Stefan Strauß

Cloud Computing and Social Network Sites (SNS) are some of the most controversially discussed IT developments in recent years. Huge expectations exist for Cloud Computing, providing lower costs of computing while increasing employment. However, Cloud Computing as well as the use of SNS may come with a substantial risk of losing data privacy. The project conducted on Cloud Computing Services and Social Network Sites addressed the potential and impacts of these technologies. The project report showed that (1) adequate data security and privacy are critical but difficult to achieve, that (2) more consumer protection is needed and that (3) the market for Cloud Computing is not growing as fast as initially forecast, resulting in a lower than expected increase of employment and lower contribution to GDP growth.

Studie im Auftrag des Präsidiums der Österreichischen Akademie der Wissenschaften
Wien, März 2017 (überarb. Fassung v. Juni 2016)
Institut für Technikfolgen-Abschätzung
der Österreichischen Akademie der Wissenschaften
Projektleitung: Walter Peissl
Autoren: Stefan Strauß, Jaro Krieger-Lamina

Cloud computing and social network websites (SNS) are part of the same societal transformation prominently exemplifying a paradigm shift stating that “the network is the computer”1. While cloud computing includes a variety of technical concepts, SNS represent a broad scope of services and applications addressing mostly end-users. Interrelations are particularly given as regards privacy and security challenges. This is also a core part of this report as privacy is among the heavily debated concepts of our contemporary societies – highlighted in particular by SNS.

The report is structured in four main parts: The first part (Sections 1-3) gives a broad overview on the evolution of SNS describing the main stages in the development process, the major factors determining the current state-of-the-art including insights into user motivations. Section 3 presents the main driving factors determining the current SNS, their main characteristics as well as core functionality of SNS. Based on these elaborations the second part (Section 4) gives an overview on the spectrum of identified societal impacts, discusses the role of SNS as a form of a (digital) semi-public space, as well as their potential for political participation and knowledge production. Section 5 analyses in more depth the privacy implications of SNS including some technical aspects and privacy-by-design concepts. The final Section 6 summarizes the key findings and draws conclusions referring to possible options to address the challenges identified.

Based on a STOA study by the same title published in January 2014 (epub.oeaw.ac.at/?arp=0x0031bae5)

Cloud Computing and Social Network Sites (SNS) are among the most controversially discussed developments in recent years. The opportunities of using powerful computing resources on demand via the web are considered as a possible driver for the growth of the European economy. However, there are also critics arguing that economic, social and technical risks prevail or even dismiss the potentials of Cloud Computing and SNS. This project sheds light on these aspects and analysed more specifically, the latest technological and economic developments, driving factors and barriers in Europe, the main actors and their respective interests, the impacts on citizens, business and public administrations and, a broad range of technical, economic, cultural, legal, regulatory issues and their impacts. It showed that at the moment, there is a chance to achieve multiple Cloud Computing and SNS related goals simultaneously. There are no contradictions between assuring European citizens, secure, privacy aware, legally certain and fair use of Cloud Computing and SNS and in increasing the competitiveness of European ICT industries. Moreover it is possible to exploit the potential of Cloud Computing and SNS to the benefit of both the European economy and society at large. Based on this a set of options for European policy makers grouped into four themes with in total 16 options was derived.

Make security a commodity
1. Support the development of open and secure software and hardware and encryption methods.
2. Encourage the use of checklists and security certifications.
3. Assess the economic viability of large hardware security modules.
4. Initiate a dialogue on the structure and governance of the Future Internet.

Establish privacy as a location advantage
5. Proceed with the modernization of data protection.
6. Establish the principles of security and privacy by design.
7. Support the creation of a European Data Protection Board.
8. Ensure the extrate

Cloud Computing and Social Network Sites (SNS) are among the most controversially discussed developments in recent years. They are both part of the same societal transformation referring to a paradigm shift stating that “the network is the computer”. The opportunities of using powerful computing resources on demand via the web are considered as a possible driver for the growth of the European economy. Especially cost savings as well as increased productivity and mobility are seen as key elements by many experts. However, there are also critics arguing that economic, social and technical risks prevail or even dismiss the potentials of Cloud Computing and SNS. This project sheds light on these aspects and analyses the potentials and impacts of these developments. This includes a review of the technological and economic developments Cloud Computing is based on, an identification of driving factors and barriers for Cloud Computing in Europe as well as of main actors and their interests; and an analysis of impacts on citizens, business (including the IT industry itself) and public administration including a broad range of technical, economic, cultural, legal, regulatory issues and the impacts on society and economy as a whole. Cloud Computing not least includes a variety of technical concepts that alter computing infrastructures. SNS represent a prominent phenomenon grounding on Cloud Computing with a wide array of services and applications mainly focussed on end-users. Particular interrelations are given in terms of privacy and security challenges which are main issues addressed by the analysis of SNS related impacts.

