Welcome!

Cloud Security Authors: John Walsh, Elizabeth White, James Carlini, Xenia von Wedel, Mehdi Daoudi

Related Topics: Agile Computing, @CloudExpo, Cloud Security

Agile Computing: Blog Post

Facebook vs. Data Portability | @CloudExpo #Cloud #BigData #Storage

A defiant act of civil disobedience against Facebook by Power Ventures led to an Eight-Year court battle

Facebook vs. Data Portability: Who Owns an Individual's Data? Supreme Court Asked to Decide

From 2006 to 2011, Power Ventures operated a groundbreaking online communications, personal data management, and social networking aggregator hosted at the website www.power.com. Power offered registered users the capacity to access multiple online social networks (e.g., LinkedIn, Twitter), messaging services (e.g., Microsoft messenger-MSN), and email accounts (e.g., Google mail) through a single, integrated online interface consisting of a digital dashboard and browser. This online interface also featured popular add-in applications like a unified address book and mailbox integrating all of a user's contacts, emails, social network messages, and instant messages in one place. The interface additionally enabled Power users to move files between different accounts with a click-and-drag function, like a user moves folders on an AppleOS or Microsoft Windows desktop.

You had over 20 million users at your peak. How did Power.com work and why was it so valuable for users?

Steven Vachani, CEO of Power Ventures: Power offered its users the capacity to access multiple online social networks (e.g., LinkedIn, Twitter), messaging services (e.g., Microsoft messenger-MSN), and email accounts (e.g., Google mail) through a single, integrated online interface consisting of a digital dashboard and browser. This online interface also featured popular add-in applications like a unified address book and mailbox integrating all of a user's contacts, emails, social network messages, and instant messages in one place. The interface also allowed Power users to move files between different accounts with a click-and-drag function, like a user moves folders on a Mac or Microsoft Windows desktop.

How did your Data Portability functionality work for users?

Vachani: We offered our users both portability and the ability to have all their data (contacts, photos, files, messages) synchronized across their different sites. Our data synchronization and portability features were particularly popular among our users. Imagine you wanted move or copy a thousand photos and photo descriptions from Facebook to another social network or to a cloud storage account such as Dropbox. Just to move one photo, it would take several steps to click, download, and save each photo on your device, and several more steps to recreate each folder. Just as you use a moving company in the real world to transport your possessions from one home to another, Power worked as a ‘digital mover.' It allowed users to move, synchronize, or copy all of their online data freely between accounts with a simple drag-and-drop functionality. Power was a new type of operating system for the Internet, in the same way that Windows is an operating system for your desktop.

You just petitioned the US Supreme Court to decide on an 8-year-long battle between you and Facebook on the issue of data portability. What is the petition about?

Vachani: Our petition asks the Supreme Court to clarify once and for all who truly owns an individual's data and property on the Internet. More importantly, we are asking the court to definitively clarify if a social network, cloud storage provider, or other website has the right to obstruct you, or any third party you authorize to assist you in moving your personal data to another site or to a personal computer.

You are arguing that the 9th Circuit's decision sets a dangerous precedent which obstructs data portability and gives any social network, cloud storage provider, or other website the ability to lock a user out of their online data or possessions. Can you explain this?

Vachani: Let me give a more familiar example to make my point. Imagine if the 9th Circuit Court had said that your landlord was legally authorized to restrict you from using boxes, movers, and a moving truck to help you pack, ship, and transport your personal belongings outside of your current home to a new home. This would force you against your will to either not move at all or to abandon your personal possessions. This is exactly what the 9th Circuit ruled in regards to an individual's rights to freely move their online data and property. Now, any social network ( i.e. Facebook or LinkedIn) or cloud storage site (i.e. Dropbox, Microsoft, Google, or Apple) can lock your data inside their site and make it very difficult for you to move your digital property. If you or your digital mover (i.e. Power.com)  try to help you move your data, and Facebook doesn't want you to do this any more, you could both face criminal penalties.

