On Friday the Obama administration released the second draft version of the National Strategy for Trusted Identities in Cyberspace (“NSTIC”). The trusted ID plan is part of the Obama administrations Cyberspace Policy Review, released in May 2009. This new draft focuses the effort to create an online identification system on the private sector with the government serving in a coordinating capacity.
The press release emphasizes the importance of the Internet to commerce but also its “online fraud and identity theft, that harm consumers and cost billions of dollars each year.” By making online transactions trustworthy “we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation.”
Key elements of the trusted identification systems suggested by the strategy include the ability to opt into the system, different types of credential for different categories of access and preservation of an anonymous option. The strategy promises benefits such as faster transaction processing, age restriction for content, easier smartphone transactions and enhance public safety.
Much criticism of the strategy has come from privacy advocates. This latest draft emphasizes that identification systems will be optional and will not abolish anonymity. At the announcement of the latest draft Commerce Secretary Gary Locke dismissed such worries as conspiracy theories.
Your company may soon face more regulations in how it gathers and maintains customer data online. On Tuesday April 11, 2011, Sens. John Kerry (D) of Massachusetts and John McCain (R) of Arizona introduced a new bill titled the Commercial Privacy Bill of Rights Act of 2011. If passed the bill would impose new responsibilities on companies to disclose what data is collected from online visitors to their sites and would entitle users to opt out.
The bill seems to be explicitly directed at re-advertisers. It explicitly states that it will target companies that take information solely for the purpose of advertising, and will be more lenient towards companies that have “existing relationships with customers.” “The bill does not allow for the collection and sharing of private data by businesses that have no relationship to the consumer for purposes other than advertising and marketing,” McCain said in the joint statement with Kerry. “It is this practice that American consumers reject as an unreasonable invasion of privacy.”
An additional factor that is likely to be the object of scrutiny as the bill advances through congress is a requirement that data that is collected by adequately secured once it has been gathered. The FTC would be empowered to publish rules setting forth security requirements. This portion of the bill responds to growing consumer concerns at unauthorized personal information leaks in the news.
On Wednesday April 6, 2011, the Senate Judiciary Committee met to discuss overhauling the Electronic Communications Privacy Act of 1986 (“ECPA”). This law governs privacy related to data collection and electronic communications but is lacking in any provisions regarding new technologies and practices such as mobile phones, mobile hotspots, social networking and cloud computing.
At least one party opposed to changing the law is the Department of Justice. (“DOJ”) James A. Baker, associate deputy attorney general for the DOJ, told the committee that “the government’s ability to access, review, analyze, and act promptly upon the communications of criminals that we acquire lawfully, as well as data pertaining to such communications, is vital to our mission to protect the public from terrorists, spies, organized criminals, kidnappers, and other malicious actors.”
Mr. Baker tried to persuade the panel that great government access to our private and corporate information actually provides for a more private environment. “By authorizing law enforcement officers to obtain evidence from communications providers, ECPA enables the government to investigate and prosecute hackers, identity thieves, and other online criminals. Pursuant to ECPA, the government obtains evidence critical to prosecuting these privacy-related crimes.”
What solution does the DOJ offer? Well, for the moment none, however, Cameron F. Kerry, general counsel for the U.S. Department of Commerce, told the committee that the departments of Commerce and the DOJ “have been working together to develop a specific set of legislative proposals.” No suggested tie frame for these proposals was stated.
Senator Patrick Leahy, chairman of the committee, opening remarks at the hearing suggest that the committee might be deferential to the DOJ and DOC on these topics.
The money flowing into cloud computing seems to grow from year to year. This week alone several significant announcements portend substantial growth.
- Dell, Inc., well known manufacturer and reseller of ms-dos based computers and laptops, announced that it plans to invest over $1 billion on cloud computing initiatives during the next fiscal year. The bulk of the investment will be centered on building data centers that will provide customers with computer infrastructure services (IAAS). Dell announced 12 new such data centers this coming year with more to follow. The data centers will be built worldwide. Dell will brand some of their new data centers as vStart. vStart data centers are planned to allow customers simple virtualized system environments. According ton Dell, up to 200 virtual machines for a single customer. These environments will be created in cooperation with VMWare.
- Microsoft Corporation and Toyota Media Service Co. are working together to tie your car to the Internet. The initial goal is to provide power-savings tools for hybrid cars such as tracking the best time of day to charge the car, avoiding peak hours and higher electricity costs. The remote control system might also be extended to the home allowing the user to turn on air conditioning automatically or control energy systems at home remotely. The system is expected to be controllable via smartphones. A presenter for Toyota predicted that consumers will soon learn to demand Internet connectivity for their cards.
- On April 6 IBM announced two new products: Smartcloud and Workload Deployer. Smartcloud is an IBM managed online cloud infrastructure for enterprises to host environments on the Internet. One option under Smartcloud are IBM SAP Managed Application Services which will allow cloud based SAP solutions for customers. Workload Deployer is an appliance for developing private corporate clouds.
- Forbes interviewed David Eiswert, manager of T.Rowe Price’s Global Technology Fund, who was quoted as staying “Intel is virtually doubling their capital expenditure this year. And they’re not doing that because PCs are flying off the shelves.”