Indeed, I think the core of the debate was not on the different conceptions of the PLE, but on the role of institutions and the educational system as a whole, and not in providing educational spaces through technology, but on their very same essence: do we need institutions and, if yes, of what kind and doing what.

While we get rid or not of institutions, they are still there, PLEs exist too and it would not be such a bad idea to try and build bridges amongst them. The iPLE is a very interesting approach, and I very much liked the communication SAPO Campus. Plataforma integrada de serviços web 2.0 para educação that Carlos Santos and Luis Pedro made at the VI Conferência Internacional de TIC na Educação. I came up with the HIPLE concept with Introducing the Hybrid Institutional-Personal Learning Environment (HIPLE), and now Steve Wheeler proposes a more generic term, Cloud Learning Environment, in his Anatomy of a PLE.

The complexity we’re putting ourselves into makes me feel the urge to somehow map all the concepts and approaches I’ve been seeing around in the last years. This is a gathering, not a taxonomy, and the definitions and sets will be purely personal.

Mapping the PLE-sphere [click to enlarge]

Institutions

Virtual Learning Environments (VLE), Online Learning Environments and Managed Learning Environments (MLE — sometimes also iMLE for Institutionally Managed Learning Environment) are the insitutional ways to provide a platform for virtual learning (or to support the online part of blended learning). They stand for what some have called Virtual Campus or Online Campus.

As a platform, VLEs mainly have four big categories of applications and services:

• The applications that manage records, immatriculations and all the administrative staff. Most people call them Learning Management Systems (LMS).
• A place where to store learning materials, a Content Management System (CMS). LCMS is usually understood as LMS + CMS.
• A social layer, that is, directories, or virtual classrooms where students can interact. Let’s call this in-campus social layer Institutional Personal Learning Network (iPLN).
• A device where all the “production” of the student is stored and assessed. For the sake of clarity let’s call this just ePortfolio.

Individuals

The personal side is more chaotic. Under the concept of the Personal Learning Environment (PLE) we find everything (literally: everything) that a person is using to learn. In general terms, this is:

• Web 2.0 services, offered by third parties, that help them to blog, to share documents, to monitor people and content, etc.
• Sometimes, these services are not offered by third parties, but hosted and managed by the individual himself in his own domain. We talk then about Web 2.0 tools. The distinction, while technically not very relevant, it certainly is at the conceptual level.
• A social layer can also happen outside of campuses. If provided by a third party as a service, we’re facing the Social Learning Network (SLN) and it usually includes Web 2.0 tools.
• If self-built, we are talking about the Personal Learning Network (PLN). The difference between the SLN and the PLN is certainly blurry and maybe even arbitrary. I like to see them as SLN = PLN + Web 2.0 tools/services.

The institution-individual bridge

• If we add some Web 2.0 tools inside the institution (i.e. inside the VLE) and we link them with the social layer, we come up with an Institutional Personal Learning Environment (iPLE). We can even bring some content from the “outside” within the VLE by retrieving the information from external Web 2.0 services through the RSS pipeline.
• An alternative to the iPLE is the Hybrid Institutional Personal Learning Environment (HIPLE). The logic is very similar than the iPLE, but instead of retrieving content, the idea is that platforms speak one to each other by means of APIs. The difference with iPLEs is that HIPLEs allow for inside-outside interaction (not only reading or retrieving) in both senses while keeping both spheres (institutional and personal) separate; another difference is that the HIPLE allows the individual to use Web 2.0 tools provided by the institution and/or third parties, while the iPLE requires choosing either institutional tools or third parties’ (see, for instance, the HIPLE into practice with Twitter). It is very likely, though, that the iPLE and the HIPLE will end up merging as technology advances (though the conceptual differences will remain).

I tried to map all of these in the figure above. Colours have a meaning: greys refer to the institution and, especially, to the administration of learning; orange pictures the personal (believe or not, the ePortfolio is orange beneath those blue and grey layers); pink (or dark orange: the ambiguity is intended) make reference to the social; green are Web 2.0 tools and services; lastly, blue paints the bridging devices.

The communications were:

• Supporting personal learning, with Graham Attwell
• From personal to social: learning, with Sonia Guilana and Mar Camacho;
• Support to the process of online environment, with Berenice Blanco and Pilar Arrizabalaga.

I noticed that the common denominator of the session was support, in the sense of “let’s tell our ‘supportees’ what does work so they can put it into practice”. With this in mind, I suggested to have the presentations not in a horizontal manner (i.e. projects are fully explained one after the other one) but in a vertical manner: we identify the main and common topics addressed by the three projects and the topics are covered one by one, that is: we choose a topic and all the presenters explain how they faced it.

The topics we identified were:

• 1.- There are some problems in my learning process that need being addressed.
• 2.- We (or someone else) have tried several solutions to fix these problems and found that they did not work: which were these (non-)solutions?
• 3.- We (in our projects) have found some solutions that do work which ones are them?
• 4.- How have these solutions that work been evaluated and the outcomes assessed?
• 4a. How sere the solutions put into practice?
• 4b. How was their performance evaluated?

What follows is the personal notes that I took on the fly (slightly edited for the sake of clarity), both from the speakers and the audience. The notes were taken on a blank presentation that was projected in the room, so anyone could see them and, as it happened, comment on them.