Facebook claims that you violated the CFAA, a federal anti-hacking law and the 9th circuit decision partly supports Facebook's claim. How did 9th Circuit justify this decision?

Vachani: After the popularity of the movie "War Games" in the early 1980's, it became a catalyst for the creation of a severe anti-hacking law with federal criminal penalties specifically targeted at combating hacking what the CFAA calls a ‘protected computer.' The CFAA defines a ‘protected computer' very specifically as a computer used by the US government or US financial institutions and they also include computers used to facilitate interstate or international commerce or communication for the government. The penalties for CFAA violations could range from 5 to 20+ years in prison.

The CFAA was created back in the early 1980's at a time when nobody could have foreseen the Internet as we know it today with billions of users using social media, instant messaging, and personal cloud storage sites. In the early 1990's, creative prosecutors started to broaden the scope of the CFAA to everything well beyond the direct hacking of government ‘protected' computers for which the law was originally intended. Over the last twenty years, the CFAA went down a slippery slope where now even private companies can use the CFAA to intimidate and scare their competitors or even individual users from doing anything they don't like. This includes relatively innocuous actions such as not allowing you to give your password to your mom, your friend or a third party or authorizing a third party digital moving service to assist a user to move their own data to a new place.

If users gave you their passwords and authorized you to access their accounts on their behalf and for their benefit, why does Facebook and the 9th Circuit consider this to be a violation of one of the government's most serious federal hacking laws?

Vachani: Facebook's CFAA claim, which the 9th Circuit adopted, was that Power accessed its website and servers- which they argue is also a "protected computer" under CFAA-and that it did so "without authorization" since Facebook had explicitly told them to desist.  In Facebook's view, the authorization to Power from the individual users to access their own Facebook data was irrelevant after Facebook had asked Power to stop assisting users to organize and move their own personal data.

The 9th Circuit has effectively ruled that a website owner has the unilateral right to prevent or obstruct a user from moving their data from one site to another location. As in my earlier analogy, this is the same as if the courts had legally authorized all landlords in the country to restrict you from using boxes, movers, and a moving truck to help you pack, ship, and transport your personal belongings outside of your current home to a new home.

How did the 9th Circuit justify this decision?

Vachani: The 9th Circuit Court analogized Power's conduct to a person given permission to access jewelry in a friend's safe deposit box who walks into the bank with a shotgun to whom the bank refuses entry. The analogy is inept and misleading, because Facebook's mission is not to secure the user's "property" (e.g., photos, friends' contact information) in an online vault, but rather to share it with friends and family and sometimes the public at large.  Furthermore, Power did not wield a figurative gun: its user-authorized entry into users' Facebook data was not even arguably coercive or dangerous, as evidenced by the fact that every other online service in Facebook's position (like Google and Microsoft) permitted Power to operate with millions of users in their site from 2006-2011 when Power ceased operations.  In fact, one of the same judges who ruled in favor of this decision, Judge Wardlaw, noted during the 9th Circuit oral argument that ‘physical property analogies are often unhelpful in the online context.'

How do you assess the situation?

Vachani: I believe this ultimately comes down to common sense and existing precedent for standard behavior for a user to access and move their data out of a web site. If Power was truly carrying a shotgun, there are actually very serious existing laws and commonly accepted precedents that would define this as dangerous behavior. In the case of Power, we were performing the exact same actions that every user themselves can and do every time they access Facebook. Like a mover who is contracted to move your personal property, we move this data more efficiently and professionally than a user could do manually. Facebook themselves admitted on the record that Power caused no damage and also didn't challenge our proof that there was not single documented complaint by any user of Power performing the services that the user's asked us to do. Had we been carrying a ‘shotgun' or disrupting the peace on Facebook, you can imagine that at least one user from our millions of users using our service might have filed a complaint. In this case, not a single one of our millions of users documented a complaint to Facebook or anyone else and Facebook was not able to produce any complaints or cite any damages.

