Welcome!

Cloud Security Authors: Mamoon Yunus, Liz McMillan, Elizabeth White, Lisa Calkins, Pat Romanski

Related Topics: Agile Computing, @CloudExpo, Cloud Security

Agile Computing: Blog Post

Facebook vs. Data Portability | @CloudExpo #Cloud #BigData #Storage

A defiant act of civil disobedience against Facebook by Power Ventures led to an Eight-Year court battle

Facebook vs. Data Portability: Who Owns an Individual's Data? Supreme Court Asked to Decide

From 2006 to 2011, Power Ventures operated a groundbreaking online communications, personal data management, and social networking aggregator hosted at the website www.power.com. Power offered registered users the capacity to access multiple online social networks (e.g., LinkedIn, Twitter), messaging services (e.g., Microsoft messenger-MSN), and email accounts (e.g., Google mail) through a single, integrated online interface consisting of a digital dashboard and browser. This online interface also featured popular add-in applications like a unified address book and mailbox integrating all of a user's contacts, emails, social network messages, and instant messages in one place. The interface additionally enabled Power users to move files between different accounts with a click-and-drag function, like a user moves folders on an AppleOS or Microsoft Windows desktop.

You had over 20 million users at your peak. How did Power.com work and why was it so valuable for users?

Steven Vachani, CEO of Power Ventures: Power offered its users the capacity to access multiple online social networks (e.g., LinkedIn, Twitter), messaging services (e.g., Microsoft messenger-MSN), and email accounts (e.g., Google mail) through a single, integrated online interface consisting of a digital dashboard and browser. This online interface also featured popular add-in applications like a unified address book and mailbox integrating all of a user's contacts, emails, social network messages, and instant messages in one place. The interface also allowed Power users to move files between different accounts with a click-and-drag function, like a user moves folders on a Mac or Microsoft Windows desktop.

How did your Data Portability functionality work for users?

Vachani: We offered our users both portability and the ability to have all their data (contacts, photos, files, messages) synchronized across their different sites. Our data synchronization and portability features were particularly popular among our users. Imagine you wanted move or copy a thousand photos and photo descriptions from Facebook to another social network or to a cloud storage account such as Dropbox. Just to move one photo, it would take several steps to click, download, and save each photo on your device, and several more steps to recreate each folder. Just as you use a moving company in the real world to transport your possessions from one home to another, Power worked as a ‘digital mover.' It allowed users to move, synchronize, or copy all of their online data freely between accounts with a simple drag-and-drop functionality. Power was a new type of operating system for the Internet, in the same way that Windows is an operating system for your desktop.

You just petitioned the US Supreme Court to decide on an 8-year-long battle between you and Facebook on the issue of data portability. What is the petition about?

Vachani: Our petition asks the Supreme Court to clarify once and for all who truly owns an individual's data and property on the Internet. More importantly, we are asking the court to definitively clarify if a social network, cloud storage provider, or other website has the right to obstruct you, or any third party you authorize to assist you in moving your personal data to another site or to a personal computer.

You are arguing that the 9th Circuit's decision sets a dangerous precedent which obstructs data portability and gives any social network, cloud storage provider, or other website the ability to lock a user out of their online data or possessions. Can you explain this?

Vachani: Let me give a more familiar example to make my point. Imagine if the 9th Circuit Court had said that your landlord was legally authorized to restrict you from using boxes, movers, and a moving truck to help you pack, ship, and transport your personal belongings outside of your current home to a new home. This would force you against your will to either not move at all or to abandon your personal possessions. This is exactly what the 9th Circuit ruled in regards to an individual's rights to freely move their online data and property. Now, any social network ( i.e. Facebook or LinkedIn) or cloud storage site (i.e. Dropbox, Microsoft, Google, or Apple) can lock your data inside their site and make it very difficult for you to move your digital property. If you or your digital mover (i.e. Power.com)  try to help you move your data, and Facebook doesn't want you to do this any more, you could both face criminal penalties.

Facebook claims that you violated the CFAA, a federal anti-hacking law and the 9th circuit decision partly supports Facebook's claim. How did 9th Circuit justify this decision?