This document represents the report for Phase 5 of the STOA project “Potential and Impacts of Cloud Computing and Social Network Sites”, presenting the key findings of this phase. Cloud computing and social network sites (SNS) are part of the same societal transformation prominently exemplifying a paradigm shift stating that “the network is the computer”1. While cloud computing includes a variety of technical concepts, SNS represent a broad scope of services and applications addressing mostly end-users. Interrelations are particularly given as regards privacy and security challenges. This is also a core part of this report as privacy is among the heavily debated concepts of our contemporary societies – highlighted in particular by SNS.
The report is structured in four main parts: The first part (Sections 1-3) gives a broad overview on the evolution of SNS describing the main stages in the development process, the major factors determining the current state-of-the-art including insights into user motivations. Section 3 presents the main driving factors determining the current SNS, their main characteristics as well as core functionality of SNS. Based on these elaborations the second part (Section 4) gives an overview on the spectrum of identified societal impacts, discusses the role of SNS as a form of a (digital) semi-public space, as well as their potential for political participation and knowledge production. Section 5 analyses in more depth the privacy implications of SNS including some technical aspects and privacy-by- design concepts. The final Section 6 summarizes the key findings and draws conclusions referring to possible options to address the challenges identified.

This report focuses on the impacts of Cloud Computing and the resulting challenges. It is based on an evaluation of the available scientific and industry literature, as well as on expert interviews. It should be mentioned that statements regarding Cloud Computing in reports and media on this are often contradictory. One reason for this is that various definitions are used. Some authors apply “cloud washing” and rename traditional outsourcing or web services. Based on the previous deliverable we focus on common used definitions such as the one from NIST. A second issue is that statements often are based on experts estimation due to lack of reliable time series of data. This explains the great bandwidth of results, which have to be taken with care.

Deliverable No. D1.1 of the (FP7-) Project "IRISS – Increasing Resilience in Surveillance Societies". Objective: To investigate societal effects of different surveillance practices from a multi-disciplinary social science and legal perspective.
A report addressing and analysing the factors underpinning the development and use of surveillance systems and technologies by both public authorities and private actors, and their implications in fighting crime and terrorism, social and economic costs, protection or infringement of civil liberties, fundamental rights and ethical aspects.

The take-up of Cloud Computing is one of the most controversial developments within the Information and Communication Technologies (ICT) in the last years. While its proponents argue with cost, security and technological advances that will result in more innovation and growth, its opponents argue the opposite way. Therefore the aim of this report is to lay the foundations for the overall project examing the challenges, impacts and benefits of Cloud Computing. This includes:
...to analyse the basic concepts (incl. definitions, characteristics etc.) as well as the evolution of the concept (incl. predecessors and related concepts) and the underlying technologies; to review the market situation (incl. on overview of offered services and existing providers) and to analyse the adoption and usage patterns of Cloud Computing;
...to identify driving factors and barriers based on existing literature as well as an initial assessment of indentified factors.

This document is the result of the consultation phase of the STOA-project “Potential and Impacts of Cloud Computing Services and Social Network Sites”. It addresses in the first place cloud computing and furthermore social network sites. While Cloud computing (CC) has broad implications for all areas of society and business applications are perhaps crucial for its sustained breakthrough, social network sites (SNS) have their main impact on relationships between private citizens or private citizens and businesses. Beside the impact on the IT industry itself, the development of both is also seen as pivotal for the overall competitiveness of the European economy and society. However, both also pose a number of challenges for enterprises as well as for private citizens. There could be increasing virtualisation of the processing of personal and other sensitive data that is transmitted and stored by commercial providers on servers situated in a location unknown to the costumer. Given these challenges, it is not clear whether both and in particular cloud computing will meet its potential and the high expectations connected to it. Therefore the goal of the project is to analyse this blurry situation and to assess potentials as well as positive and negative impacts for citizens, business and public authorities from a European perspective.

This interim report summarises the results of the first project phase, which lasted from April 15th to June 15th 2012. The main objective of this first project phase was the development of a detailed plan for the next four phases of the project. A preparatory meeting, held in May 2012, and several telephone conferences during the consultation phase with the project partners were very instrumental in discussing and prioritising research themes and issues.

The report itself consists of two parts. The main part presents an introductory overview of the debates on Cloud Computing Services and Social Network Sites and their

-> Today, social and economic processes are highly dependent on different technologies and their interaction.
-> Critical infrastructures are therefore the "main artery" of the digitally networked society and their functionality is essential for the provision of services of general interest.
-> System failures due to external risk factors, errors inherent to the system or unknown weak points can seriously impair the stability of societal processes.
-> The creation of effective security measures requires above all a greater awareness of the previously underestimated problem of system dependencies.

-> Gesellschaftliche und wirtschaftliche Prozesse sind heute hochgradig von verschiedenen Technologien und deren Zusammenspiel abhängig.
-> Kritische Infrastrukturen sind damit die „Hauptschlagader“ der digital vernetzten Gesellschaft, deren Funktionsfähigkeit wesentlich für Daseinsvorsorge und Grundversorgung ist.
-> Systemausfälle durch externe Risikofaktoren, systemimmanente Fehler oder unbekannte Schwachstellen können diese Funktionsfähigkeit gravierend beeinträchtigen.
-> Die Schaffung wirksamer Sicherheitsmaßnahmen erfordert vor allem mehr Bewusstsein für die bislang unterschätzte Problematik von System-Abhängigkeiten.