According to the cease and desist letter Power received, Facebook, stated that you had violated their terms and conditions and had to leave. How could Power justify its actions?

Vachani: Initially when we received the cease and desist request, we were quite shocked that Facebook was asking us to cease assisting users to export their own data and property. This was even more shocking considering that Facebook and every other major social media web sites at the time were currently and had been for many years using this exact same technique of requesting user's password from their other accounts and then assisting users to export their address books and other data into Facebook. In fact, the import address book feature to assist users to bring their friends to Facebook was likely the single biggest contributor to Facebook's early acquisition of users.

We believed and made clear that the user's right to own, control, and move their data without obstruction is an inalienable right just as the right to freely port your mobile phone number and to freely move your possessions from your apartment. We also found Facebook's justification stating that we were in violation of Facebook's terms and conditions and that we were hackers under the CFAA's definition of hacking, to be very disturbing interpretations of government laws which could be harmful to future rights of Internet citizens. Therefore, In an act of civil disobedience for what we viewed as an unjust and flawed interpretation a user's rights and existing laws, we held our ground and engaged Facebook in meaningful dialogue on this very important matter. We invited Facebook to engage in meaningful discussions on this matter. After Facebook filed its lawsuit, we moved our dispute to the legal system, and now the Supreme Court, to resolve this important question once and for all.

Why is Data Portability so important to the future of the Internet?

Vachani: Data portability is among the most important digital issues of our time and the determination of who truly owns an individual's online presence will be crucial to the growth and economics of our digital culture. Today, our entire professional and personal life, including our hard drives and software/apps, are all stored in the cloud Users invest hours creating and organizing their entire life online in the cloud and on social network. Their photos, videos, messages, personal and work files, and pretty much everything else we do, daily to social networking and online cloud, but few really understand the nuances of terms and usage agreements.

The European Union has recently presented guidelines on the right to Data Portability confirming that users must have the right to transmit personal data from one data controller to another data controller ‘without hindrance.' Just as the EU has clearly identified the emerging importance of this issue, we are asking the Supreme Court to recognize the national and international importance of this issue affecting hundreds of millions of American Internet users and billions of global Internet users.

What has the support been like so far from human rights organizations and how do you expect for such support to help your case?

Vachani: We have the support of the Electronic Frontier Foundation (EFF) and the ACLU which weigh in favor of data ownership as an individual right. We expect that their support will help demonstrate that digital ownership is a human right. As society evolves and we become more reliant on technology, ownership and control of our digital identities will become increasingly vital to protect.

Supreme Court - Question presented.jpg

What do social networking sites like Facebook have to gain and lose in the stake for data portability? Why would they oppose a site like Power.com?

Vachani: Facebook argued that Power.com violated the CAN SPAM Act and the CFAA by accessing Facebook without authorization. Facebook did not want individual users to be able to move their data and online property around freely, or to be able to control their own photos, contacts, and messages from Facebook to other accounts. Facebook stood to lose some control over user data, which is why they opposed Power.com. The 9th Circuit eventually ruled that Power did indeed have authorization to access user data because it was given to Power by users themselves.

To be clear about this, like many other social networks that came and disappeared, Facebook might not even be around today if they had not used these unfair and anti-competitive tactics. The lack of data portability dramatically reduces innovation and investment by potential innovators to try to compete against Facebook. Had seamless unobstructed one click data portability been available just as seamless number portability is available with mobile phone company, there is a very good chance that Facebook would most likely not be the market leader that it is today and that the Internet and landscape of social media players would look very different today. Google spent a fortune trying to get traction on its Google Plus social network, but ultimately users were not willing to use a new social network when all their data and contacts were still locked inside Facebook. Power.com empowered users to own and control all their data in all places on their own terms rather than Facebook dictating and controlling the terms of how you want to use your own data and digital property.

What was the outcome of the 9th Circuit ruling?

