privacy

by Clint Lalonde on EdTech, Privacy

Amazon Web Services coming to Canada

In a blog post on the AWS site, Amazon Web Services Chief Evangelist  Jeff Barr announced that Amazon Web Services will be bringing their cloud computing service to Canada sometime this year.

This is potentially big news for edtech in Canada where our privacy laws have hindered the use of cloud based services where personal data may be stored outside of the country.

These days, it’s hard to find scalable edtech infastructure and services that are not built on AWS (or other) cloud services, and having data stored outside of Canada using cloud services has traditionally been a barrier to adoption for Canadian institutions. Not a deal breaker as there are ways to mitigate and still be compliant with privacy laws through informed consent, etc. But for many, the P.I.A (Privacy Impact Assessment) is a P.I.A. and enough of a barrier that it hindered the use of cloud based services.

For an edtech example, Canvas has had very little uptake in Canada because it is built on AWS.

Of the 25 public post-secondary institutions in BC, there is only a single institution using Canvas, and they are self hosting to work around the data storage issue. With a regional offering of AWS in Canada, I would expect to see a company like Instructure bring Canvas north of the border soon, and it being a serious contender for institutions undertaking LMS reviews.

While not explicitly stated in the release that it will be compatible with all the different provincial and federal privacy laws, it’s hard to imagine Amazon rolling out services in Canada that are not as compliant as possible. Indeed, privacy compliance with federal and provincial laws would be one of the biggest selling points for the service in Canada, as PCWorld notes;

Having a dedicated Canadian region will be important for organizations that need to comply with the patchwork of regional data protection laws Canada has, which requires the storage of some types of data inside Canada, depending on where the storer is located.

Although the question of “does legislation actually make a difference where data is stored in an interconnected world?” hangs in the air, with many seeing these regulations as doing nothing by providing the illusion of data protection for citizens.

And who knows, the TPP may get ratified in Canada and then it is a different data protection game altogether as the TPP clause on free flowing data between member countries would put it at direct odds with provincial & federal privacy laws. And while edtech might win with the TPP in that we get better access to more cloud services,  I have real concerns at what the cost to the rest of our society might be.

Addendum

Shortly after I posted this, Scott Leslie tweeted in response to this post that even if the servers are located in Canada, there is still a question of where the parent company is located.

Photo:Sensitive Data sign, Freegeek, Portland, Oregon, USA by Cory Doctorow CC-BY-SA

 
by Clint Lalonde on EdTech, Open, Teaching & Learning

Who is watching me? Shedding some light(beam) on my browsing habits

Last week, Mozilla announced the release of Lightbeam, a Firefox plugin that allows users to see not only the sites they visit, but also the third party sites that are tracking them on the web. Here is a screen shot of the last 10 sites I have visited and all the site those sites are connected to.

Lightbeam visualization

I love this tool for a number of reasons.

First, the obvious. It helps to make transparent all the sites I am actually “visiting” when I visit a website. In this day and age where privacy online is becoming more of an issue than ever before, it is important for people to know just how extensive the tracking of their behaviours is online. From what I have seen, Lightbeam doesn’t actually show you what information about you is being transmitted or tracked by those third party sites, just that there is tracking going on and with whom. But it is an important first step in understanding just how connected the web really is.

I’ll make the point, too, that just because you are unknowingly accessing third party websites while you view the web, it isn’t always to be tracked. As the development team suggests;

Third parties are an integral part of the way the Internet works today. However, when we’re unable to understand the value these companies provide and make informed choices about their data collection practices, the result is a steady erosion of trust for all stakeholders.

A tool like Lightbeam helps to make conversations about privacy and sharing of data more nuanced. Rather than painting all the third party connections with the same negative brush, I think it is important for us to have more specific conversations around the idea that maybe there are positives to having these invisible connections occurring behind the scenes. For example, many of the interactive features of the modern web require code libraries pulled from third-party sites. Is that Google connection to track you for advertising purposes, or is it to pull a font from the Google fonts collection to make the site you are on work better for you? These are important distinctions.

