Posts Tagged ‘mike nelson’
IGF-USA 2012 Workshop: Next Challenge – How to Handle Big Data in the Cloud
Brief session description:
Thursday, July 26, 2012 – The dramatic reduction in the cost of computing and storage made possible by cloud computing services, the spread of easy-to-use, open-source analytic tools, and the growing availability of massive data services from governments and the private sector (e.g. Google Maps) have enabled thousands of start-ups, hackers and others to create exciting new tools for business, entertainment, government and other sectors. Government policies can help or hinder development of new databases and Big Data apps. Issues covered in this session included: 1) open government data policy; 2) Intellectual Property Rights protection; 3) IT research; 4) technology test beds; 5) education; 6) law enforcement access; and 7) privacy regulations.
Details of the session:
The moderator for the session was Mike Nelson, a professor at Georgetown University and research associate at CSC Leading Edge Forum. Panelists included:
- Jeff Brueggeman, vice president of public policy for AT&T
- Paul Mitchell, senior director and general manager, Microsoft TV Division
- Lillie Coney, associate director, Electronic Privacy Information Center
- Jules Polonetsky, director and co-chair, Future of Privacy Forum
- John Morris, director of Internet policy, NTIA/US Department of Commerce
- Katherine Race Brin, attorney, bureau of consumer protection, Federal Trade Commission
Mike Nelson, an Internet policy expert from Georgetown University, shared some reassuring remarks as he introduced a panel session that concentrated upon the complexities of managing what has become known as “Big Data.”
“These issues are not new,” he said. “We’ve been dealing with them for 20 or 30 years, but they are a lot more important now.”
Nelson explained in a workshop at IGF-USA Thursday at Georgetown Law Center that it’s not just about data that are big. It’s about data that are changing so quickly and need innovative tools of management.
He introduced the following questions:
Polonetsky and Brueggeman exchange stories a workshop about the Clould at IGF-USA in Washington, D.C. on July 26, 2012.
- How will privacy concerns impact the development of large databases (or will they have any significant impact)?
- What are the liability issues of Big Data in the cloud?
- How do we deal with the shortage of data experts?
- How do we handle issues concerning control and access to data?
Jeff Brueggeman, a global public policy executive with AT&T and a longtime participant in Internet governance discussion in many fora, began the conversation by addressing a few of these issues.
First, he noted the importance of working with businesses as well as policymakers to come up with tools to manage the data. He also addressed the significance of maintaining security in cloud data.
“The more data that’s being collected and retained, the more that data could be used as a target,” Brueggeman said.
Brueggeman introduced some issues for the other panelists to contest, inquiring about best practices for dealing with data sets, types of controls over what users should expect, what uses of data are legitimate without that control and international components.
Jules Polonetsky of the Future of Privacy Forum followed with a look at the long-term perspective, offering some insight about the impacts of cloud technology.
“I’ve always had a hard time getting my head around clouds,” Polonetsky said. “But the best we can do is make sure we’re a bit of a gatekeeper.”
He argued that a formalized procedure should be established for the release of private information to law enforcement officials and others seeking information. But he also elaborated on the risks of such technology, which he illustrated by telling a story about his friend, a rabbi, who watched a racy video, unaware that Facebook would automatically share the link on his Facebook page, proving how easy it is to inadvertently share online activity with the greater digital community.
Polonetsky champions the benefits of data use, but he also urges people to consider the implications of such sharing and storing of data. He said he believes there should be a debate in which people weigh the risks and benefits.
Katherine Race Brin speaks about the Clould at IGF-USA in Washington, D.C. on July 26, 2012.
Katherine Race Brin continued the conversation, citing some of her experiences dealing with these issues in her job with the Federal Trade Commission.
She said the FTC has studied the implications of cloud computing for a number of years and has also considered how, or if, a cloud is different than any other uses of data transfer in regard to privacy.
She said her work at the FTC has led her to believe that the companies that are storing data in the cloud are often in the best position to assess the risks of that data sharing.
“We’ve always said, in relation to personal data, the businesses remain accountable for the personal data of their customers,” Brin said.