Vachani: The 9th Circuit reversed prior claims by Facebook that Power violated the CAN SPAM Act and the CFAA by accessing Facebook without authorization, and ruled that Power did indeed have authorization to access user's data because it was given to Power by users themselves. At the same time, the court also ruled against Power stating that its initial authorization by users was then revoked after Facebook asked Power to leave.

Why is this fight so important to you and to Internet users?

Vachani: Today, the internet is at the foundation of every aspect of our lives. It is time for digital human rights to be treated with the same level of gravity as other human and civil rights violations. Users should have the same level of ownership and control of their digital data as they do their physical property.

About Power Ventures (formerly operating as Power.com)

From 2006 to 2011, Power Ventures operated a groundbreaking online communications, personal data management, and social networking aggregator hosted at the website www.power.com. Power offered registered users the capacity to access multiple online social networks (e.g., LinkedIn, Twitter), messaging services (e.g., Microsoft messenger-MSN), and email accounts (e.g., Google mail) through a single, integrated online interface consisting of a digital dashboard and browser. This online interface also featured popular add-in applications like a unified address book and mailbox integrating all of a user's contacts, emails, social network messages, and instant messages in one place. The interface additionally enabled Power users to move files between different accounts with a click-and-drag function, like a user moves folders on an AppleOS or Microsoft Windows desktop.

Founded by CEO and global serial entrepreneur, Steven Vachani in Rio de Janeiro, Brazil in 2006, Power Ventures was Brazil's first global technology startup to ever to receive funding from a Tier 1 Silicon Valley VC firm. Power built the Internet's first APP platform and CONNECT platforms in 2006 which were precursors to Facebook Connect and now widely used Apple and Google App platforms. Power attracted more than ten million dollars of investment as a startup from noted Silicon Valley venture capital firms like Draper Fisher Jurvetson (who also invested in Hotmail, Skype, and Tesla) and registered more than twenty million users at its peak.

More Stories By Xenia von Wedel

Xenia von Wedel is a Tech blogger and Enterprise Media Consultant in Silicon Valley and Paris, serving clients in a variety of industries worldwide. She is focused on thought leadership content creation and syndication, media outreach and strategy. She mainly writes about Blockchain, Enterprise, B2B solutions, social media and open source software, but throws the occasional oddball into the mix. Tip her if you like her articles: http://xeniar.tip.me

@ThingsExpo Stories
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, discussed how from store operations and ...
"There's plenty of bandwidth out there but it's never in the right place. So what Cedexis does is uses data to work out the best pathways to get data from the origin to the person who wants to get it," explained Simon Jones, Evangelist and Head of Marketing at Cedexis, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
It is of utmost importance for the future success of WebRTC to ensure that interoperability is operational between web browsers and any WebRTC-compliant client. To be guaranteed as operational and effective, interoperability must be tested extensively by establishing WebRTC data and media connections between different web browsers running on different devices and operating systems. In his session at WebRTC Summit at @ThingsExpo, Dr. Alex Gouaillard, CEO and Founder of CoSMo Software, presented ...
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, introduced two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a multip...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
SYS-CON Events announced today that Evatronix will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Evatronix SA offers comprehensive solutions in the design and implementation of electronic systems, in CAD / CAM deployment, and also is a designer and manufacturer of advanced 3D scanners for professional applications.
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mobility, enabled by an automated and seamless flow across on-premises and cloud resources. In his general session at 21st Cloud Expo, Greg Tevis, an IBM Storage Software Technical Strategist and Customer Solution Architec...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
An increasing number of companies are creating products that combine data with analytical capabilities. Running interactive queries on Big Data requires complex architectures to store and query data effectively, typically involving data streams, an choosing efficient file format/database and multiple independent systems that are tied together through custom-engineered pipelines. In his session at @BigDataExpo at @ThingsExpo, Tomer Levi, a senior software engineer at Intel’s Advanced Analytics gr...