MINH LD CAO 900051034 IT Infrastructure essay Ethical issues

Ethical issues concerning cloud based conference and network administrator As cloud computing gets more popular, it raises the ethical issues where administrator necessarily holds access to all data. Generally, cloud computing means entrusting data to information systems via the internet (Google, Amazon, Cisco, etc.). Corporations and cloud service providers sign on policies and contracts to manage data. Therefore, data which includes webmail and online documents is managed by external parties on remote servers (the cloud). This paper will not discuss whether system administrator (SA) accidentally or deliberately discloses or uses the information. Rather this paper discusses the undesirable consequences and suggests solutions towards the ethical issues concerning SA. A small and specific scope will be much easier to investigate and point out the solutions. A clear example is the online conference management based on cloud computing. Basically, conference management system allows program committee browse, review and discuss academic researches and papers via the web. In a nut shell, the conference chair downloads and hosts the appropriate server software such as HOTCRP or iChair. The functions of the two are relatively similar: Automatic distribution to members, according to their preferences Automatic collection and distribution of reviews and discussion Automated emails and notifications of acceptance or rejection Auto-generated reports and statistic

Since all processes are managed in the cloud, corporations no longer have to worry about managing the servers (backups, security, update, upgrade, etc.). The need to create accounts for members each and every conference will also be eliminated. However storing data in the cloud raises serious concern over privacy issues as system administrators are custodians of a huge quantity of data and accounts information. The SAGE Code of Ethics requires SA to keep confidential and protect the confidentiality of all such data. There will certainly be compromise of reviewers anonymity as well as discussions confidentiality in conference environment. Canon Two of the Code mentions that SA shall not act with discrimination between authorized users. If SA does not fully and carefully acknowledge this Code, a number of statistics and aggregated reviewing profile (fair/ unfair, thorough/scant, harsh/ undiscerning, etc.) could also be disclosed. One might agree that networked conference SA has access to a great deal of data, he or she could also agree that it is the case for every SA out there.

The mere existence of data makes SA vulnerable to bribery, coercion and hacking attempts. If SA is also a researcher, the threat of data being leaked is even greater. SA will eventually face conflict of interest. In order to solve this problem, there is a need to encrypt data in the cloud, as long as budgets allow corporations to do so. Policies are the very first step but it does not prevent cloud service providers from abusing entrusted data. The current encryption technology allows users to upload encrypted data so easily but the offered techniques are expensive for each to adopt, in terms of IT infrastructure (bandwidth and computation). However there is another alternative route to data privacy in cloud based conferencing. Certain cloud computing applications might be primarily storage applications that do not perform processing or transaction on the server side. In that case, encrypting data before sending it to the servers could be realistic and practical. On-site conference software can be easily managed by the local administrators. Cloud computing magnifies the complication of software and data concern. Licensed software could be wrongly used. Data collected for conferences over decades presents a remarkable chance for abuse if it gets into the wrong hands. There are multiple problem storing data in the cloud. First is the possibility of data mining. Raw data could be processed to understand and improve the way conferences are administered. From there, event organizers could construct quality metrics for their conferences. By doing so, they are then equipped with the most powerful tool to identify what types of authors participated in, how many new authors are entering the community, and most importantly how conferences change over time. It is extremely difficult for SA to decide which people are allowed to mine that data and for what purposes. Is SA even the right person to determine this issue? Second, SA cannot obtain the information that might affect the users according to the Code of Ethics. In this case, there is no clear impact brought upon users if SA really mines the stored data. Therefore, policies should be decided transparently and updated over time, to catch up with technology advancement. The simple policy must be that data gathered in one conference may only be used in that particular conference. Adherence to this policy would also involve data deletion after the conference. Another suggestion would be to find alternative custodians for the data who are not actively participating in conferences. Professional groups such as IEEE, ACM are considered suitable for the purpose. Third, since the data is stored in the cloud, determining which legislation it should follow geographically presents a challenge for SA. UK Data Protection Act and EU Data Protection Directive protect data on different levels and purposes. Many countries also require data on citizens to be kept inside that country. That brings out a problem in the cloud computing model where data could reside anywhere and even system administrator might not have any idea where data is geographically located. Similarly, the fourth issue SA faces is licensing. SA is usually the person who is responsible for the legal issues of software. However, the typical corporate software licensing model does not always translate well into the cloud computing world. One application might be running on untold numbers of servers around the world and it is not easy for SA to obtain all needed licensing. Another complication is

that if SA has to temporarily transfer the US licensed software onto another server in Europe, who then decides which license SA will need? This problem has remained unsolved for many years and the computing world is still hoping for a new development. In conclusion, we have relied on professional honor of data custodians to guard against the threats for many years. The computing world should try to minimize the extent to which we rely on peoples sense of good behavior. Some argues that adherence by professionals to ethical behavior is essential to ensure all kinds of confidentiality. Yet the ethical issues presented in this paper cannot be solved simply by trusting one another. It is now the time to set guidelines and policies for cloud computing, in general and cloud based conference in particular. Here are the solutions towards cloud based conferencing: Processing encrypted data in the cloud or using hardware based security initiatives to process submitted data according to an agreed policy. Replacing country based licensing with international licensing system. Standardizing Code of Ethics to an international level. Identifying data mining regulations. Forming professional data guardian groups to appropriately protect the data.

Having said that, we are just at the beginning of the digital era, many of the current solutions at the moment will not be considered adequate for many years to come.