She said that while the FTC holds businesses responsible, it also provides a framework to ensure consumer privacy.
Brin explained the three key aspects of this framework:
- Privacy by design – Companies should build in privacy protection at every stage from the product development to the product implementation phases. This includes reasonable security for consumer data, limited collection and retention of such data and resonable procedures to promote data accuracy.
- Simplified consumer choice – Companies should give consumers the option to decide what information is shared about them and with whom. This should include a “do-not-track” mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
- Transparency – Companies should disclose details about their collection and use of consumers’ information and provide consumers with access to the data collected about them.
Lille Coney, associate director of the Electronic Privacy Information Center, offered her insights as an expert on big data. (To see a video posted by The Economist about Big Data that is based on EPIC-supplied information, click here.)
“Governance is not easy,” Coney said. “But we do learn mechanisms for creating accountability, transparency and oversight.”
She noted that the difficulty lies in creating guidelines that have currency and legitimacy. In regard to cloud computing, Coney suggests that people are not only consumers; they themselves – or at least the sets of the private information they share – are actually products.
“Our online activity alone generates revenue, and many consumers don’t understand that,” Coney said.
She said she strongly believes in the importance of the public’s engagement in the conversation. With all these privacy concerns, Coney said the consumer cannot afford to leave it up to businesses or government.
Lille Coney speaks about the Clould at IGF-USA in Washington, D.C. on July 26, 2012.
Microsoft executive Paul Mitchell, added some perspective to the conversation in terms of how to go about tackling the issue of how to manage Big Data. “I think the big challenge here is figuring out whats’ first when we’re talking about big data,” Mitchell said, noting the overwhelming amount of data being created and databased. “What we have here is not a new problem. What we have here is a problem of scale.”
Mitchell said we can look at the separate desires of people, businesses and society, and consider a philosophy based on each group’s needs. He explained that the people-first philosophy would ensure that data that could be harmful isn’t allowed to be. The business-first philosophy would be about maximizing the potential economic return for the use of data. The society-first philosophy would optimize the value for society as a whole based on what can be done with the data.
“From an operating perspective, the challenges we face involve how to govern against these three axises,” said Mitchell. “The policymakers’ choice is how to balance the three appropriately.”
Nelson then asked a question directed at the panelists about the future of the cloud and whether there would be one cloud in an interconnected world or a world of separate clouds run by different companies.
Session moderator Nelson then asked the panelists about the future of the cloud -whether there will be one cloud in an interconnectedworld or a world of separate clouds run by different companies.
Mitchell argued that there are circumstances that will require a private set of services.
Coney expressed concern over that model. “Consumer’s control over their data in a cloud-driven environment will require the ability to move their data from Cloud A to Cloud B. Making that a reality in this environment is going to be the challenge,” she said.
Polonetsky had a slightly different viewpoint. He considered the business-platforms perspective, questioning how easy it should be to move consumers’ data.
“Yes, it is your data, but did the platform add some value to it by organizing it in a certain way?” he asked, adding that the platforms may make a legitimate contribution by organizing consumers’ data. For example, your Facebook friends belong to you, but Facebook created a platform in which you interact with and share information, photographs and other things with them.
To conclude, Nelson took a few questions from the audience and asked each panelist for a recommendation regarding the future management of Big Data. Brueggeman suggested there should be a set of commonly accepted practices for managing Big Data. Polonetsky added there should be more navigable digital data. Brin supported the strong need for transparency. Coney proposed that cloud providers and Big Data companies must show their respect for a diverse group of stakeholders. Mitchell recommended that we should all work toward greater harmony between business, personal and societal values.
— Audrey Horwitz
Internet Governance Forum-USA, 2011 Workshop: A Plethora of Policy Principles
Brief description:
This session delved into recently announced policy statements with future implications including those made by the Organisation for Economic Cooperation and Development, the U.S. International Strategy on Cyberspace, the G8 and Others – Are principles a feasible approach to underpin Internet governance? If so, which ones? Should principles be applied by codification in law, MOU, or treaty? The workshop consisted of a mini analysis of currently proposed sets of principles. Because the Internet and online services are global, the perspective of the workshop was a global view.