Problems that need being addressed:

• Career advisors that handle huge amounts of knowledge. How to develop knowledge and share it? How to manage knowledge and make knowledge sharing work?
• Physicians with low competence on e-tutoring: How to train trainers in the use of digital artifacts for training? How to make, thus, e-tutoring more efficient?
• How to unclose the classroom?
• How to avoid the deviations of meaning added by technological mediation?
• How to fight certain attitudes that represent a barrier that prevent evolution/progress?

Solutions that did not work:

• Traditional e-learning is not an answer.
• Traditional training is nor an answer.
• There are no training programmes or learning materials for specialists.
• There is a deep ditch between knowledge management and e-learning.
• Traditional educational systems require “full dedication”.
• There are no “quick learning” programmes/methodologies, you always have to take the long path (but your needs/goals are in the short run).

Solutions that work (or not…):

• Stating strategies, defining paths.
• Designing and sharing models.
• The PLME: personal learning maturing environment, a place where to test things.
• Learning from the process itself and the context it is framed in.
• Process + context = way to fit training into everyone’s needs.
• Shareing not content but “people” by tagging the experts. Make the experts emerge: expert sharing (i.e. everyone is an expert). Indeed it is more about tagging people’s expertise than the experts themselves.
• Assessment indicators are (a) relative to everyone’s goals/needs (b) qualitative and related to own path.
• Assessment is yet another learning tool: feedback as feedback that really feeds the process back.

How were the solutions put into practice:

• Providing useful tips: starting your own blog, starting following someone you find interesting,
• Replicating.
• 1 learner, 1 PLE.

Note: this part was, of course, richer, but got diffused or covered by the other questions.

How was performance assessed:

• Checking whether the personal benefited the community.
• A virtual desktop enhances not only sharing but monitoring and co-design.
• Co-design leads to a certain degree of co-assessment.
• Co-design is needs-based, not externally based.
• e-Portfolios.
• Recursive design, recursive assessment.
• Extensive and intensive documentation while keeping hot tips simple.

I am aware that this dynamic penalizes knowing more about the projects themselves, so I encourage the reader to get in touch with the speakers or to visit their websites to get a deeper understanding on what they are working on (the how’s and the why’s, covered here ;)

Other videos in the set:

• All PLE_BCN Interviews
• Paulo Simoes
• Alec Couros
• Graham Attwell
• Carlos Santos Interview
• Jordi Adell
• Linda Castañeda
• Jane Challinor
• Cristina Costa Interview

Other videos of mine related to the PLE Conference

• #talkingabout: Jordi Adell and Ismael Peña-López on Personal Learning Environments
• Interview: Introducing the HIPLE: Hybrid Institutional-Personal Learning Environment

Ticked off the list a keynote and a dialogue, we came up with a game. We would present five pairs of dichotomies and will make the participants in the session to vote with their feet (à la Charles Tiebout). As some participants complained, the world is not black or white, but a richest range of grays, so to make people choose either or that option would be unfair. Yes it was, but (a) the exercise was about simplification, (b) highlighting the top values and (c) we had no room — space and time — for a continuous (vs. discrete) approach.

So, we draw a 2×2 matrix on the floor and projected the five pairs of dichotomies on a screen. People had then to physically move and place themselves in the quadrant of their choice according to their beliefs. We picture below the results of this voting with your feet. The numbers in the quadrants are just approximate, as no one even tried to really count the people in each quadrant, though they give a fair idea of the magnitudes at stake (there were circa 100 people in the room). I add to the screenshots some comments based on what I remember that Jordi and I said on the fly: they should so be attributed to both, as they were made indistinctly by one of us and I never had the sensation that we disagreed (I apologize in advance if, in the transcription, I put too much of myself in it).

1. PLEs and Institutions

• Do PLEs have a place in formal education?
• Shoud PLEs be procured institutionally or be placed outside institutions?

The first thing that is evident from the chart is that there is no agreement on whether institutions will be replaced by user-generated learning environments or, on the contrary, institutions will instead prevail but be leveraging the power of PLEs and other devices.

It is interesting to see that, despite the EduPunk momentum, the majority still believes on the power or need for institutions. Some commented that the participants were split in two: the Anglo-Saxon approach and the Latin one, being the former more pro-EduPunk and the latter more pro-institutions.

2. Openness

• The student’s digital identity must be isolated from the rest or be identified as a whole (the student has a single identity, regardless of their context)?
• The university must be an open or a closed environment?

While the previous point was definitely not about consensus, openness certainly was: no one doubted that the walls of formal education had to be torn down and that it increasingly made no sense to have an environment devoted only to learning and the rest where learning “did not happen”.

Notwithstanding, if learning happens anywhere, it does not necessarily follow that it happens anytime: though an overwhelming majority advocated also for tearing down the walls of the learner vs. professional, some voted for keeping the possibility to play a different role when you are actively learning than where you are not (at least in “active” terms).

3. The curriculum

• Who decides how the curriculum is designed: the system or the “apprentice”?
• Credit must be provided institutionally or socially (P2P)?

Unlike point 1, where institutions kept a good amount of power in providing and managing learning environments, when it comes to credit proportions swap: most people thought that the apprentice should be sovereign of their instructional design and how it will be measured and assessed.

This is definitely in line with a tacit agreement that students should lead their learning process, while teachers should accompany them through it, but walking side by side, never in front of it.

4. Barriers (I)

• The main barriers for change are institutional or individual?
• The main barriers for change are technological or pedagogical?

Concerning a first set of barriers — the usual dichotomy of education or technology — the majority pointed at the system: the problem is institutional and pedagogical.

