Copyright 2009-11 1. Copyright 2009-11 2 Copyright 2009-11 3 Roger Clarke Xamax Consultancy and PSARN Security, Canberra Visiting Professor in Computer.
Post on 26-Mar-2015
215 Views
Preview:
Transcript
Copyright2009-11
1
Copyright2009-11
2
Copyright2009-11
3
Roger ClarkeXamax Consultancy and PSARN Security, Canberra
Visiting Professor in Computer Science, ANUand in Cyberspace Law & Policy, UNSW
24th Bled eConference14 June 2011
http://www.rogerclarke.com/EC/CCC {.html,.ppt}
The Cloudy Future of Consumer Computing
Copyright2009-11
4
Consumer Computing Functions
• Email• Web-Sites• Personal Blogs• Micro-Blogs (Twit)• Personal Galleries
• Personal Music and Video Libraries
• Doc Prep• File-Sharing• Personal
Databases(Acc, Family Trees)
Copyright2009-11
5
Consumer Computing
Email clients, withsmtp/pop/imap
Personal Web-Sites
Office on the Desktop
FTP-server and -client
Functions Applications 1975-2000
Personal Galleries
Doc Prep
File-Sharing
Copyright2009-11
6
Consumer Computing
Email clients, withsmtp/pop/imap
Personal Web-Sites
Office on the Desktop
FTP-server and -client
Webmail,with http
Flickr, Picasa
Zoho, Google Docs
Dropbox
Functions Applications ==>> Services 1975-2000 2000-Email
Personal Galleries
Doc Prep
File-Sharing
Copyright2009-11
7
The Research Question
How well are Consumer Computing Services satisfying consumers’ needs?
To the extent that there are problems, what should be done about them?
Copyright2009-11
8
Consumers – Segmentation
• Age / 'Generation'
Copyright2009-11
9
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
The Generations of Computing Consumers
Copyright2009-11
10
The Generations of Computing Consumers
Baby Boomers (45-65)Handshake/phone, PCs came late, had to adapt to mobile phonesWork is Life, the team discusses / the boss decides, process-oriented
GenXs (30-45)Grew up with PCs, email and mobile phones, hence multi-taskersWork to Have More Life, expect payback from work, product-oriented
GenYs (15-30)Grew up with IM/chat, texting and video-games, strong multi-taskersLife-Work Balance, expect fulfilment from work, highly interactive
iGens (to 15)Growing up with texting, multi-media social networking, networked games, multi-channel immersion / inherent multi-tasking?Life before Work, even more hedonistic, highly (e-)interactive
Copyright2009-11
11
Consumers – Segmentation
• Age / 'Generation'
• Education, Income, Wealth• Infrastructure Availability• Technical Capability
• Opportunity-Awareness• Leadership / Followership• Risk-Awareness, Risk-
Aversion
Copyright2009-11
12
Challenges Inherent in the Research Domain
• Diversity:• of technologies• of consumers• of consumer uses of technologies
• Ongoing, rapid change / unstable phenomena
• Can 'consumer requirements' be operationalised?
• Can 'consumer disbenefits and risks' be evaluated?
Copyright2009-11
13
Requirements, Disbenefits and RisksThe Organisational Perspective
1. Operational RequirementsDependability on a day-to-day basis
2. Contingent RisksLow likelihood, but highly significant
3. Security Risks
4. Commercial Disbenefits and Risks
5. Compliance Disbenefits and Risks
Copyright2009-11
14
Org 1. Operational Requirements• Fit – to users' needs, and customisability• Reliability – continuity of operation
• Availability hosts/server/db readiness/reachability
• Accessibility network readiness
• Usability response-time, and consistency
• Robustness frequency of un/planned unavailability (97% uptime = 5 hr per week offline)
• Resilience speed of resumption after outages
• Recoverability service readiness after resumption
• Integrity – sustained correctness of the service, and the data
• Maintainability – fit, reliability, integrity after bug-fixes & mods
Copyright2009-11
15
Org 2. Contingent Risks
• Major Service Interruptions• Service Survival – supplier collapse or withdrawal
Safeguards include software escrow; escrow inspection; proven recovery procedures; rights that are proof against actions by receivers
• Data Survival – data backup/mirroring/synch, accessibility
• Data Acessibility – blockage by opponents or a foreign power
• Compatibility – software, versions, protocols, data formats
• FlexibilityCustomisationForward-Compatibility to migrate to new levelsBackward-Compatibility to protect legacy systemsLateral Compatibility to enable dual-sourcing and escape
Copyright2009-11
16
Consumer Requirements and Risks – 1 of 3
The Basic Needs• Does it do what I want it to do? [Fit]• Will it be there when I want it? [Availability, Reliability]
The Basic Protections• How do I keep going if it stays fallen over for a long time?
