD
Christoph Hechenblaikner
• Not much
• Uses defined interfaces / APIs
• Limitations of vendors only relate to content / access
• Issue with multiple DB accounts
THE PATRIOT ACT
THE PATRIOT ACT
• USA Patriot Act
• Uniting and Strengthening America by Providing appropriate tools required to intercept and obstruct terrorism
Christoph Hechenblaikner
THE PATRIOT ACT
Christoph Hechenblaikner
• 26th October 2001(George W. Bush)
• In response to 09/11
• Intended to support US agencies in their fight against terrorism
• Several laws and regulations are restricted or replaced in case of application
THE PATRIOT ACT
Christoph Hechenblaikner
• House search without knowledge of home owner
• Terrorist organization determined by agencies
• Foreigners can be deported for being a member of a terrorist organization
[10] http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/html/PLAW-107publ56.htm
[11] http://archives.cnn.com/2002/LAW/08/23/patriot.act.explainer/
THE PATRIOT ACT
Christoph Hechenblaikner
!
• FBI has access to bank accounts
• CIA is allowed to investigate on homeland
• Citizen surveillance without judicial decision and without knowledge / notification of users
[10] http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/html/PLAW-107publ56.htm
[11] http://archives.cnn.com/2002/LAW/08/23/patriot.act.explainer/
THE PATRIOT ACT
Christoph Hechenblaikner
!
• FBI has access to bank accounts
• CIA is allowed to investigate on homeland
• Citizen surveillance without judicial decision and without knowledge / notification of users
[10] http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/html/PLAW-107publ56.htm
[11] http://archives.cnn.com/2002/LAW/08/23/patriot.act.explainer/
THE PATRIOT ACT
Christoph Hechenblaikner
• Application
• Companies with headquarters in the US (and their sub companies abroad)
• US sub-companies of other firms
• Without any notification to the user
[10] http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/html/PLAW-107publ56.htm
[11] http://archives.cnn.com/2002/LAW/08/23/patriot.act.explainer/
THE PATRIOT ACT
Christoph Hechenblaikner
• Impact on business
• Avoid storing files in USA
• Avoid using US-services
• Impact on private users
• Encryption becomes important
THE PATRIOT ACT
Christoph Hechenblaikner
• Is PRISM directly related to the patriot act?
• No
• Permanent application of patriot act would not have been justifiable
http://nedmartin.org/v3/amused/my-hard-drive-crashed-nsa-wont-send-me-their-backuphttp://de.webfail.com/ff61443e138
THANK YOU!