Notwithstanding, and as it happened with EduPunk or institutionalism, the participants were mostly split between pedagogists and technologists, so it is likely that the latter were not as optimistic about technological barriers (digital divide, digital competence) than the former were.

5. Barriers (II)

• The main barriers for change are standardization (inflexibility) or atomization (chaos)?
• The main barriers for change are organizational or economical?

To reinforce the previous point, when looking at flexibility vs. resources and organization, the choices again are clear, even clearer than before, putting the educational system in the eye of the hurricane.

Conclusions?

Taken as a whole and not pair by pair, we noted that we could group the five dichotomies in two sets. On the one hand, we could take PLEs (1) and the Curriculum (3). As we have already set, these seem to show (show in the sense of the participants’ perceptions, of course!) that the trend is an increasing movement from institutions towards the student, a shift of the responsibility of one’s learning from schools to students that have not only to learn, but to learn what they have to learn, to learn to learn.

To help them in this endeavour, institutions have an important role as guides (not leaders) that have to trespass their own walls and enter the environments (in plural) where learning actually takes place, which increasingly is outside of the framework of formality.

In fact, this seems to be answering at the WHAT question: what is learning in the digital era?

The rest of pairs (Openness and the Barriers) seem to be pointing at the HOW question: how should learning be carried on in the digital era?. The answer seems to be open and flexible institutions, new educational systems and methodologies and a dire organizational change.

It is a little bit worrying that a hundred educators, deeply committed with the evolution of education and knowledgeable on instructional technology, despite their different and personal approaches, they all got together at pointing at the educational system — read: educational policies — as the problem of education. Any politician in da haus?

Debate

After the exercise we went on with a lively debate amongst all the attendants. Here come some random notes that I took on the fly and that were being beamed as I took them:

• Cyberinfrastructures should be used to leverage change, a change that should not only be in technology but also and especially inn attitudes.
• Are there enough resources to PLE-ize your discipline? Is everything PLE-izable? That is, is the PLE something that can be universally used in any discipline and environment?
• Teamwork as a pre-condition to PLE-ing: there is no (useful) PLE if it is not based in a framework of sharing and working as a community with a common goal.
• PLEs are bottom-up strategies: they originate in the bottom, but should target the upper spheres (i.e. Institutions). In this sense PLEs are not only a working tool, but a tool for change.
• PLEs are personal devices: we need to embed institutions, institutional aspects, and participation within our PLEs. In other words, institutions have to step into PLEs and these have their share of institutions. To do so, notwithstanding, institutions must be PLE-able, they have to rethink themselves, be more flexible, more open, and adapt to the new learning realities.
• PLEs as personal constructs vs. commodities: in our bridging institutions and individual learners through PLEs, do we incur in the risk of commoditizing personal learning environments and making of them extensions or tentacles of the all-eating institution?
• PLEs not to de-school society, but for un-schooled people. Or, better said, the stress the inclusion factor of PLEs as a way to bring education at reach of everyone: where institutions cannot reach, PLEs will.
• Institutions build the walls of libraries, PLEs fill them with books. PLEs have to go hand in hand with the structure, surround it, fill in the voids, enrich the always cold but needed concrete columns where a society lies upon.

Slides of the presentation

(just translated and put nicely)

They attended the PLE Conference and took some time to interview and tape some footage of Jordi Adell and I on the crossroads of Personal Learning Environments and institutions.

The video is in Catalan, one of Jordi and I’s mother tongues:

Citizen Participation in the Cloud
Chairs: Ismael Peña-López

Citizen participation in the Cloud: risk of storm
Albert Batlle, Open University of Catalonia.

The situation we are in is a context of crisis of political legitimacy. This means much less political participation in general and, more specifically, protest voting, young people voting less, decreasing levels of affiliation to parties or other civic organizations, etc.

On the other hand, we see the explosion of the Information Society and of the Web 2.0, “participative” by definition. ICTs are adopted by political organizations in the fields of eGovernment — to provide public services for the citizen — and eDemocracy — to enhance and foster participation.

Two different perspectives in the crossroads between political disaffection and the Information Society:

• Cyberoptimism: ICTs will lead to a mobilization effect. More people will participate because participation costs are lower, there is much more information than before, etc.
• Cyberpessimism: ICTs will lead to new elites because of the digital divide. The existing differences between the ones that participated and the ones that didn’t are broadened.
• Realists: we need more empirical studies (and to avoid technological determinism).

We have new technologies for citizen participation but, what tools for what uses? A research for the Barcelona county council.

After a survey within the Barcelona municipalities, we can state:

• There are different participation activities depending on whether the communication is horizontal or vertical.
• There are topics more prone to intensively use ICTs: urban planning, youngsters, education and equality, elder people, sustainability.
• Not organized citizens, resources, transversal coordination are variables that are usually identified as barriers not overcome; while training, innovation, agenda, associations or political agreement are usually identified as goals reached through ICT-enhanced participation.

The study then goes on to analyze tools and applications and how they fit in the participation process:

• Directionality, qualitative: unidirectional, bidirectional, hybrid
• Directionality, quantitative: one-to-one, one-to-many, many to many.
• Competences: basic, advanced, expert.
• Applications: type of tool, cost, hosting, “mashability”.

Participation moments:

• Mobilization: information about the participation process and the goals to be achieved.
• Development: putting into practice the participation project.
• Closing: stating the decision being made.
• Follow up: monitoring and assessment of the decision reached.