Details of the session:
This is a placeholder for a lead sentence that encapsulates a key point that is the lead according to panelists in a workshop on Internet principles at the IGF-USA conference July 18 in Washington, D.C.
The co-moderators for the session were Fiona Alexander of the National Telecommunications and Information Administration (NTIA) and Shane Tews of Verisign. They hosted a session in which the following people first presented briefings on recently announced sets of principles.
Heather Shaw, vice president for ICT policy for the United States Council for International Business (USCIB), shared details of the OECD Communique on Principles for Internet Policy-Making: http://www.oecd.org/dataoecd/40/21/48289796.pdf.<
Chris Hemmerlein, a telecommunications policy analyst for NTIA, spoke about the sections of the May 2011 G8 Declaration that focus on the Internet: http://www.g20-g8.com/g8-g20/g8/english/live/news/renewed-commitment-for-freedom-and-democracy.1314.html.
Sheila Flynn, of the cyber policy office of the U.S. State Department, briefed participants on the U.S. International Strategy on Cyberspace: http://www.whitehouse.gov/sites/default/files/rss_viewer/internationalstrategy_cyberspace.pdf.
Leslie Martinkovics, director of international public policy and regulatory affairs for Verizon, introduced the concepts of the Brazilian Principles for the Internet: http://einclusion.hu/2010-04-17/internet-principles-in-brazil/.
Sarah Labowitz, U.S. State Department, shared details of the Council of Europe’s Internet Governance Principles: http://www.coe.int/t/dghl/standardsetting/media-dataprotection/conf-internet-freedom/Internet%20Governance%20Principles.pdf.
The introduction of the principles was followed by a roundtable discussion moderated by Iren Borissova of Verisign. Participants were:
- Jackie Ruff, vice president for international public policy and regulatory affairs for Verizon Communications
- Milton Mueller, Syracuse University (participating over the Internet from a remote location)
- Jeff Brueggeman, vice president for public policy at AT&T
- Cynthia Wong, director of the Project on Global Internet Freedom at the Center for Democracy & Technology
- Liesyl Franz, vice president for security and global public policy for TechAmerica
- Mike Nelson, research associate for CSC Leading Edge Forum and visiting professor at Georgetown University
- Robert Guerra, director of the Internet Freedom program at Freedom House
- Susan Morgan, executive director of the Global Network Initiative
For all of the Internet-focused principles laid out by the OECD, G8, U.S. State Department and the Brazilian government, the lists of tenants and guidelines, the debate at the 2011 Internet Governance Forum on “A Plethora of Policy Principles” boiled down to one question: Can the principles be successfully converted into actionable concepts?
Governmental parties, whether they are sanctioned by presidential administrations or are the result of a multistakeholder process, are seeking to list the boundaries in which they wish to act when the next contentious issue hits the web. The problem with these lists, which by themselves could perhaps act effectively within a singular cultural, regional or governmental context, stretch across all boundaries in a way similar to that of the Internet itself.
The policy principles included in the discussion, which in no way represent the entirety of idealized lists, were as follows:
-The OECD Communique on Principles for Internet Policy-Making, which is the most recent set, agreed upon by 34 member states, that seeks to promote the free flow of information, promote the open nature of the Internet, promote investment and the cross-border delivery of services, encourage multistakeholder cooperation and a litany of others, ranging from security concerns to liability issues for an affront to any of the contained principles.
-The G8 Renewed Commitment to Freedom and Democracy, which isn’t solely focused on Internet rights issues, but nonetheless deals heavily with digital issues. The list segments Internet users into three groups: citizens, who seek to use the Internet as a resource and as a means to exercise human rights; businesses, which use it to increase efficiency and reach consumers; and governments seeking to improve their services and better reach their citizens. The G8 list also considers the Internet as the “public forum” of our time, with all of the associated assembly rights applied.