Vachani: After the popularity of the movie "War Games" in the early 1980's, it became a catalyst for the creation of a severe anti-hacking law with federal criminal penalties specifically targeted at combating hacking what the CFAA calls a ‘protected computer.' The CFAA defines a ‘protected computer' very specifically as a computer used by the US government or US financial institutions and they also include computers used to facilitate interstate or international commerce or communication for the government. The penalties for CFAA violations could range from 5 to 20+ years in prison.

The CFAA was created back in the early 1980's at a time when nobody could have foreseen the Internet as we know it today with billions of users using social media, instant messaging, and personal cloud storage sites. In the early 1990's, creative prosecutors started to broaden the scope of the CFAA to everything well beyond the direct hacking of government ‘protected' computers for which the law was originally intended. Over the last twenty years, the CFAA went down a slippery slope where now even private companies can use the CFAA to intimidate and scare their competitors or even individual users from doing anything they don't like. This includes relatively innocuous actions such as not allowing you to give your password to your mom, your friend or a third party or authorizing a third party digital moving service to assist a user to move their own data to a new place.

If users gave you their passwords and authorized you to access their accounts on their behalf and for their benefit, why does Facebook and the 9th Circuit consider this to be a violation of one of the government's most serious federal hacking laws?

Vachani: Facebook's CFAA claim, which the 9th Circuit adopted, was that Power accessed its website and servers- which they argue is also a "protected computer" under CFAA-and that it did so "without authorization" since Facebook had explicitly told them to desist.  In Facebook's view, the authorization to Power from the individual users to access their own Facebook data was irrelevant after Facebook had asked Power to stop assisting users to organize and move their own personal data.

The 9th Circuit has effectively ruled that a website owner has the unilateral right to prevent or obstruct a user from moving their data from one site to another location. As in my earlier analogy, this is the same as if the courts had legally authorized all landlords in the country to restrict you from using boxes, movers, and a moving truck to help you pack, ship, and transport your personal belongings outside of your current home to a new home.

How did the 9th Circuit justify this decision?

Vachani: The 9th Circuit Court analogized Power's conduct to a person given permission to access jewelry in a friend's safe deposit box who walks into the bank with a shotgun to whom the bank refuses entry. The analogy is inept and misleading, because Facebook's mission is not to secure the user's "property" (e.g., photos, friends' contact information) in an online vault, but rather to share it with friends and family and sometimes the public at large.  Furthermore, Power did not wield a figurative gun: its user-authorized entry into users' Facebook data was not even arguably coercive or dangerous, as evidenced by the fact that every other online service in Facebook's position (like Google and Microsoft) permitted Power to operate with millions of users in their site from 2006-2011 when Power ceased operations.  In fact, one of the same judges who ruled in favor of this decision, Judge Wardlaw, noted during the 9th Circuit oral argument that ‘physical property analogies are often unhelpful in the online context.'

How do you assess the situation?

Vachani: I believe this ultimately comes down to common sense and existing precedent for standard behavior for a user to access and move their data out of a web site. If Power was truly carrying a shotgun, there are actually very serious existing laws and commonly accepted precedents that would define this as dangerous behavior. In the case of Power, we were performing the exact same actions that every user themselves can and do every time they access Facebook. Like a mover who is contracted to move your personal property, we move this data more efficiently and professionally than a user could do manually. Facebook themselves admitted on the record that Power caused no damage and also didn't challenge our proof that there was not single documented complaint by any user of Power performing the services that the user's asked us to do. Had we been carrying a ‘shotgun' or disrupting the peace on Facebook, you can imagine that at least one user from our millions of users using our service might have filed a complaint. In this case, not a single one of our millions of users documented a complaint to Facebook or anyone else and Facebook was not able to produce any complaints or cite any damages.

According to the cease and desist letter Power received, Facebook, stated that you had violated their terms and conditions and had to leave. How could Power justify its actions?

Vachani: Initially when we received the cease and desist request, we were quite shocked that Facebook was asking us to cease assisting users to export their own data and property. This was even more shocking considering that Facebook and every other major social media web sites at the time were currently and had been for many years using this exact same technique of requesting user's password from their other accounts and then assisting users to export their address books and other data into Facebook. In fact, the import address book feature to assist users to bring their friends to Facebook was likely the single biggest contributor to Facebook's early acquisition of users.