A first analysis of 19 international cases, we see that most tools have a one-to-many directionality, are bidirectional, and are mainly used in the mobilization moment. User registration and the data they have to provide is an important issue and must be decided in advance, as happens with deciding the goals and functioning of the process, which includes defining and identifying the role of the online facilitator. Free software is usually the option chosen, and accessibility (in a broad sense) is normally taken into account.

We find two different models. Even if models are not “pure”, we can see opposite approaches: Initiatives aimed at community building, characterized by being open, relational, fostering engagement, using free tools and aiming at a networked participation, with a facilitator that engages in a bidirectional conversation. And policy oriented initiatives, characterized by being more formal (or formalized), focussing at decision-taking and representation, using own platforms and more “traditional” participation means, with a facilitator that guides and information that flows asymmetrically and unidirectionally.

Cloud computing is both an opportunity and a challenge. On the one hand, there are legal hazards that need being solved, but that also disclose some interesting spaces. Indeed, the new a-institutional logic is disruptive but also provides new ways of learning, as the public and private spheres intersect one to each other and get confused (want it or not) one with each other. It is a response to the de-legitimation of political institutions, but it is also a reassurance that citizens do care about public affairs: the crisis is in the institutions, not in participation itself.

Bernard Woolley: “Well, yes, Sir…I mean, it [open government] is the Minister’s policy after all.”
Sir Arnold: “My dear boy, it is a contradiction in terms: you can be open or you can have government.”

(from Yes Minister, 1980)

Evgeny Morozov, Georgetown University’s E. A. Walsh School of Foreign Service.

Decisions made at the technological level in Western economies/businesses will affect how cyberactivism takes place… all over the world. What Google, Twitter or Facebook decides impacts citizen action everywhere.

There is much effort on building social capital online, uploading content, gathering people in a group, and this effort relies on a potential arbitrary decision by the owner of the online platform, who serves who knows whose will. Groups in social networking sites disappear every day without previous notice and most times without an explicit and clear reason for it.

But regulating these corporations is often seen as a barrier to democratize more quickly less democratic countries. You don’t want to “spoil” a Web 2.0 application if it is seldom used to raise protests against non-democratic regimes, or used on human emergencies, etc.

But outside of Western countries, most applications are owned and run by local companies that have less freedom of choice than in other places of the World. If the Chinese or Russian or Iranian governments ask for user personal data to these companies, they have little chances not to deliver them. This makes datamining by governments very easy and very effective to locate and identify dissidents.

Besides direct extortion to companies, governments can directly monitor and put up several kinds of citizen surveillance, including entering an individual’s computer because the government infiltrated the computer with a trojan or any other kind of spy-software. Of all, the major problem is not even being aware of that manipulation. Same applies to web servers, of course.

On the legal side, governments or several lobbies have the power to manipulate content online, by crowding out conversations. If this is a trivial debate, then the influence of the strong part has no major impact. But if that is a pre-election debate, it can lead to indirect tampering and not-really-legitimate democratic participation.

And doing all that is not very difficult: custom police can (actually do) google people and see what comes up in the search results, scan their Facebook profiles, see who a specific person is related to and, according to that, decide to decline a visa request.

Besides governments, authors that we would not consider very “democratic” (e.g. fascist movements) are doing impressive things online in social networking sites, mashups, etc. So, Web 2.0 and cloud computing tools are double-edged swords and both serve noble and evil purposes and goals, like e.g. mapping where ethnics minorities are mashing up rich public data with map applications either to avoid or to attack them.

There is a dynamic that the Internet brings and that might makes us stop and think whether we like it or not: is a shift towards full openness a good thing? is a shift towards direct democracy a good thing too?

Discussion

Ana Sofía Cardenal: can you provide more information about the survey you talked about? Batlle: the survey was made in 112 cities (more than 10,000h less Barcelona). 81% answered the survey explaining use of ICT in participation initiatives.

Ana Sofía Cardenal: why nationalist movements are more present online than liberal ones? Morozov: the short answer is that hate travels more faster than hope online. But it might be more about phobia rather than nationalism. On the other hand, the Internet has no borders and allows for birds of the same flock to cluster around online spaces rather than having to stick to their artificial national myths.

Ismael Peña-López: data havens yes or no? protection or impunity? Morozov: One the one hand, governments should not support law circumvention tools (like TOR), basically because they are massively used by criminals, or by people whose purpose is not very clear and its justification varies depends on your approach. Regarding Wikileaks, the problem is that once a hot file is out, it is difficult to block, and the more you try to block it, the more it is disseminated (the Streisand effect). Something should be done, yes, but it is not clear what.

Ronald Leenes: It is also true that governments also use tools that activists use for security reasons, so they should at least allow for these tools to develop and even be funded. Morozov: right, but you cannot be pushing for the rule of law and with the other hand allowing the proliferation of tools that are clearly used to break the rule of law. Leenes: this apply to many technologies!

Jordi Vilanova: We’re talking about social networking sites as being run by corporations, but it is likely that in the future we find SNS being ruled by foundations or non-governmental organizations. So, there still is some room for Web 2.0 applications being “safely” used by individuals. A second comment is that we are looking at non-democratic regimes but, in the meanwhile, so-called liberal democracies are trimming citizen rights with the excuse of security and so. So we should be more concerned about these hypocrite countries. Morozov: it is true that foundations can run their own SNS, but the thing is that most times is not about the tool, but about audience and critical mass, and this audience is in private corporations’ platforms, and this will be difficult to change. And regarding transparency, transparency has to come with footnotes to avoid misleads.

See also

• Participación y activismo en la nube, by Karma Peiró.
• Lessig (2009) Against transparency.