-President Barack Obama’s U.S. International Strategy for Cyberspace focused on the concepts of prosperity, transparency and openness. It represents an effort on the part of the U.S. government to approach Internet issues with a singular vision and seeks to establish an international framework to deal with these issues in the future. Interestingly, it was also the only list of principles discussed during the session that asserts a sort of “digital right to self-defense” in the instance of an attack on the United States’ own digital resources.
-The Brazilian Internet Streering Committee’s Principles for the Governance and Use of the Internet in Brazil differed from the other lists in that it was created after a series of discussions between interested governmental, NGO, private and scientific parties. The committee’s principles also stood for greater universality to the Internet, particularly a breakdown of linguistic barriers and a strict adherence to maintaining diversity in the digital domain. For those questioning why Brazil, given the sheer number of countries with vested interests in Internet issues, Leslie Martinkovics, the director of international public policy and regulatory affairs for Verizon, said, “Brazil is seen as an opinions leader in the Americas. … they would like to take the high ground and lead the discussions going forward.”
-The Council of Europe’s Internet Governance Principles is the product of 47 member states with an expressed focus of “affirming the applicability of existing human rights on the Internet,” according to Sarah Labowitz of the U.S. State Department. In addition to those concerns, the principles call for a clear series of planning, notification and coping mechanisms in place in the event of a cyber disaster.
Once the particulars and intricacies of the various plans had been laid out, the critiques began to fly in. Mike Nelson, research associate for CSC Leading Edge Forum and visiting professor at Georgetown University, played the self-admitted role of the skeptic.
“The first thing you do is hold a meeting, and we’ve been doing that for five years,” Nelson said, describing how meetings lead to research, research leads to a lengthy span of time, during which the public becomes discontented, after which a list of principles emerges to placate the masses.
Nelson did not seek for the topic of discussion to be “do you or do you not stand for freedom,” but instead, a fundamental debate on so-called “flashpoints,” which are actual, specific points of policy, the results of a debate, which could result in legitimate action, as opposed to simply more principles.
Rebecca MacKinnon soon followed Nelson in critiquing the concept upon which the entire panel was devoted, noticing a trend for the principles and conclusions reached by disenfranchised groups, including those who aren’t in the post-industrial West or in the increasingly powerful emerging economies, to be at best given lip service, and at most outright ignored both by interested parties and IGF itself.
“What’s changed between 2004 and now?” MacKinnon asked. “How do people interpret these principles that have been, less or more, set in some degree of stone for quite some time?”
For the Chinese or Iranian dissident, she posited, rouge groups such as Anonymous and Wikileaks do more for their cause than institutional bodies like IGF simply because they rely entirely upon action instead of dialogue, action that is particularly focused on powerful entities.
For all of the critiques piled on the notion of principles and the efficacy of IGF, there was an equal counter of support.
“The role of the IGF is exactly what it was set out to do. There has been discussion, and it has encouraged awareness,” said Heather Shaw, vice president for ICT policy for the United States Council for International Business.
She added that many of the principles outlined in the State Department report published by the Obama administration contains many of the same concepts that were actively discussed at the previous year’s IGF meetings.
“The fact this discussion is happening everywhere points to the success of the Internet Governance Forum,” said Fiona Alexander of the National Telecommunications and Information Administration. “IGF is spurring these kinds of conversations.”
But the unanswered question lingering at the end of the session’s discussion was whether those conversations, those discussions and that awareness is enough in this day and age, with the Internet’s rapid advancement now being met with an equally rapid growth in governmental interest in its inner workings.
– Morgan Little
Internet Governance Forum-USA, 2011 Workshop: Can the Clouds Prevail?
Brief description:
Data Retention; privacy; security; geo-location; mobility; government/law enforcement cooperation; transnational location issues: these are among the emerging cloud computing challenges in Internet Governance. Promoted by industry and government alike, “the cloud” seems to be the answer in providing emerging online services – addressing costs; access; diversity of infrastructure; reliability; and security. Yet its extremely distributed nature raises Internet governance questions. This workshop addressed the Internet governance questions facing cloud computing, including the emergence of the mobile cloud.
Details of the session:
JULY 18, 2011 - Amie Stepanovich participated in the "Can the Clouds Prevail?" workshop at the Internet Governance Forum USA 2011.
