Gov’t Regulation

Session Topic: Government Regulation, Security Services and Bill of Rights (T1I)

Convener: Carl Hewitt

Notes-taker(s): Carl Hewitt

Tags for the session - technology discussed/ideas considered:

Government Regulation, Security Services, Internet Bill of Rights

'Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Smartphones are going to have it all: proprietary business strategies, chiseling on taxes and expenses, Roman Catholic confessions, political activities, abortions, personnel decision making, love trysts, STD, mental illness, and cancer diagnoses and treatments, etc. Stored in data centers this information will have to be tightly regulated with respect to how it can be used in marketing, personnel decisions, etc. Government officials will become increasingly knowledgeable about the treasure-trove of intimate personal information and proprietary business information stored in data centers.

Security officials will be forced to recognize the value of this information for preventing terrorism. Since it is politically necessary to do everything possible to prevent terrorism, means will be developed for security agencies to analyze all this information in real time. (The recent US government WikiLeaks subpoenas and National Security Letters to Twitter and other cloud aggregators such as Facebook have heightened awareness of the threat.) Thus we have reached an existential moment for the fate of our proprietary business and intimate personal information. The next generation will ask “Where were you when this was going down?”

A nation cannot allow its people to be able to be blackmailed or its companies’ proprietary information to be taken by foreign security agencies. Before information on a person stored in a company's data centers can be turned over to a foreign government, the company will be required to first get permission from the person's country. (Penalty to be determined.) If necessary, a nation's intimate personal and company proprietary information will be required to be stored in data centers located in the same nation.

Industry is undertaking a major shift in cloud computing strategy to forestall the above threat to their international business. The alternative new cloud business model is:

·    perform computation using customer equipment because

o it’s less expensive than data center computation because of lower communications, energy, and equipment cost

o many-core architectures will provide plenty of computing capacity, even on smartphones

o response time can be faster than data center computation for new collaborative natural language interfaces (à la Kinect, etc.)

·    store private information in data centers that can be decrypted only using the customers’ private keys because it’s cheaper and more reliable to use multiple data center storage vendors incorporated in different countries. (For efficiency, information will be cached on customer equipment.)

·    service advertising using customer equipment because advertising can be better targeted on customer equipment (without violating customer private information) than data centers since customer equipment has complete information as opposed to the partial information of a data center vendor

·    perform social computing using customer equipment because it can be more customizable and flexible when not restricted by vendor data centers (e.g. Facebook)

The new cloud business model supports and Internet Bill of Rights as follows: Information Disclosure. Clients have the right to receive accurate, timely, easily understood information in making informed decisions about their personal information (including that which could be used to help identify, contact or locate them) held by Internet information aggregators.

Confidentiality of Information. Clients have the right to communicate with their aggregators in confidence and to have the confidentiality of their personal information protected. Clients also have the right to review and copy their own information and request amendments and deletions. Security of Information. Clients have the right to security of their information and to timely disclosure of security breaches. For example, they have the right to the means to reliably remove rootkits, viruses, spyware, and other malware from their own equipment.

Participation in Advertising Decisions. Clients have the right to participate in the process of being offered advertisements based on their information. Clients who are unable to fully participate in the process of being offered advertisements have the right to be represented by parents, guardians, family members, or other conservators.

Respect and Nondiscrimination. Clients have the right to considerate, respectful treatment from Internet information aggregators at all times and under all circumstances. Complaints and Appeals. Clients have the right to a fair and efficient process for resolving differences with their aggregators, and the institutions that serve them, including a rigorous system of internal review and an independent system of external review