Cyber-crime prosecution
Chairs: Blanca Torrubia

Police investigation in the field of cloud computing
Rubèn Mora, head of Technologies of Information Security Department, Mossos d’Esquadra [Catalan national police].

One of the problems of cybercrime in cloud computing might be that the actual regulation does not take into account especific illegal uses of the Internet. Thus, the police has always to catch up with both technology and the law.

On the other hand, in real life we are used to sue (or to complain after) someone whose actions hurt us, but when it happens online we just go and call the police: this is overwhelming for cybercrime prosecutors, as many times it is not their duty or it is not that clear that it is.

Nevertheless, it is understandable that the citizen goes to the police, as many times it is not that clear who is liable for you having been harmed. This ends up with the citizen, in general terms, being less secure in matters of who is liable. In the same way, the police is tied to geographical jurisdictions that are not always the same ones as the ones that affect the one that created the harm.

If that was already a problem in the first year of the Internet, with cloud computing it has been multiplied by orders of magnitude, as cloud computing works in three different layers (SaaS, PaaS, IaaS) that make reality much more complex. The creation of Certs has lightened bureaucracies, but their interaction is still slower than crime.

Some cloud computing cyber-crimes: password cracking (PaaS), anonymous transactions (SaaS), phishing hosting (PaaS), botnet renting (IaaS), CAPTCHA resolving (PaaS), credential credit card steal (SaaS), etc.

Francisco Hernández Guerrero, Prosecutor, Granada Prosecutor’s Office.

Law has to be practical, efficient. We have very nice laws and guarantees of rights that we never apply. There usually is a trade-off between efficiency and guaranteeing the citizens’ rights: the problem is finding the desired balance.

Against cloud computing, nowadays, there is no way to be efficient: prosecutors (police, courts) have no means of being efficient. Thus, should we give up to some guarantees? Cloud computing is about dematerializing everything: and, with dematerialization, the difficulty to trace and monitor. Cloud computing shifts the claim for ownership to availability (e.g. instead of downloading music, having it available through streaming). Cloud computing is also about delocalization: hardware and software are usually not where the user is.

The division of two concepts: the difference between being connected and being communicating. Your mobile phone might be on and connected and exchanging information with other devices, but you might not be communicating — strictly speaking — with anyone. And being so easy becoming a criminal — in full consciousness or unconsciously — the solution is to monitor and put surveillance on anyone.

Main characteristics of cloud computing:

• Economic: money aimed;
• Highly pro;
• Botnet: the infrastructure as system;
• Absolutely unbalanced: the bad guys are much more than the good ones, as the good ones’ computers are corrupted by the bad ones, thus becoming part of the crime network.

We definitely have to re-define the law.

• We need a set of measures to enable surveillance of the citizen but distinguishing connection and communication. e.g. RFID-based crime should fall onto the category of data protection, not onto the right of communications.
• Measures (legal and technical) have to be progressive: we have to distinguish an individual uploading photos of their ex-couple in a social networking site, from a terrorist network copying credit cards.
• We need a catalogue of cyber-crimes, especially those characterized as serious.
• And we need independence of the support or the holder of data: we need access to all data from a person wherever they are stored.

The model should, thus, split technicalities from guarantees: the police should lead the investigations, as they have the knowledge and the means; while prosecutors and courts should follow the processes to guarantee their righteousness.

Discussion

Jordi Vilanova: what is the liability of the owner of an infected device? Hernández Guerrero: Yes, in the same way that you are liable to a certain extent to do the maintenance of your car so that you don’t run over anyone, some knowledge of the power of a specific device and its maintenance (e.g. a PC and an anti-virus) should be a requisite and the owner liable for not acting according to that requisite.

Marcel Mateu: Right, we have to change the law. But how many policemen and prosecutors are able to work in the digital age? Mora: the resources of the police often depend on how the citizenry pushes their governments to fight this or that type of crime. If the priority is e.g. gender violence, then cyber-crime is less funded. Hernández: in general terms, agreed that cyber-crimes are not in the political agenda. Surely much of the “cyber-” is just crime done by electronic means, but maybe the politician needs an “e-Pearl Harbor” to realize that the world has changed.

Blanca Torrubia: what is the profile of the cyber-criminal? and what should be required to fight cyber-crime? Mora: the cyber-criminal is increasingly younger as years go by, astonishingly young. And the best way to fight cyber-crime is information and training. There is evidence that cyber-crime over minors drastically decreases if they are being informed and trained on the hazards of specific behaviours on the net.

See also

• Detectar a los ‘malos’ es más difícil en la nube, by Karma Peiró.

From Electronic Administration to Cloud Administration
Chairs: Agustí Cerrillo

Open Government in the Basque Government
Nagore de los Ríos, Director of Open Government and Internet Communication, Basque government.

Open data as transparency in the purest state. Examples:

• Elpreciodelagasolina.com, a website that presents in alternative ways, easy to understand, oil prices in Spanish oil stations.
• lospresus.de about public budgets.

Irekia is the open government project of the Basque Government to provide public data in a very accessible way, easy to reuse. Open Cloud Government is more a philosophy than a technology, it is another way to manage public affairs, to decide taking into account the citizens’ opinion. Irekia is not a services website, it is not an e-Administration website. Irekia is a website to listen to the citizen, to offer immediate information in search for debate and reflection.

Data are linked from the original source.

Transparency, participation, collaboration.

