When a law or policy draft process related to the internet or communication takes place in public, the question “What about the common/individual rights” comes to mind. But, this time, the process is not open to public. It is a little bit secret for some reason or other. What we are talking about is Anti-Counterfeiting Trade Agreement(ACTA).

What is it? The Anti-Counterfeiting Trade Agreement (ACTA) is a proposed plurilateral trade agreement for establishing international standards on intellectual property rights enforcement.(Wikipedia – ACTA)

At the end of 2007, the United States, the European Community, Switzerland, and Japan announced the launch of ACTA. Since mid-2008, the Australia, Canada, the European Union, Jordan, Mexico, Morocco, New Zealand, the Republic of Korea, Singapore and the United Arab Emirates and maybe some other countries have been negotiating that trade treaty (ACTA) in a secret manner.

ACTA signatory countries say that they need improved international standards for actions against the increase in global trade of counterfeit goods and pirated copyright protected works. Secrecy in the process leads to us thinking of that they knew people would speak out against ACTA. Seemingly, the goal of ACTA treaty is to adapt copyright to the digital age. That doesn’t mean that there aren’t important details like anti-file sharing and net-filtering policies. There are.

There have been a lot of criticism since some leaked draft documents are available on the internet. Main concerns are secrecy of negotiations, legal scope, privacy and threat to free software.

“Although the proposed treaty’s title might suggest that the agreement deals only with counterfeit physical goods (such as medicines), what little information has been made available publicly by negotiating governments about the content of the treaty makes it clear that it will have a far broader scope, and in particular, will deal with new tools targeting ‘Internet distribution and information technology’ “Free Software Foundation(FSF) says in its “Speak out against ACTA” campaign.

La Quadrature du Net, an advocacy group that promotes the rights and freedoms of citizens on the Internet, criticizes ACTA from democratic process and internet neutrality perspectives:

“At a time when important debates are taking place on the need to adapt copyright to the digital age, this treaty would bypass democratic processes in order to enforce a fundamentally irrelevant regulatory regime. It would profoundly alter the very nature of the Internet as we know it by putting an end to Net neutrality“

Last week, Eddan Katz and Gwen Hinze from the Electronic Frontier Foundation, is the leading civil liberties group defending rights in the digital world, published an essay on ACTA in the Yale Law Journal of International Law Online. Their approach to ACTA is not just focused on civil liberties but democratic accountability, transparency, impact on knowledge economy, internet and innovation. From the essay :

“…IP enforcement isolated from innovation policy ignores the legal flexibility that enables information technology to emerge, obstructs access to knowledge, and threatens citizens’ civil liberties.”

“The confidentiality rationale fails most significantly from a public policy perspective. Transparency is necessary for balanced policymaking that serves the needs of all stakeholders in the knowledge economy.”

“…It will also restrict the global flow of information by regulating, and potentially criminalizing, the next generation of innovative network technologies…

I am not a citizen of ACTA signatory countries but I know that this kind of agreement will be a starting point for future [inter]national agreements/regulations. If you are a citizen of signatory countries, you can “speak out against ACTA” before 2010.

http://www.fsf.org/campaigns/acta/

Have a nice day,

“The interesting thing about cloud computing is that we’ve redefined cloud computing to include everything that we already do. I can’t think of anything that isn’t cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women’s fashion. Maybe I’m an idiot, but I have no idea what anyone is talking about. What is it? It’s complete gibberish. It’s insane. When is this idiocy going to stop?”

Although Larry Allison ridiculed Cloud Computing by saying the above things, many executives and IT analysts don’t agree with Larry Allison on cloud computing.

According to many analysts in information technologies area, security and cloud computing are hot topics for most of the enterprises. Firms need data storage, processing software, infrastructure and framework on-demand and without heavy investments on hardware/software. Every organization wants to get more benefits from this new way of delivering computing resources. Many firms, mainly small and medium enterprises(SME), are considering migration to cloud computing services.

ENISA (European Network and Information Security Agency) has launched a survey of the actual needs, requirements and expectations of SME for cloud computing services. The following is one of the raw data from survey showing reasons behind possible engagement in cloud computing area:

As seen, “Avoiding capital expenditures in hardware, software”, “Flexibility and Scalability of IT resources” and “Business continuity and Disaster Recovery” are the main points that firms (SME) want possible engagement in Cloud computing area. These are the reasons driving firms to Cloud computing. On the other hand, the things are not so easy and smooth. There are some important concerns in SME’s approach to cloud computing (preventing them to use cloud computing services):

Most important concerns in SME’a approach to cloud computing are security and privacy of the data. It is almost impossible to expect SMEs to use cloud computing services without providing secure cloud computing services to SMEs.