-> Big Data steht für die Auswertung großer Datenmengen mittels digitaler Technologien und verspricht neue Einsichten und verbesserte Entscheidungsfindung in vielen Bereichen.
-> Potenzielle Anwendungen reichen von Trend- Prognosen bis zu medizinischer Forschung. Um das Potenzial auszuschöpfen braucht es ein tieferes Verständnis über Funktionen und Risiken.
-> Big Data kann Komplexität deutlich erhöhen und gepaart mit Automatisierung unerwartete gesellschaftliche Folgen mit sich bringen. Zentrale Anforderungen zur Risikobegrenzung sind Transparenz und Überprüfbarkeit von Big-Data-Analysen.
Autor: Stefan Strauß

-> Big Data steht für die Auswertung großer Datenmengen mittels digitaler Technologien und verspricht neue Einsichten und verbesserte Entscheidungsfindung in vielen Bereichen.
-> Potenzielle Anwendungen reichen von Trend- Prognosen bis zu medizinischer Forschung. Um das Potenzial auszuschöpfen braucht es ein tieferes Verständnis über Funktionen und Risiken.
-> Big Data kann Komplexität deutlich erhöhen und gepaart mit Automatisierung unerwartete gesellschaftliche Folgen mit sich bringen. Zentrale Anforderungen zur Risikobegrenzung sind Transparenz und Überprüfbarkeit von Big-Data-Analysen.
Autor: Stefan Strauß

-> New surveillance technologies allow ever deeper observation of the lives of each individual.
-> Security measures are increasingly reliant upon surveillance technologies, based on the claim that more security requires infringements of fundamentalrights.
-> Citizens have more nuanced views: although the use of surveillance technologies is not rejected as such, it remains a contested issue. Therefore their utilisation should be limited categorically and strictly regulated and controlled.
-> The protection of personal data needs to be improved and ensured, also the case of security technologies. In addition, security should remain a public sector responsibility and social root causes of insecurity need to be addressed and solved.
Authors: Johann Čas, Walter Peissl, Jaro Krieger-Lamina, Stefan Strauß

-> Neue Überwachungstechnologien ermöglichen immer tiefere Einblicke in das Leben eines jeden Einzelnen von uns.
-> Sicherheitsmaßnahmen greifen mehr und mehr auf Überwachung zurück, mit dem Argument, dass ein Mehr an Sicherheit eben Eingriffe in Grundrechte erfordere.
-> BürgerInnen sehen dies differenzierter: Der Einsatz von Überwachungstechnologien wird nicht per se abgelehnt, aber kritisch gesehen und sollte daher prinzipiell begrenzt, strikt reguliert und kontrolliert werden.
-> Der Datenschutz sollte verbessert werden, auch bei Sicherheitstechnologien. Außerdem sollte Sicherheit eine öffentliche Aufgabe bleiben und die sozialen Wurzeln von Unsicherheit müssten bekämpft werden.
Autoren: Johann Čas, Walter Peissl, Jaro Krieger-Lamina, Stefan Strauß

-> Nowadays, social network sites (SNS) such as Facebook or Twitter are ubiquitous. They increasingly develop into platforms combining many services.
-> SNS endanger privacy to a large extent as the relationships, contents and interactions displayed there can be matched to individuals.
-> The right of informational self-determination – that is the right to decide oneself about the disclosure and usage of one’s personal data – can hardly be exercised in a world characterised by SNS. In addition, this is aggravated by providers’ terms of use and business models, which favour large-scale linking-up.
-> Not least the recently discovered surveillance scandals underline the pressing need to design SNS in a privacy-enhancing manner. Privacy-by-design is essential when it comes to re-establishing the trust of the users.

-> Soziale Netzwerkseiten (SNS) wie z.B. Facebook oder Twitter sind heute allgegenwärtig. Sie entwickeln sich zunehmend zu Plattformen, die viele Dienste miteinander verknüpfen.
-> SNS berühren in hohem Maße die Privatsphäre, da die darin abgebildeten Beziehungen, Inhalte und Interaktionen Individuen zugeordnet werden können.
-> Das Recht auf informationelle Selbstbestimmung – also das Recht, selbst über die Preisgabe und Verwendung seiner personenbezogenen Daten zu bestimmen – ist in einer durch SNS geprägten Welt schwer durchsetzbar. Zusätzlich erschweren das die auf breite Vernetzung ausgelegten Nutzungsbedingungen und Geschäftsmodelle der Anbieter.
-> Dies, sowie die jüngst bekannt gewordenen Überwachungsskandale, machen den dringenden Bedarf nach einer die Privatsphäre fördernden Gestaltung von SNS („Privacy-by-Design“) deutlich. Privacy-by-Design ist entscheidend, um das Vertrauen der NutzerInnen wiederherzustellen.