We believed and made clear that the user's right to own, control, and move their data without obstruction is an inalienable right just as the right to freely port your mobile phone number and to freely move your possessions from your apartment. We also found Facebook's justification stating that we were in violation of Facebook's terms and conditions and that we were hackers under the CFAA's definition of hacking, to be very disturbing interpretations of government laws which could be harmful to future rights of Internet citizens. Therefore, In an act of civil disobedience for what we viewed as an unjust and flawed interpretation a user's rights and existing laws, we held our ground and engaged Facebook in meaningful dialogue on this very important matter. We invited Facebook to engage in meaningful discussions on this matter. After Facebook filed its lawsuit, we moved our dispute to the legal system, and now the Supreme Court, to resolve this important question once and for all.

Why is Data Portability so important to the future of the Internet?

Vachani: Data portability is among the most important digital issues of our time and the determination of who truly owns an individual's online presence will be crucial to the growth and economics of our digital culture. Today, our entire professional and personal life, including our hard drives and software/apps, are all stored in the cloud Users invest hours creating and organizing their entire life online in the cloud and on social network. Their photos, videos, messages, personal and work files, and pretty much everything else we do, daily to social networking and online cloud, but few really understand the nuances of terms and usage agreements.

The European Union has recently presented guidelines on the right to Data Portability confirming that users must have the right to transmit personal data from one data controller to another data controller ‘without hindrance.' Just as the EU has clearly identified the emerging importance of this issue, we are asking the Supreme Court to recognize the national and international importance of this issue affecting hundreds of millions of American Internet users and billions of global Internet users.

What has the support been like so far from human rights organizations and how do you expect for such support to help your case?

Vachani: We have the support of the Electronic Frontier Foundation (EFF) and the ACLU which weigh in favor of data ownership as an individual right. We expect that their support will help demonstrate that digital ownership is a human right. As society evolves and we become more reliant on technology, ownership and control of our digital identities will become increasingly vital to protect.

Supreme Court - Question presented.jpg

What do social networking sites like Facebook have to gain and lose in the stake for data portability? Why would they oppose a site like Power.com?

Vachani: Facebook argued that Power.com violated the CAN SPAM Act and the CFAA by accessing Facebook without authorization. Facebook did not want individual users to be able to move their data and online property around freely, or to be able to control their own photos, contacts, and messages from Facebook to other accounts. Facebook stood to lose some control over user data, which is why they opposed Power.com. The 9th Circuit eventually ruled that Power did indeed have authorization to access user data because it was given to Power by users themselves.

To be clear about this, like many other social networks that came and disappeared, Facebook might not even be around today if they had not used these unfair and anti-competitive tactics. The lack of data portability dramatically reduces innovation and investment by potential innovators to try to compete against Facebook. Had seamless unobstructed one click data portability been available just as seamless number portability is available with mobile phone company, there is a very good chance that Facebook would most likely not be the market leader that it is today and that the Internet and landscape of social media players would look very different today. Google spent a fortune trying to get traction on its Google Plus social network, but ultimately users were not willing to use a new social network when all their data and contacts were still locked inside Facebook. Power.com empowered users to own and control all their data in all places on their own terms rather than Facebook dictating and controlling the terms of how you want to use your own data and digital property.

What was the outcome of the 9th Circuit ruling?

Vachani: The 9th Circuit reversed prior claims by Facebook that Power violated the CAN SPAM Act and the CFAA by accessing Facebook without authorization, and ruled that Power did indeed have authorization to access user's data because it was given to Power by users themselves. At the same time, the court also ruled against Power stating that its initial authorization by users was then revoked after Facebook asked Power to leave.

Why is this fight so important to you and to Internet users?

Vachani: Today, the internet is at the foundation of every aspect of our lives. It is time for digital human rights to be treated with the same level of gravity as other human and civil rights violations. Users should have the same level of ownership and control of their digital data as they do their physical property.

About Power Ventures (formerly operating as Power.com)

From 2006 to 2011, Power Ventures operated a groundbreaking online communications, personal data management, and social networking aggregator hosted at the website www.power.com. Power offered registered users the capacity to access multiple online social networks (e.g., LinkedIn, Twitter), messaging services (e.g., Microsoft messenger-MSN), and email accounts (e.g., Google mail) through a single, integrated online interface consisting of a digital dashboard and browser. This online interface also featured popular add-in applications like a unified address book and mailbox integrating all of a user's contacts, emails, social network messages, and instant messages in one place. The interface additionally enabled Power users to move files between different accounts with a click-and-drag function, like a user moves folders on an AppleOS or Microsoft Windows desktop.

