Embed Size (px)
Citation preview
The 2nd International Conference of e-Publishing: ICEPUB 2016
University of Jordan Library
Amman, Jordan
26-28 /07/2016
Cloud computing: Legal and ethical issues in library
and information services
Najeeb Al-Shorbaji
Vice-President, e-Marefa
Agenda
• Introduction
• Cloud computing: development, definition, value, risks, benefits, local solutions
• Legal issues in library cloud computing
• Library/information ethics
• Ethical issues in library cloud computing
Are you cloud computing?
• Do you have a gmail.com, Yahoo or Hotmail account?
• Do you have a Dropbox or Instagram account?
• Do you have a Facebook or Twitter?
• Do you have an iCloud account?
• If the answer is yes to any of these, then you are cloud computing.
Cloud computing (1/8)
• Over the years, "cloud" has become a vague and flexible term that does not reference anything in particular. (Expert
insight: Cloud computing defined. http://docs.media.bitpipe.com/io_10x/io_100433/item_419064/HPandIntel_sCloudComputing
_SO%23034437_E-Guide_052611.pdf)
• Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (The
NIST Definition of Cloud Computing. 2011 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf)
Cloud computing (2/8)
• Efficiency through resource sharing: – Local Area Networks – Wide Area Networks – Metropolitan Area Networks – Storage Area Networks – Internet (network of networks) – Cloud computing
• Tata study (2015) reported that 83 percent of enterprises are seeing benefits they did not expect. The most popular of these are increased productivity (69 percent), better access to data (65 percent), and reductions in costs (63 percent). Nathan Eddy. Cloud Computing Reducing Costs, Improving Productivity http://www.eweek.com/small-business/cloud-computing-reducing-costs-improving-productivity.html
Cloud computing (3/8)
• Provides shared services as opposed to local servers or storage resources;
• Enables access to information from most web-enabled hardware;
• Allows for cost savings – reduced facility, hardware/software investments, support;
• Data resides on servers that the customer cannot physically access;
• Vendors may store data anywhere at lowest cost if not restrained by agreement.
Cloud computing (4/8)
• Essential Characteristics of cloud computing: – On-demand self-service
– Broad network access
– Resource pooling
– Rapid elasticity
– Measured service
• Service Models: – Software as a Service
– Platform as a Service
– Infrastructure as a Service
Cloud computing (5/8)
• Deployment Models:
– Private cloud
– Community cloud
– Public cloud
– Hybrid cloud
Peter Mell and Timothy Grance. The NIST Definition of Cloud Computing: Recommendations of the National Institute of Standards and Technology. Gaithersburg, MD: National Institute of Standards and Technology, 2011 (http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf)
Cloud computing (6/8) • Advantages:
– Lower computer costs – Improved performance – Reduced software costs – Instant software updates – Improved document format compatibility – Unlimited storage capacity – Increased data reliability – Universal document access – Latest version availability – Easier group collaboration – Device independence.
Cloud computing (7/8)
• Disadvantages:
– Requires a constant Internet connection
– Does not work well with low-speed connections
– Features might be limited
– Can be slow
– Stored data can be lost
– Stored data might not be secure.
Cloud computing (8/8)
• Risk Areas
– Service Provider Risks:
• Dissolving, bankruptcy, merger, overexpansion, etc.
– Technical Risks:
• Availability of service
• Data/Service Reliability
• Data Management
• Scalability
• Flexibility
• Interoperability
• Maintainability
Cloud computing (8/8)
• Risk Areas
– Non-technical Risk
• Organizational change
• Legislations and standards
• Data ownership
• Privacy, trust and liability issues
• Usability and end users experiences
• External (Overseas) Risks
– Management/Oversight Risks
– Security / Connectivity / Privacy Risks
Library & Information Services: Challenges
• Meeting the legal and ethical requirements to serve users (Five laws of library science by Ranganathan 1931).
• The information explosion and overload. No one library or even library network can fulfil all the needs of its users;
• The changing pattern of publishing and access to information: – Open Access, – Mobile and ubiquitous access – Electronic and digital publishing, – Licensing requirements, – Copyright and intellectual property laws, – Privacy and confidentiality.
Library & Information Services: Challenges
• Availability of ICT solutions that meet the needs of libraries: – Proprietary software solutions – Integrated services – Platform dependence – Multilingualism – Standardization and interoperability
• Technology • Content
– Maintainability and sustainability – Adaptability for local content – Low bandwidth – Power supply
Library & Information Services: Challenges
• Budget constraints on: – information and communication technology
infrastructures; – Collection development (acquisition); – Human resources and – Expansion and sustainability of services.
• Multidisciplinary professionals: – In the library and information services – User community.
• New breed of librarians and information specialists
Library & information services enabled by cloud computing: challenges
1. Most library computer systems are built on pre-Web technology; 2. Systems distributed across the Net using pre-Web technology are
harder and more costly to integrate; 3. Libraries store and maintain much of the same data hundreds and
thousands of times; 4. With library data scatter across distributed systems the library’s
Web presence is weakened; 5. With libraries running independent systems collaboration
between libraries is made difficult and expensive; 6. Information seekers work in common Web environments and
distributed systems make it difficult to get the library into their workflow ;
7. Many systems are only used to 10% of their capacity. Combining systems into a cloud environment reduces the carbon footprints, making libraries greener
OCLC, 2010. http://www.oclc.org/content/dam/oclc/events/2011/files/IFLA-winds-of-change-paper.pdf.