What does Irekia offer the citizen:

• Tools for collaborative work.
• Streaming of events.
• Informations in real time.
• Daily agenda
• Audiovisual and multimedia material.
• Tools to comment and share information.

This kind of initiatives are based on leadership and government commitment. Otherwise, they are neither possible nor sustainable. Besides political support and commitment, open government also requires a radical organizational change and, over all, a change in attitudes. It is in the daily tasks that open government succeeds or fails.

What does Irekia offer the members of the public administration:

• On demand audiovisual material.
• Internal agenda per department.
• Possibility to diffuse events.
• Active Internet monitoring (escucha activa, what is being said about you on the Net).
• Consultancy 2.0.
• Comment moderation.
• Complete, tag and disseminate on the Web information published by the departments.

One of the goals of open government is not to have a lot of traffic, or a lot of sympathisers of the website, but to be a hub and distribute interests to their goals. e.g. what open government pretends is not creating online communities of patients, but that they are able to do it by themselves.

One of the problems, notwithstanding, of “all being open” is that anyone can create their own participation platform (government and citizens) and it is becoming increasingly difficult to know who’s “legitimate” to promote a certain activity; it is also becoming increasingly difficult to find out where to participate, or what for; there’s a big replication of projects that reinvent the wheel on and on, etc.

Open Electronic Administration in Catalonia
Miquel Estapé, Assistant Manager of Catalonia’s Open Administration Consortium.

Open Administration Consortium: built upon the principles of collaboration, ICTs and change. Why collaboration?

• Interoperability: not about technology, but about the citizen and the interaction between public administrations.

• Reutilization: Avoid reinventing the wheel.
• Security. Digital identity, electronic signature, long-lasting validation.

Cloud computing is not a new technology, but a new way to provide services. But, in the public service, this means some struggles:

• 82% of cities and towns are below 5,000 inhabitants which means they have no resources for an IT director. Same happens with organizational management.
• Actually, in general city councils have increasing obligations and decreasing revenues/resources.
• The management of (electronic) services is complex: more services, specific regulation, security, 24×7 availability, scalability, etc.
• Reluctance to change.

The Open Administration Consortium works with district and province councils — as they are the more knowledgeable on the reality of city councils — and Localret, a consortium of municipalities to develop ICT strategies. The Open Administration Consortium provides, thus, different services to the different municipalities according to their needs, nature and resources. Among others, main services include public procurement, online invoicing, inter-administrative procedures, citizen documents, etc.

Reluctances are the usual about privacy, data security, liability of data management, fear of change, fear of cyberwar, etc.

I look forward a municipality that will have no physical space, no web servers, no… but a virtual desktop where all data, applications and services will be hosted. This will be especially useful for the secretary of several tiny towns (small towns usually share a single public officer) that will be able to manage three or four of them from just a virtual desktop and teleworking from home.

See also

• “La administración abierta estará en la nube o no estará”, by Karma Peiró.
• “De la administración electrónica a la administración en la nube”. Congreso IDP2010, by Marc Garriga.
• Cyberwar: War in the fifth domain, at The Economist.

The State of Freedom on the Net
Karin Deutsch Karlekar, Freedom House

Freedom on the Net (FOTN) report analyses how are rights respected on the Internet, especially right of communications, privacy, etc. Questions asked:

• Internet and new media dominating flow of news and information
• What techniques do governments use to control and censor online content
• What are the main threats
• What are the positive trends

The methodology examines the level of internet and ICT freedom through a set of 19 questions and 90 subquestions, organized into three baskets:
* Obstacles to Access—including governmental efforts to block specific applications or technologies; infrastructural and economic barriers to access; and legal and ownership control over internet and mobile phone access providers.
* Limits on Content—including filtering and blocking of websites; other forms of censorship and self-censorship; manipulation of content; the diversity of online news media; and usage of digital media for social and political activism.
* Violations of User Rights—including legal protections and restrictions on online activity; surveillance and other privacy violations; and repercussions for online activity, such as prosecution, imprisonment, physical attacks, and other forms of harassment.

Negative trends

11 of the 15 countries censored content; 7 of the 15 countries blocked web 2.0 applications; there are also restrictions on infrastructures (speed restriction or broadband restriction, total access restriction, etc.)

In low-income countries, there are infrastructure and economic constrains, but, in general, economic issues are barriers that are overcome in low-income countries when a benefit can be made from ICTs.

Censorship is not always related to political or social content. We find significant lack of transparency in censorship procedures, including in some democracies. There is a wide range of techniques for blocking and/or removing content.

A nice example in images:

• Search for ‘tiananmen square’ in Google
• Search for ‘tiananmen square’ in Baidu

Censorship is being outsourced in some countries, the government hiring companies to run censorship or surveillance procedures themselves.

In many cases, it is ‘offline’ regulation, or general regulation the one that has an impact in online activity, like general media legislation against online activities, etc. This is leadind, in some cases, to “libel tourism”, where people have they web servers e.g. in the UK to put legal responsibility for posting or hosting content in a more democratic jurisdiction.

Of course, we find too extra-elgal repercussions, with detentions, intimidation, torture and extra-legal harassment and violence in general against “dissidents”. This also includes DDoS attacks, hacking, etc.

Positive trends

In general, there is more Internet freedom than press freedom, though the gap might be narrowing.

“Sneakernets” to avoid being monitored or scanned when being an activist on the Internet. Bloggers, though sometimes pushed-back because of threats, are increasingly creative in their usage of the Internet to have their voices heard.

