Cross Border Data Flows: Could Foreign Protectionism Hurt U.S. Jobs?: Hearing Before the Subcomm. On Commerce, Mfg. & Trade of the H. Comm. on Energy & Commerce, 113th Cong., Sept. 17, 2014 (Statement of Laura K. Donohue)

Documents released over the past year detailing the National Security Agency’s telephony metadata collection program and interception of international content under the Foreign Intelligence Surveillance Act (FISA) directly implicated U.S. high technology companies in government surveillance. The result was an immediate, and detrimental, impact on U.S. firms, the economy, and U.S. national security. The first Snowden documents, printed June 5, 2013, revealed that the U.S. government had served orders on Verizon, directing the company to turn over telephony metadata under Section 215 of the USA PATRIOT Act. The following day, The Guardian published classified slides detailing how the NSA had intercepted international content under Section 702 of the FISA Amendments Act. The type of information obtained ranged from E-mail, video and voice chat, videos, photos, and stored data, to Voice over Internet Protocol, file transfers, video conferencing, notifications of target activity, and online social networking details. The companies involved read like a who’s who of U.S. Internet giants: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. More articles highlighting the extent to which the NSA had become embedded in the U.S. high tech industry followed. In September 2013 ProPublica and the New York Times revealed that the NSA had enjoyed considerable success in cracking commonly-used cryptography. The following month the Washington Post reported that the NSA, without the consent of the companies involved, had obtained millions of customers’ address book data: in one day alone, some 444,743 email addresses from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail, and 22,881 from other providers. The extent of upstream collection stunned the public – as did slides demonstrating how the NSA had bypassed the companies’ encryption, intercepting data as it transferred between the public Internet and the Google cloud. Further documents suggested that the NSA had helped to promote encryption standards for which it already held the key or whose vulnerabilities the NSA understood but not taken steps to address. Beyond this, press reports indicated that the NSA had at times posed as U.S. companies—without their knowledge—in order to gain access to foreign targets. In November 2013 Der Spiegel reported that the NSA and the United Kingdom’s Government Communications Headquarters (GCHQ) had created bogus versions of Slashdot and LinkedIn, so that when employees from the telecommunications firm Belgacom tried to access the sites from corporate computers, their requests were diverted to the replica sites that then injected malware into their machines. As a result of growing public awareness of these programs, U.S. companies have lost revenues, even as non-U.S. firms have benefited. In addition, numerous countries, concerned about consumer privacy as well as the penetration of U.S. surveillance efforts in the political sphere, have accelerated localization initiatives, begun restricting U.S. companies’ access to local markets, and introduced new privacy protections—with implications for the future of Internet governance and U.S. economic growth. These effects raise attendant concerns about U.S. national security. Congress has an opportunity to redress the current situation in at least three ways. First, and most importantly, reform of the Foreign Intelligence Surveillance Act would provide for greater restrictions on NSA surveillance. Second, new domestic legislation could extend better protections to consumer privacy. These shifts would allow U.S. industry legitimately to claim a change in circumstance, which would help them to gain competitive ground. Third, the integration of economic concerns at a programmatic level within the national security infrastructure would help to ensure that economic matters remain central to national security determinations in the future

A New Distributed Chinese Wall Security Policy Model

The application of the Chinese wall security policy model (CWSPM) to control the information flows between two or more competing and/or conflicting companies in cloud computing (Multi-tenancy) or in the social network, is a very interesting solution. The main goal of the Chinese Wall Security Policy is to build a wall between the datasets of competing companies, and among the system subjects. This is done by the applying to the subjects mandatory rules, in order to control the information flow caused between them. This problem is one of the hottest topics in the area of cloud computing (as a distributed system) and has been attempted in the past; however the proposed solutions cannot deal with the composite information flows problem (e.g., a malicious Trojan horses problem), caused by the writing access rule imposed to the subject on the objects. In this article, we propose a new CWSP model, based on the access query type of the subject to the objects using the concepts of the CWSP. We have two types of walls placement, the first type consists of walls that are built around the subject, and the second around the object. We cannot find inside each once wall two competing objects\u27 data. We showed that this mechanism is a good alternative to deal with some previous models\u27 limitations. The model is easy to implement in a distributed system (as Cloud-Computing). It is based on the technique of Object Oriented Programming (Can be used in Cloud computing Software as a service SaaS ) or by using the capabilities as an access control in real distributed system

Multinational perspectives on information technology from academia and industry

As the term \u27information technology\u27 has many meanings for various stakeholders and continues to evolve, this work presents a comprehensive approach for developing curriculum guidelines for rigorous, high quality, bachelor\u27s degree programs in information technology (IT) to prepare successful graduates for a future global technological society. The aim is to address three research questions in the context of IT concerning (1) the educational frameworks relevant for academics and students of IT, (2) the pathways into IT programs, and (3) graduates\u27 preparation for meeting future technologies. The analysis of current trends comes from survey data of IT faculty members and professional IT industry leaders. With these analyses, the IT Model Curricula of CC2005, IT2008, IT2017, extensive literature review, and the multinational insights of the authors into the status of IT, this paper presents a comprehensive overview and discussion of future directions of global IT education toward 2025