Last week, ENISA (European Network and Information Security Agency) released a report which allows an informed assessment of the security risks and benefits of using cloud computing – providing security guidance for potential and existing users of cloud computing. This report can be used as a starting point from both security risks and benefits perspective. ENISA’s “Cloud Computing and Security Risk Assessment Report” categorized risks as “Policy and Organizational Risks”, “Technical Risks” and “Legal Risks”. According to risk assessment, “Lock-in” and “Loss of Governance” are the most important risks.

Last April, some of the cloud providers had released a manifesto named “Open Cloud Manifesto”. (my blog entry about it : “Open Could Manifesto”) Defining some important aspects of the “cloud” like portability & easy migration to other cloud providers and openness of the cloud were the goal of the manifesto. Now, ENISA’s (European Network and Information Security Agency) “Cloud Computing Security Risk Assessment” report is emphasizing same portability problem by putting “Lock-in” first in the list of policy and organizational risks.

Anyone who wants to get more information on cloud computing or any enterprise that thinks of implementing/using cloud computing should read this report as a starting point. That is really detailed in accordance with SME’s concerns and needs.

Using ENISA’s own title from its press release, we can say “ENISA clears the fog on cloud computing security”….

Have a nice and happy week,
Erhan

Bir şehir efsanesine göre ünlü hırsız Willie Sutton neden banka soyduğu sorulduğunda -daha sonra yönetim alanındaki activity-based costing(ABC) kuralında da kullanılan- şu meşhur cevabı vermiş: “because that’s where the money is”…

Dijital dünyanın hayatımızın her alanına nüfuz ettiği bir dönemde artık hırsızlar paranın olduğu yeri değil, “verinin / bilginin” olduğu yeri gözlerine kestiriyorlar. Bunun son örneklerinden biri telekom sektöründe bir kişisel veri hırsızlığı. Hem de öyle böyle değil, alanındaki en büyük hırsızlıklardan biri.

İngiltere’deki T-Mobile telekom operatörünün bir çalışanının yüzbinlerce kullanıcıya ait kişisel verileri çalıp, rakip şirketlere sattığı ortaya çıktı. İngiliz The Guardian gazetesinin haberine gore T-Mobile’da bu hırsızlığı doğruladı. Konu ile ilgili kamu görevlilerinin yaptığı açıklamaların ortak noktası bilgi hırsızlığı eyleminin cezalarının yetersiz olması.

Ceza konusu ayrı bir konu ama beni en çok ilgilendiren yüzbinlerce kişiye ait özel verilerin bilgileri dışında başkalarının eline geçmesi. Bundan 10 yıl önce e-posta adresi ve en fazla bir de kullanıcı adı gibi verilerimiz dijital dünyada bir yerlerde saklanırken(ya da saklanamazken) bugün e-postalarımızdan, fotoğraflarımıza, telefon kayıtlarımızdan, arkadaş listelerimize, videolarımızdan, vergi kayıtlarımıza hayatımıza dair hemen hemen herşey bir şekilde digital bir ortamda ve internet üzerinden “bir şekilde” ulaşılabilir durumda. Yani siz verilerinize ne kadar dikkat ederseniz edin, yine de o verilerin başkalarının eline geçmesine engel olamayabilirsiniz.

Durum sosyal ağlar söz konusu olduğunda daha tehlikeli. Birçok insana veri güvenliğinden bahsettiğinizde alacağınız cevap hemen hemen aynı oluyor: “Saklayacak bir şeyim yok”. Ama sorun birşeyleri saklamak değil ki..Bugün okuduğum başka bir haber tam da bununla ilgili. Depresyon gerekçesi ile izin alan ve sigorta tarafından giderleri karşılanan bir çalışanın facebook sayfasına koyduğu bazı fotograflarda gülmesi veya kumsalda görünmesi sigorta şirketini harekete geçirmiş. Sigorta ödemelerini yapmamış ve çalışanın sağlıklı olduğuna karar vermiş! Depresyondaki insanların tam da yapması gerekeni – yani dışarı çıkmak, kendisini iyi hissetirecek aktivitelere katılmak- yaptığı için cezalandırılan biri söz konusu. O fotoğraflara nasıl ulaşıldığı ayrı bir konu ama daha vahim olan fotoğrafların yorumlanması. Yani sizin sosyal ağlarda paylaştığınız bir kare fotoğraf, başkaları tarafından farklı şekilde yorumlanabilir ve sizi mağdur edebilir.

Siz siz olun kişisel verilerinizi hafife almayın. Umulmadık bir anda umulmadık bir şekilde karşınıza çıkabilirler.

Sahi Türkiye’de de bir zamanlar bir kişisel veri güvenliği yasası konuşuluyordu. Sahi ne oldu ona?

Iyi haftalar…