[Service Interruptions]• Will you respond helpfully and quickly enough when I ask for help?
[Customer Service]• Will you lose my data, or muck it up? [Data Integrity]• Do I get my data back if you fall over or withdraw the service? [Survival]• Can I move my data to another supplier? [Lateral Compatibility]• Who can I complain to if I get dudded, and will they actually help me?
[Consumer Protection]
Copyright2009-11
17
Consumer Requirements and Risks – 2 of 3
More Advanced Needs• Will it keep doing what it does now? [Service Integrity]• Will it stay up-to-date? [Future Fit]• Will it fall over too often? [Robustness]• Will it come back quickly after it falls over? [Resilience]• Is my service protected against you, them and the gods? [Service
Security]• If bits of it are broken, will you fix it without breaking it some
more? [Maintainability]• Can I fiddle with it a bit if I need to? [Flexibility]• Can I move my data to an upgraded version? [Forward
Compatibility]• How long will old versions keep working for me?
[Backward Compatibility]• Am I breaking the law if I use the service? [Legal Compliance]
Copyright2009-11
18
Consumer Requirements and Risks – 3 of 3
More Advanced Protections• Am I going to get gouged? [Cost]• Can only appropriate people get in and do things?
[Authentication and Authorisation]• Can I get access to all data that you hold about me?
[Subject Access]• Is my data protected against you, them and the gods?
[Data Security]• Is my privacy protected against you, them and the gods?
[Privacy Controls]• If I terminate our relationship, will my data be irretrievably
deleted? [Fully Effective Withdrawal]• What happens to my data if I die? [Archival /
Memorialisation]
Copyright2009-11
19
How are Consumer Requirements Satisfied?
How are Consumer Risks Managed?
• Through the Provider:• Terms of Service• Policies• Practices
• Through the State:• Law• Regulatory Resources• Regulatory Enforcement
• Through Private Litigation
Copyright2009-11
20
How are Consumer Requirements Satisfied?
How are Consumer Risks Managed?
• Through the Provider:• Terms of Service• Policies• Practices
• Through the State:• Law• Regulatory Resources• Regulatory Enforcement
• Through Private Litigation
Copyright2009-11
21
Research Method
Preliminary Phase• ...
Empirical Phase• Validation of Consumer
Requirements• Sample Selection• In-Depth ToS Studies• Comparative ToS
StudiesArticulation Phase• ...
Copyright2009-11
22
Research Method
Preliminary Phase• Studies of the Domain• Definition of Consumer
Requirements• Accessibility of ToS• In-Depth Study of 1 ToS• Comparative Study of
ToS re 1 Cluster of Terms
• Consumer Protection Laws, Resources, Enforcement
Empirical Phase• Validation of Consumer
Requirements• Sample Selection• In-Depth ToS Studies• Comparative ToS
StudiesArticulation Phase• ...