Future trends:

• more access to the Internet because of the mobile web and smartphones;
• globalization and spread of Internet will not necessarily lead to greater freedom;
• web 2.0 leading to Authoritarianism 2.0
• foresight and creativity needed from more open countries to establish policies to protect free expression on new tecnologies.

Discussion

Albert Batlle: how is it that the UK scores worse in Freedom on the Net than Freedom of the Press. A: It might be because of “libel tourism”. Maybe because of that, maybe because of other issues, the reality is that it is easier in the UK to close a website than a newspaper, etc. All in all, it all highlights that though related, these are freedoms that can be taken independently.

Jordi Vilanova: what about the US and other western countries? A: Summing up, surveillance and even censorship are much more paramount that what would look like at first sight.

Mònica Vilasau: how do we tell censorship from e.g. fighting against copyright violation? A: It is always difficult to tell. It is nevertheless true that any kind of legal activity against online activity (legitimate or not) has chilling effects in the whole ecosystem.

Ismael Peña-López: the Wikileaks affair seems to have found a solution in a data haven in Iceland. Are data havens the solution to censorship? Will data havens allow people to act illegally under the flag of freedom? A: The problem with data havens, as with other barrier circumvention tools like TOR, is that they can be used both in good and evil ways. Nevertheless, it seems like, as now, there are more good uses than illegal ones, and way more need to enable transparency and to help democracy advocates rather than focus on prosecuting some illegal activities.

See also

• La sombra de la nube: ¿libertades en la Red?, by Karma Peiró

Cloud Computing: A New Dimension in Teleworking?
Chairs: Ignacio Beltrán de Heredia

Nomadic Workers
Javier Llinares, Autoritas Consulting.

Teleworking taken to the limit or “nomadic working”: it is not about having an office and from time to time staying home and telework, but your office is where you are, provided there’s connectivity to the Internet.

Autoritas Consulting has 12 employees all over Spain and customers all over the world. Four key decisions: to work from home, to use open source, be an open business and be based in Apple devices.

Pros: Total freedom of schedules; no commuting costs; no license costs; no office costs; work on a self-service principle (you want it, you use/do it).

Cons: Reluctance to change and have to learn to adapt to the new realities; if there is no office, there is no support; cost of ownership (licenses) shifts towards cost of use (customize, external support, etc.); is this a standardized society? what if you do not work with standards (i.e. Apple)?; is self-service / DIY an inconvenient where you have to do it by yourself?; this design only applies if you work goal-based.

Issues: miss meetings (e.g. we are disorganized, etc.); routines are difficult to break, change of systems, new ways of doing things; where are the limits? what is my working time? from flexible schedules to flexible life; where does personal life and work life begin and end? does it matter?; need to see hear each other, to ‘see’ each other, do we need personal touch?

Changes in the law: what means workplace security when you don’t have a workplace in a strict sense? What actually means workplace when everyone stays at home?

In the Internet you are connected with many people, but it’s you alone in front of the computer. The coffee break with the colleagues does not compare with a “twitter break”. New rules, new procedures.

Opportunities: more self-responsibility; self-management; “the consultant kit”; comfortability in the many solutions.

Inconvenients: responsibility, discipline, common sense; difficulty in tracing the limits.

The impact of technological decentralization at the workplace: teleworking
Javier Thibault Aranda, Complutense University of Madrid.

Several benefits:

• For the enterprise: flexibility, more possibilities of hiring (no geographic limits), decrease of costs, etc.
• For people: reduction of costs, more job market access for disabled people, etc.
• For the society: specific collectives more hireable, etc.

Several risks:

• Teleworking practices to hide actual outsourcing of jobs.
• Some social agreements at stake: separation of personal and professional life, the concept of “breaks” and resting times, etc.
• Limited impact of this working organization in Spain, huge reluctance at the corporate level, lack of explicit regulation.

Regarding the law, in Spain the Statute of the Worker has a 13^th where “working at home” is referred to, but in very different terms as what now teleworking is. On the other hand, collective action of workers is based in critical mass working together and in the same place (sort of), which does not apply to teleworking. At the European level there is an framework agreement on teleworking, but it has not been translated to Spanish law.

The European Framework agreement on telework states that telework:

• Is another way of doing the same thing: teleworking is about changing your location, not your job specificities.
• Physical externalization does not imply legal externalization.
• Teleworking is volunteer and cannot be imposed. Sometimes the inner conditions of the enterprise could force the shift, but acknowledgement of the worker is needed. This only applies to working from home: if there is a need to work at the customers’ offices, then no acknowledgement is needed.
• Teleworking can imply a technological control, which usually happens to be tighter than physical control. But, can the employer access the computer of the employee? It depends, but the employee must be aware of it, aware of any kind of control that will be put into practice.
• The worker has the same rights as any other worker, but not more rights that other workers do not have.

Cloud computing: a new dimension of teleworking?
Carmen Pérez Sánchez, Internet Interdisciplinary Institute.

Results of a survey about teleworking women: teleworking only adopted by 3-8% of people; most of them (in the sample) with dependants; and most of them working in great corporations, including some public administrations.

The definition of teleworking comes from Jack Nilles and has three requisites: work takes place in a different location from where it is intended to be delivered/used; intensive use of ICTs, a communicaton link from employer and employee.

More than 50% of teleworkers (of the previous sample) consider teleworking as a good option to be able to cope personal with professional life: take care of home and or kids and or other dependants, etc. The focal point is flexibility, and thus quality of life increases (or, at least, the perception of it).