Security for Cloud Environment through Information Flow Properties Formalization with a First-Order Temporal Logic

The main slowdown of Cloud activity comes from the lack of reliable security. The on-demand security concept aims at delivering and enforcing the client's security requirements. In this paper, we present an approach, Information Flow Past Linear Time Logic (IF-PLTL), to specify how a system can support a large range of security properties. We present in this paper how to control those information flows from lower system events. We give complete details over IF-PLTL syntax and semantics. Furthermore, that logic enables to formalize a large set of security policies. Our approach is exemplified with the Chinese Wall commercial-related policy. Finally, we discuss the extension of IF-PLTL with dynamic relabeling to encompass more realistic situations through the dynamic domains isolation policy.La principale cause de ralentissement de l'adoption du Cloud est le manque de sécurité fiable. Le concept de sécurité à la demande est de déployer et d'appliquer les demandes de sécurité d'un client. Dans ce papier, nous présentons une approche, Information Flow Past Linear Time Logic (IF-PLTL), qui permet de spécifier comment un système peut supporter un large ensemble de propriétés de sécurité. Nous présentons dans ce papier comment ces flux d'information peuvent être contrôler en utilisant les événements systèmes de bas niveau. Nous donnons une description compléte de la syntaxe de IF-PLTL ainsi que sa sémantique. De plus, cette logique permet de formaliser un large ensemble de politiques de sécurité. Notre approche est illustrée par la politique de sécurité de la muraille de Chine orienté vers le monde commercial. Finalement, nous montrons comment nous avons étendu notre langage pour supporter la relabélisation dynamique qui permet de supporter la dynamicité inhérante des systèmes. Nous illustrons cette extension par la formalisation d'une propriété de sécurité pour l'isolation dynamique de domaines

From Conventional to State-of-the-Art IoT Access Control Models

open access articleThe advent in Online Social Networks (OSN) and Internet of Things (IoT) has created a new world of collaboration and communication between people and devices. The domain of internet of things uses billions of devices (ranging from tiny sensors to macro scale devices) that continuously produce and exchange huge amounts of data with people and applications. Similarly, more than a billion people are connected through social networking sites to collaborate and share their knowledge. The applications of IoT such as smart health, smart city, social networking, video surveillance and vehicular communication are quickly evolving people’s daily lives. These applications provide accurate, information-rich and personalized services to the users. However, providing personalized information comes at the cost of accessing private information of users such as their location, social relationship details, health information and daily activities. When the information is accessible online, there is always a chance that it can be used maliciously by unauthorized entities. Therefore, an effective access control mechanism must be employed to ensure the security and privacy of entities using OSN and IoT services. Access control refers to a process which can restrict user’s access to data and resources. It enforces access rules to grant authorized users an access to resources and prevent others. This survey examines the increasing literature on access control for traditional models in general, and for OSN and IoT in specific. Challenges and problems related to access control mechanisms are explored to facilitate the adoption of access control solutions in OSN and IoT scenarios. The survey provides a review of the requirements for access control enforcement, discusses several security issues in access control, and elaborates underlying principles and limitations of famous access control models. We evaluate the feasibility of current access control models for OSN and IoT and provide the future development direction of access control for the sam

Cloud Computing in the Global South: Drivers, Effects and Policy Measures

Cloud computing has started to transform economic activities in the global South. Many businesses are taking advantage of the pay-as-you-go model of the technology, and its scalability and flexibility features, and government agencies in the South have been investing in cloud-related mega-projects. Cloud-based mobile applications are becoming increasingly popular and the pervasiveness of cellphones means that the cloud may transform the way these devices are used. However, findings and conclusions drawn from surveys, studies and experiences of companies on the potential and impact of cloud computing in the developing world are inconsistent. This article reviews cloud diffusion in developing economies and examines some firms in the cloud's supply side in these economies to present a framework for evaluating the attractiveness of this technology in the context of evolving needs, capabilities and competitive positions. It examines how various determinants related to the development and structure of related industries, externality mechanisms and institutional legitimacy affect cloud-related performances and impacts

Internet Predictions

More than a dozen leading experts give their opinions on where the Internet is headed and where it will be in the next decade in terms of technology, policy, and applications. They cover topics ranging from the Internet of Things to climate change to the digital storage of the future. A summary of the articles is available in the Web extras section

China’s New Transfer Pricing Rules & Their Implications to Cloud-related Multinationals - Blockchain as a Supplementary Solution

Technology companies are at the forefront of multinationals operating in a developing new global tax environment. Their ever-evolving and increasingly borderless cloudbased business models have set off a scramble among companies and governments around the world to grasp cloud taxation issues and impacts