Copyright2009-11
23
Research Method
Preliminary Phase• Studies of the Domain• Definition of Consumer
Requirements• Accessibility of ToS• In-Depth Study of 1 ToS• Comparative Study of
ToS re 1 Cluster of Terms
• Consumer Protection Laws, Resources, Enforcement
Empirical Phase• Validation of Consumer
Requirements• Sample Selection• In-Depth ToS Studies• Comparative ToS StudiesArticulation Phase• Discussions with Providers• Expression of Model Terms• Interactions with
Consumer Advocacy Organisations, Regulators, Policy Makers
Copyright2009-11
24
1. Accessibility of the Terms of Service
• The Current Version of the ToS• In all cases, they are on the web-site• Generally, no date of applicability is provided
• Prior Versions of the ToS• In not one case are prior versions visible
• Changes to the ToSAll but one ToS claim the right to unilaterally change the Terms:
• most do not require notice, but just an announcement somewhere on the website, and changes have immediate effect
• a few require that notice be provided, the change is to be explained, and the notice is to be provided in advance, and by user-convenient means
Copyright2009-11
25
Accessibility of the Terms of ServiceThe Significance for Consumers
• Consumers can only know what Terms apply to an earlier transaction if they mirrored the Terms at the time
• The Terms applicable to the next transaction may not be the same as they were for previous transactions
• The Terms applicable to transactions and to the consumer’s data are entirely under the provider's control
• Consumers can place no reliance on what they may have previously read or heard about the Terms
Copyright2009-11
26
2. In-Depth Study of Terms of ServiceLinkedIn
A (‘social’) networking service for professionals
A Priori:• Its users should be well-informed and
demanding • So the provider is likely to:
• address its customers' needs• balance their interests against the
company's
• So it can be expected to provide a benchmark
Copyright2009-11
27
LinkedIn In-Depth• No responsibility to provide the service, to do so reliably,
or to sustain data stored in it• Subscribers must disclose physical location, even if
irrelevant• No internal complaints process• No rights to restitution, no liability for identity fraud• LinkedIn gains rights to customers' data that are almost
equivalent to the rights of the customers themselves• Unilateral changes to the Privacy Statement, without
notice• Storage in the USA under lax privacy laws• No undertakings to control the behaviour of staff• Enforced 'permission' to disclose personal data, without
legal authority, "to assist government enforcement agencies"
• Inadequate subject access and correction rights
Copyright2009-11
28
LinkedIn In-DepthThe Significance for Consumers
• LinkedIn projects itself as a networking service for well-informed and demanding professionals
• It was expected to provide a benchmark
• In fact, many aspects are badly handled• Not a benchmark, but rather a considerable
concern
Copyright2009-11
29
Terms of Service3. Clusters
• Service-Level Warranties and Indemnities• Lateral Compatibility ('Can I get my data
out?')• Authentication and Authorisation• Second-Party Risk Exposure• Third-Party Risk Exposure• Data Deletion• Subject Access• Customer Service• Complaints-Handling – Internal, External
Copyright2009-11
30
Terms of Service3. Clusters
• Service-Level Warranties and Indemnities• Lateral Compatibility ('Can I get my data
out?')• Authentication and Authorisation• Second-Party Risk Exposure• Third-Party Risk Exposure• Data Deletion• Subject Access• Customer Service• Complaints-Handling – Internal, External
Copyright2009-11
31
Consumer Requirements and Risks – 3 of 3
More Advanced Protections• Am I going to get gouged? [Cost]• Can only appropriate people get in and do things?
[Authentication and Authorisation]• Can I get access to all data that you hold about me?
[Subject Access]• Is my data protected against you, them and the gods?
[Data Security]• Is my privacy protected against you, them and the gods?
[Privacy Controls]• If I terminate our relationship, will my data be irretrievably
deleted? [Fully Effective Withdrawal]• What happens to my data if I die? [Archival / Memorialisation]
Copyright2009-11
32
Second-Party Risk-ExposureScope Definition
• Not data relevant to the commercial relationship
• Not uses of data that are necessary as part of the service being provided
• 'Private data' intended for use by the consumer only
• 'Restricted data' intended to be accessible by some other parties, but not by parties generally
Copyright2009-11
33
Comparative Table
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright2009-11
34
Second-Party Risk-Exposure Summary of Results
• 3 – the Terms provide the ISP with no right to use the data (iinet, Internode, Yahoo!)