Where the cloud’s data is located, who has access to it and what happens if it’s breached took center stage during the cloud computing workshop at the IGF-USA conference July 18 in Washington, D.C.
The moderator for the session was Mike Nelson, a professor at Georgetown University and research associate at CSC Leading Edge Forum.
Panelists included a range of industry, governmental and civil organization representatives:
- Jeff Brueggeman, vice president of public policy for AT&T
- Danny McPherson, chief security officer for Verisign
- Amie Stepanovich, Electronic Privacy Information Center
- Marc Crandall, product counsel for Google
- John Morris, general counsel and director of Internet standards, Center for Democracy & Technology (CDT)
- Fred Whiteside, director of cybersecurity operations for the U.S. Department of Commerce, and National Institute of Standards and Technology Target Business Use Case Manager
- Jonathan Zuck, president of the Association for Competitive Technology (ACT)
Georgetown University professor Mike Nelson said governments are happy to use the cloud for cross-border control because it would enable government applications to work better, and it would save money. But the data have to stay within a host country.
“Tension between government controls on cross-border data flows are often caused by the desire for more privacy for citizens in their country versus the global cloud,” he said. “How do we get to a global cloud that is actually globalized, where data is allowed to move wherever it wants to and yet have the private assurances we’ve had in the past?”
There are many who believe location equals control, said Marc Crandall of Google. But that is not always the case when entering various servers and using a resource like the cloud.
“So location may not necessarily equal control,” Crandall said. “The thing about the cloud is I tend to feel that location does not necessarily equal secure. Where something is located doesn’t make it any more or less secure.”
Having governments worry about security standardization and privacy would be a better focus, he said.
Jonathan Zuck, president of the Association for Competitive Technology, said people need to begin to focus on international citizenry in regards to the cloud. It’s not about where the cloud is located or whose cloud the consumers are using, but looking at a larger more competitive group of providers.
JULY 18, 2011 - Fred Whiteside shares with a group of individuals during the "Can the Clouds Prevail?" workshop during the Internet Governance Forum USA 2011.
And where data are located comes can raise concerns about who has access to that information. If the data are located in a country with little judicial review or fewer privacy regulations, will users’ information be at risk?
“There should be an emerging global standard,” said Jeff Brueggeman, vice president of public policy for AT&T. “As to privacy, the more we improve international cooperation on cybersecurity and law enforcement so that there is more comfort over legitimate concerns that if the data is not stored can they go after a bad guy. But again we have to deal with real issues as well as setting up the right policies to help distinguish between legitimate concern and government overreaching.”
If there is a breach and private information has been hacked, as has been seen in recent attacks against Google and Sony, what should the companies do to be transparent but also uphold their legal obligations?
If an organization is hacked and information is stolen, but that’s not made known publicly, it could be a violation of fair disclosure, said Danny McPherson, chief security officer of Verisign.
“Lots of folks don’t share that type of information,” he said. “Every state or region or nation or union has different native laws and that is extremely problematic in that perspective.”
There are many times that information may not be classified but is of a private nature, such as trade agreements that would need to stay confidential, said Fred Whiteside, director of cybersecurity operations for the U.S. Department of Commerce. It is complex, he said, and as someone who hears many classified discussions on security breaches, he added that it would trouble him for sensitive information to be made public.
Amie Stepanovich, of Electronic Privacy Information Center, said businesses and industries should start worrying about encrypting the information before it is hacked and instead of worrying about the cost-benefit analysis.
“I think the benefit of data encryption is really worth it,” she said. “Its been proven again and again. Companies feel somehow they have to touch that burner to see if it’s hot before they move to that.”
Regardless, while the focus has been on the concerns and security issues surrounding the cloud, there are many benefits that should receive their due credit.
“I think the fact we are all here is a testament to the cloud,” she said. “Or else we wouldn’t be so concerned with what the problems are if we didn’t recognize there are so many benefits of the cloud.”
– Anna Johnson
Documentary coverage of IGF-USA by the Imagining the Internet Center 