The second thing I love about Lightbeam is that it is a great web literacy educational tool, and extends the excellent work Mozilla is doing around web literacy by helping people understand how the web works. As building the web becomes more complicated, and the mechanisms of how the web gets built gets more obfuscated under the guise of “user-friendly” or “easy” (by no means are those neccesarily bad qualities, but obscuring qualities nonetheless), it is important that we don’t surrender the control we have over the web for the sake of convenience. Lightbeam represents a deeper dive for Mozilla into digital and web literacy than X-Ray Goggles or Thimble, but like those Webmaker tools Lightbeam exposes the inner workings of the web. Lightbeam, like the Webmaker initiative, are powerful tools to help educate people on how the web works.

Third, Lightbeam is an excellent example of an authentic learning exercise. Authentic learning (Educause PDF) exercises place a great deal of emphasis on having students work on real-world, complex problems and solutions, and I cannot think of anything more complex than the world of online privacy these days. Lightbeam was developed as a partnership between Mozilla and a research team at Emily Carr University of Art & Design in Vancouver that was made up primarily of students. They have created an important (and beautiful) tool that is relevant, timely, and has real world applications.

Finally, Lightbeam is another reminder of how powerful the iterative web enabled by open licenses can be. I’ve been jazzed lately by the idea of generativity and the generative web, and just how critical open licenses are for driving iterative, collaborative development.  Lightbeam was based on a previous FF plugin called Collusion developed by Atul Varma. It was first released as an independent project by Varma (who now works at Mozilla). Because it was released with an open source license, Mozilla and Emily Carr were able to pick up the project and build upon the excellent work of the original plugin. Open licenses made the refinement of Collusion possible.

 
by Clint Lalonde on All the rest

Privacy and cloud based apps – a background paper from BCcampus

Descending Clouds

Ahead of their province wide conference on Privacy and Cloud-Based Educational Technology happening on April 4th, BCcampus has released a background white paper on Privacy and Cloud-Based Educational Technology in British Columbia (PDF).

The report is based on questionnaires and interviews conducted by BCcampus with a cross section of institutional stakeholders (instructors, teaching and learning centres and IT administrators) at 9 BC post-secondary institutions (25 were contacted) in the Fall of 2010.

The paper highlights some of the concerns and benefits post-sec institutions in BC are grappling with when considering using cloud-based applications and services (specifically those hosted in the US), and illustrates some examples of how BC post-sec’s have addressed these issues within their institutions.

Some institutions are afraid to authorize any “web 2.0” technologies because of privacy concerns, some have used workarounds, and some have just gone ahead and implemented institution-wide technologies to the best of their ability.

If you are involved in IT or EdTech in BC, this report is well worth the read and provides some real-life examples of how post-sec institutions in BC are addressing the ambiguous issues inherent with the big elephant in the room. As the report notes:

All (post-secondary institutions) have one thing in common: the need for clarity around what is or is not aligned with B.C.’s privacy legislation.

This ambiguity is reflected in one of the questions raised by Vancouver Island University:

Getting clear-cut responses from the Office of the BC Privacy Commissioner is important to  enabling post-secondary administrators to provide correct advice and guidance on FIPPA  related questions. What can the BC government ministry [responsible for FIPPA] do to  facilitate this?

Gina Bennett from the College of the Rockies also reflects this clarity concern.

According to Gina Bennett at COTR, FIPPA requirements aren’t well understood. “[Postsecondary institutions] use extreme caution, they don’t act -out of fear– or they fly under the  radar,” when they consider using cloud-based services or social media.

But my favorite Gina Bennett quote has to be this one, which nicely encapsulates one of the big picture issue that are at stake here.

“I wish we could have ‘openness people’ rather than ‘privacy people” at institutions. We  should be all about sharing. What is the purpose of the academy if not for sharing ideas?”

Hear, hear.

Photo: Descending Clouds by Gary Hayes used under Creative Commons license