• 1 – use is limited to 'access' - although what that limitation means is unclear (Dropbox)
• 2 – use is authorised, but ... only in a manner directly related to the contract (Infinite, Zoho)
• 1 – use is authorised "to provide the service" - which can be readily interpreted as being the service as a whole,not just the service provided to that user (MS Live)
• 2 – the ISP has very substantial rights (Google, LinkedIn)
Copyright2009-11
35
Second-Party Risk-ExposureThe [Semi-Arbitrary] Scores
Dropbox 7.5MS Live 7.0Yahoo! 4.5Zoho
4.5
Copyright2009-11
36
Second-Party Risk-ExposureThe [Semi-Arbitrary] Scores
Dropbox 7.5MS Live 7.0Yahoo! 4.5Zoho 4.5_____________________Google Gmail 0.0 Docs
0.0 Groups 0.0 Apps
0.0LinkedIn 0.0
Copyright2009-11
37
Cloudy Consumer ComputingAGENDA
• The Research Domain• Consumer Computing• Consumer Apps ==>> Consumer
Services• Consumers• Consumer Requirements and Risks
• The Research Method• Preliminary Results• (Tentative) Conclusions and Next Steps
Copyright2009-11
38
Preliminary PhasePolicy-Relevant Results
• Consumers dependent on C.C. Services are at dire riskService malfunctions, loss of data, provider exploitation of their data, low standards of accessibility and clarity of Terms, largely unfettered scope for providers to change the Terms
• Consumer Protections are essential, but seriously inadequateTransnationality of Internet commerce, dominance of US marketing morés, pro-corporate and anti-consumer stance of US regulators, meekness of regulators in other countries, the lack of organised resistance by consumer reps, advocacy bodies
• Serious consumer disappointments are inevitable• Recriminations against out-/cloud-sourcing are inevitable
Copyright2009-11
39
Preliminary PhaseResearch-Relevant Results
• The Research Method’s feasibility has been demonstrated
• The project is giving rise to new and deeper information• Complementary research is needed
In-depth studies of actual cases of harm to consumersIn-depth studies of scenarios likely to lead to harmStudies of different categories of serviceStudies of different categories of consumers• across the Generations• across different levels of consumer sophistication
• Results from all lines of research need to be combined • Feedforward is needed into providers’ Terms of Service
Copyright2009-11
40
Next Steps
Preliminary Phase• Studies of the Domain• Definition of Consumer
Requirements• Accessibility of ToS• In-Depth Study of 1 ToS• Comparative Study of
ToS re 1 Cluster of Terms
• Consumer Protection Laws, Resources, Enforcement
Empirical Phase• Validation of Consumer
Requirements• Sample Selection• In-Depth ToS Studies• Comparative ToS StudiesArticulation Phase• Discussions with Providers• Expression of Model Terms• Interactions with Consumer
Advocacy Organisations, Regulators, Policy Makers
Copyright2009-11
41
Roger ClarkeXamax Consultancy and PSARN Security, Canberra
Visiting Professor in Computer Science, ANUand in Cyberspace Law & Policy, UNSW
http://www.rogerclarke.com/EC/CCC {.html,.ppt}
The Cloudy Future of Consumer Computing
Copyright2009-11
42
Copyright2009-11
43
Consumer Computing Devices
• Desktops, Laptops
• Thin Clients, Netbooks• Handhelds / Palmtops
• Tablets
• Smartphones
Copyright2009-11
44
Consumer Computing Interfaces
• Desktops, Laptops
• Thin Clients, Netbooks• Handhelds / Palmtops
• Tablets
• Smartphones
QWERTY, Fingers,Desktop Metaphor
DittoSoft-QWERTY, Fingers,
Stylus, VoiceSoft-QWERTY, Fingers,
Gesture, Browser-Based
Soft-PhoneKeyboard, Thumbs or Fingers
top related