Library & information services enabled by cloud computing: potential
1. Take advantage of current and rapidly emerging technology to fully participate in the Web’s information landscape;
2. Increased visibility and accessibility of collections; 3. Reduced duplication of effort from networked technical
services and collection management; 4. Streamlined workflows, optimized to fully benefit from
network participation; 5. Cooperative intelligence and improved service levels
enabled by the large-scale aggregation of usage data; 6. Make libraries greener by sharing computing power thus
reducing carbon footprints. OCLC, 2010. http://www.oclc.org/content/dam/oclc/events/2011/files/IFLA-winds-of-change-paper.pdf
Legal aspects influencing library cloud computing
• The basic principle is that the library “rents” the application functionality from a service provider instead of the traditional approach of “owning” the software. This renting of computing services as needed, deploying of applications, storing and accessing data is equated with a scalable computing power at a much reduced cost structure.
Legal frameworks have been developed to govern the availability, quality, security, expandability, etc. of such services.
Information policies should be in place to allow for better legal agreements, audit, transparency and accountability.
Legal aspects influencing library cloud computing
• Some regularity controls need to be articulated as part of the relation between the library and the cloud service provider, including: – reasonable assurance that library staff are aware of their
responsibilities related to the confidentiality, integrity, and availability of data and information systems;
– reasonable assurance that systems and services are available to library users in accordance with the controlling Service Level Agreements (SLA);
– reasonable assurance that installation of services are properly partitioned and configures to ensure contractual obligations are met; and
– reasonable assurance that confidential and/or personal client data including system access credentials are protected (e.g., encrypted) from unauthorized interception when transmitted over open networks e.g., Internet.
Legal aspects influencing library cloud computing
Vendor lock-in and proprietary technologies. If library data and databases get locked in, then the flow of data will be disrupted, disrupting the very nature of the cloud itself.
• Licensing agreements for access, availability and ownership: – Flat fee vs. pay per use – Best seller phenomena – Consolidation of resources – Digitization and preservation – Data ownership
Legal aspects influencing library cloud computing
• National vs. international jurisdictions for:
– Definition of terms and conditions;
– Conclusion of agreements;
– Terms, conditions of payment, including currency;
– Conflict resolution and arbitration.
The EU Cloud Service Level Agreement Standardization Guidelines • The guidelines will help reassure cloud users that the
Service Level Agreement and the contract with the cloud provider meet key requirements. These include: – the availability and reliability of the cloud service being
purchased; – the quality of support services they receive from their
cloud provider; – what happens to their data when they terminate their
contract; – the security levels they need for their data; – how to better manage the data they keep in the cloud. http://ec.europa.eu/newsroom/dae/document.cfm?action=display&doc_id=6138
Access to information is a human right
• The United Nations Universal Declaration of Human Rights (1948), Article 19 sets out rights of freedom of opinion, expression and access to information for all human beings.
• The Article (19) expressly sets out a right to “Seek, receive and impart information and ideas in any media and regardless of frontiers”;
• Libraries, information centers and services and all modern methods and tools for managing knowledge (collecting, processing, storage, dissemination, sharing, utilization) fit into this domain.
Library ethics in a changing environment
• Protection of the privacy of the library user (patron) and confidentiality of data are basic principles of librarianship;
• This principle was strictly safeguarded by the librarians when they kept paper records. They were safeguarded when library computer systems were locally developed, configured and managed.
Library ethics in a changing environment
• The challenge by cloud computing emerged as data on library users is kept on third party computers out of direct control of the librarians;
• Personal data and usage transitions may include:
– Personal information which may expose the patron to abuse if leaked including unsolicited marketing, exposure of professional, research and personal interests, address, family history, user names, passwords and other credentials; etc.;
Library ethics in a changing environment
• Transactions data by a user may include: – Frequency and timing of visits/searching the
database;
– Materials requested fro acquisition or interlibrary loan,;
– Materials borrowed, downloaded or used;
– Search strategies used to find content or references;
– Private space on the cloud where downloads, profiles, private content is stored;
ALA code of ethics: selected elements
I. We provide the highest level of service to all library users through appropriate and usefully organized resources; equitable service policies; equitable access; and accurate, unbiased, and courteous responses to all requests.
II. We uphold the principles of intellectual freedom and resist all efforts to censor library resources.
III. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.
IV. We respect intellectual property rights and advocate balance between the interests of information users and rights holders.
V. We strive for excellence in the profession by maintaining and enhancing our own knowledge and skills, by encouraging the professional development of coworkers, and by fostering the aspirations of potential members of the profession.
Arab Federation of Libraries and Information Code of Conduct
The Code of Conduct issued by Arab Federation of Libraries and Information (AFLI) included a number of elements under the section “Information and Intellectual Priority”, including:
– Ensure satisfaction of users anywhere, …; – Encourage the free exchange of information and
resources, open licenses, and other means to support access information in equal, fast and economic manner;
– Library and information specialists have to protect the right of users for privacy and confidentiality of their information activities in addition to respecting their personal data taking into consideration the social responsibility and placing public interest above personal interest.
Security and privacy issues in the library cloud environment
• Confidentiality: ensuring that personal and system data is not accessed by unauthorized parties.
• Integrity: ensuring the accuracy and consistency of both bibliographic and non-bibliographic data.
• Authentication: ensuring that library users are the persons they claim to be and who have the right to access the resources.
• Access control: ensuring that library users access only the part (s) of data that they are allowed to access based on their authentication and access levels.
• Non-repudiation: ensuring that a party of a communication cannot deny having sent or received the data.
• Privacy: ensuring that library users maintain the right to control the personal data collected about them, how it is used, who uses it, who maintains it, and what purpose it is used for.
• Audit: ensuring the safety of personal and transaction data and the overall Cloud library system by recording and monitoring all users and data access activities .
