Archive - March, 2009

DRM and public perception of the implications

March 15, 2009 in Copyright with 0 Comments

Digital Rights Management (DRM) has been a periodical theme I have commented about.  Although I don’t have the time to follow it in as much detail as I should, I am aware of the basic issues and how they can and will affect me and the future.

My sister in law was down for the weekend for a visit.  Along with our weird discussions about PI day (which was yesterday), we had a discussion about iPods and DRM.  She is what I would classify as a ‘user only’ of technology.  She does not understand (and willingly admits no interest) in how the Internet works, or how her mobile phone makes a call.  She just wants the technology to work.  Her impression of DRM was that it was not a concern and didn’t affect her at all.  She uses iTunes, purchases her music, can listen to it on her computer and/or ipod.  If apple wants to put DRM on to protect them that is okay.  It doesn’t impact her.  This is not because she is naive or ‘stupid’, on the contrary she’s pretty bright.  Her interests, time and knowledge are elsewhere.

I believe this view is typical of many people and is unfortunate.  Everyone uses technology, most do not care or have the time to learn how it works.  As long as it works that is good enough.    However, I think (and hope) there may be a light at the end of the tunnel.  As DRM increases it’s touch points from data protection (music files, video files, software, etc.) to ‘tangible’ objects such as your headphones not being able to play in your ipod because they are not ‘apple approved’, I believe the ‘users only’ of technology will start to understand the implications of DRM much better and start to voice their opinions.  I can only imagine my sister in law’s reaction if she could no longer use her exisiting ear phones and had to purchase ‘special’ ear phones to listen to her ipod.

GoogleDocs security sharing vulnerability

March 8, 2009 in External Services with 0 Comments

Google Logo 1Anybody contemplating using GoogleDocs or any other cloud computing system for their business documents might want to re-think that decision or at the very least, include it in the risk matrix when making that decision.  It took 10 days to fix and notify which I suppose is good in today’s world.  It does however highlight the risks of putting data on a cloud computing platform that you effectively do not have administrative control of.  A thoughful analysis of what an outsider thinks the process was at Google — probably pretty accurate in my opinion.

Centralization of data and privacy

March 7, 2009 in Data Management, External Services, Information, Privacy and Anonymity with 0 Comments

“There is a distinct difference between secrecy and privacy.” – Alanis Morissette, Interview

I heard that quote a few years ago, it is one that has always stuck with me.  Personally, I am a big proponent of respecting privacy, but secrecy is an entirely different thing.  Where the line is drawn depends on each individual unfortunately.

Previously, when doing security consulting for businesses, one of the common themes was the employers ability to access email, files, voice mail and even phone conversations of an employee if they felt it was necessary.   Taking email for example, most employers feel they have a right to read any email that enters or leaves their company network, regardless of whether it is private in nature or not.  I have been given arguments that the employer owns the equipment and the network and are ultimately responsible and must have the ability to do these types of activities if they feel it necessary.   I had a discussion with an individual that was a senior executive that felt very strongly in favour of this opinion.  I then gave him a scenario where he was collaborating with another company in a different province and the conversations were around some trade secrets or business that was sensitive in nature.  I asked him if it would it be okay if his upstream ISP or one of the ISPs along the path captured and read his email correspondence with this company.  His response was an absolute ‘no’ it would not be okay.  I then stated that it is the ISPs network, they are ultimately responsible for the security and integrity of it.  Two things happened.  First he didn’t like the conversation anymore, that became very obvious.  Second, he made some statement about it being ‘different’ and changed the topic.  This made me realize that  everyone wants secrecy for themselves, but do not want anyone to have secrets kept from them.  Yes, a very obvious statement, but I think it also comes down to that simple concept which drives all these debates, discussions, and laws or lack of laws.

So why am I bringing this up?   Michael Hyatt has a blog that I read regularly.  I don’t know him personally, but he seems like a good guy and has some insightful entries.  He recently commented on the idea of using Gmail for his business email. I completely understand why he is considering it, and would argue that if you are a small or medium size business it could make complete sense financially and logistically.   What about the privacy implications?  What if Google has a security breech and data is lost or stolen?  What if Google is late to apply a security patch? What if there is a security hole that Google isn’t aware of but a criminal is?   If there is a legal issue with a company in Germany that is using a cloud computing application who’s laws apply for data access?  Suppose you accept the terms of service and policies around Gmail and choose to use their service for email.  A year later, you change your mind and wish to have all your email transferred to a different server or service.  Can you do this?  Will all your data be erased from Gmail servers and their backup systems so they could never retrieve it again?  Do you care?

I think technology, innovation, and the internet are awesome.  But I also think it is very important that individuals and businesses realize and think seriously about the privacy implications.  Some suggest this is pointless.   With GoogleDocs, Gmail, online CRM systems, and the multitude of other cloud computing applications available and in use, we have already made this decision even if it is somewhat unconciously as a society.   I feel this statement may be right, and that makes me sad.