Founded by CEO and global serial entrepreneur, Steven Vachani in Rio de Janeiro, Brazil in 2006, Power Ventures was Brazil's first global technology startup to ever to receive funding from a Tier 1 Silicon Valley VC firm. Power built the Internet's first APP platform and CONNECT platforms in 2006 which were precursors to Facebook Connect and now widely used Apple and Google App platforms. Power attracted more than ten million dollars of investment as a startup from noted Silicon Valley venture capital firms like Draper Fisher Jurvetson (who also invested in Hotmail, Skype, and Tesla) and registered more than twenty million users at its peak.

More Stories By Xenia von Wedel

Xenia von Wedel is a Tech blogger and Enterprise Media Consultant in Mountain View, serving clients in a variety of industries worldwide. She is focused on thought leadership content creation and syndication, media outreach and strategy. She mainly writes about Enterprise, B2B solutions, social media and open source software, but throws the occasional oddball into the mix. Buy her a coffee if you like her article: http://xeniar.tip.me

@ThingsExpo Stories
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, shared examples from a wide range of industries – including en...
Detecting internal user threats in the Big Data eco-system is challenging and cumbersome. Many organizations monitor internal usage of the Big Data eco-system using a set of alerts. This is not a scalable process given the increase in the number of alerts with the accelerating growth in data volume and user base. Organizations are increasingly leveraging machine learning to monitor only those data elements that are sensitive and critical, autonomously establish monitoring policies, and to detect...
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. Jack Norris reviews best practices to show how companies develop, deploy, and dynamically update these applications and how this data-first...
Intelligent Automation is now one of the key business imperatives for CIOs and CISOs impacting all areas of business today. In his session at 21st Cloud Expo, Brian Boeggeman, VP Alliances & Partnerships at Ayehu, will talk about how business value is created and delivered through intelligent automation to today’s enterprises. The open ecosystem platform approach toward Intelligent Automation that Ayehu delivers to the market is core to enabling the creation of the self-driving enterprise.
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, will provide a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to ...
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Because IoT devices are deployed in mission-critical environments more than ever before, it’s increasingly imperative they be truly smart. IoT sensors simply stockpiling data isn’t useful. IoT must be artificially and naturally intelligent in order to provide more value In his session at @ThingsExpo, John Crupi, Vice President and Engineering System Architect at Greenwave Systems, will discuss how IoT artificial intelligence (AI) can be carried out via edge analytics and machine learning techn...
In his session at @ThingsExpo, Arvind Radhakrishnen discussed how IoT offers new business models in banking and financial services organizations with the capability to revolutionize products, payments, channels, business processes and asset management built on strong architectural foundation. The following topics were covered: How IoT stands to impact various business parameters including customer experience, cost and risk management within BFS organizations.
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
From 2013, NTT Communications has been providing cPaaS service, SkyWay. Its customer’s expectations for leveraging WebRTC technology are not only typical real-time communication use cases such as Web conference, remote education, but also IoT use cases such as remote camera monitoring, smart-glass, and robotic. Because of this, NTT Communications has numerous IoT business use-cases that its customers are developing on top of PaaS. WebRTC will lead IoT businesses to be more innovative and address...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, will introduce two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a...
SYS-CON Events announced today that Calligo has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo is an innovative cloud service provider offering mid-sized companies the highest levels of data privacy. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalized support service from its globally located cloud platform...
SYS-CON Events announced today that Elastifile will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Elastifile Cloud File System (ECFS) is software-defined data infrastructure designed for seamless and efficient management of dynamic workloads across heterogeneous environments. Elastifile provides the architecture needed to optimize your hybrid cloud environment, by facilitating efficient...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Launched in 2016, Cloudistics helps anyone bring the power of the cloud to the data center in an easy-to-use, on- premises cloud platform that automatically provides high performance resources for all types of applications: Docke...
SYS-CON Events announced today that Golden Gate University will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Since 1901, non-profit Golden Gate University (GGU) has been helping adults achieve their professional goals by providing high quality, practice-based undergraduate and graduate educational programs in law, taxation, business and related professions. Many of its courses are taug...