Though positively evaluated, there are some drawbacks:

• Social and professional isolation.
• Longer working hours.
• Feeling of guilt: really depending on whether teleworking is taken as natural, as a core value of the firm, or whether teleworking is seen as a “favour” that your boss allows you to benefit from. Normalization of telework leads to enjoying it, otherwise arises feelings of guilt or feelings.
• Many times, telework is actually an extension of your working hours, not a change of workplace. You’re given the freedom to keep working from home. This is quite usual in many and many firms.
• Many times, too, staying at home means assuming all the home tasks naturally: the one that “already is at home” is the one that “naturally” goes shopping, cleaning, etc. It is rarely seen teleworkers locking themselves in their home-office and forgetting about what is not work during working hours.
• Sometimes too, the culture of “sitting at your desk” or remaining lots of hours home (definitely spread all over Spain) rewards the ones that do not telework. Thus, teleworking means less presence at work and giving up at being promoted. Most of the times it is a conscious choice — personal life or family vs. professional career — instead of a way to cope with both.

Summing up, the definition of telework and, over all, telling whether it is positive or negative depends on many variables that are by no means agreed or common ground among employees and employers. There is a need of a former and thorough planning, great transparency and agreement on the conditions, that teleworking is something for men and women (not only for “mothers”), and that teleworking is also an option for whatever level of the hierarchy.

Discussion

Ismael Peña-López: digital competences, are a pre-requisite of the worker that wants to telework, or an obligation of the firm to train them? And, related to training, what if the teleworker does any harm to a third party (e.g. online) or does any illegal activity (e.g. intellectual property right infringement). Thibault: the firm, as in the offline wold, it is the firm that is liable for any harm to third parties, at least when the employee is not an independent worker but dependent from the organization. Related to training, training is both an obligation (in Spanish law the employee has to keep up with the technical changes that happen in their workplace) and a right, the right to be trained by the firm. Pérez: The reality tells us that there is no or poor training and, most of the times, it is more about informing the employees (e.g. about some specific novelties) rather than explicit and planned training. Llinares: we have to take into account also the difference between switching to teleworking or directly joining a firm where teleworking is the norm. Same about being up-to-date: in some works (e.g. e-government consultancy) teleworking skills are not only a means or a tool, but also a goal, as it is part of the product being offered to the firm’s costumers.

See also

• Teletrabajar en la nube, by Karma Peiró
• European framework agreement on telework
• Nilles, J. (1998). Some Common —and Not So Common— Telework/Telecommuting Questions.

Round Table: Key Legal Aspects for Putting your Business in the Cloud
Chairs: Miquel Peguera

Controlling the provider
Xavier Ribas, Landwell Global.

Increasing trend to outsource services at the enterprise, including some belonging to the core business. With cloud computing, even risk management is shared with or outsourced to a third party.

But, are you then losing control and even putting your firm in the hands of your providers? You lose control of the confidence chain, control of data, of the quality of service, of the available preventive measures, of reputation risk management (and there actually is an increase of risk of reputation loss), control of secondary and non-consented outsourcing, international data transfer, etc.

How to solve this? How to regain control over these issues? Possible clauses:

• Confidentiality, security obligations, quality standards.
• Auditing, provider controls.
• Liability, insurances.

An obligations map should be drawn and agreed upon, including what happens once the relationship ends (e.g. what will happen to data in a blog once the service is discontinued?).

Manel Martínez Ribas, ID-LawPartners.

What is the difference amongst open source and open cloud? Is there any open source cloud?

The four freedoms of free software, do they still apply in cloud applications or services? More indeed: free software developers using cloud services, will they find their free code closed? This gives birth to new licenses where cloud service providers are able to use specific software, let it to the end user as software as a service (SaaS)… thus allowing for copyleft on one end and a sort of closeness on the other end.

Open cloud computing allows, as it happens with free software, to make modifications.

Fabrizio Capobianco: reasons to care about open cloud computing in the mobile arena:

• It is already a big issue.
• It is a necessity.
• It should be interoperable
• It normally depends of closed devices.

The Open Cloud Manifesto pretends to settle the debate and reach some agreement (equilibrium?) on how to respect the free software freedoms in cloud computing.

Principles:

• Avoid lock in.
• Use standards.
• Go on with initiatives according to the needs of the customer.
• Teamwork and network.

It seems that cloud computing will be the main entry point for institutions to (at last) use free software massively. Same with software providers, that will shift from proprietary software to free software.

Legal aspects to take your enterprise to the cloud
Ramon Miralles, Coordinator of Information Security and Auditing, Catalan Data Protection Agency.

It really does not matter to read or not the terms of reference of cloud services: their providers will change them unilaterally and many without notice. So…

The problem is neither (only) that we do not know where our data are, but nor we know where our data pass through, because they constantly change paths.

A Cloud computing solution: self-service, broad access in the Net, full of resources, fast and easy, measurable and supervised. A solution which might be the end of corporate computing.

As said, one of the big problems is not only that data are elsewhere, but that they circulate across borders and jurisdictions. The European Directive, in this sense, looks more at what is happening, rather than trying to typify each and every procedure that takes place on the Internet. It nevertheless needs some updating as cloud computing has really challenged web usage as we knew it.

Information self-determination: the right to control one’s own data, to know who has our data, what is done with them, etc. Information self-determination is at stake with cloud computing.

IDC Enterprise Panel (august 2008) states the following challenges/issues of cloud computing: security, performance, availability, hard to integrate with in-house IT, not enough ability to customize, doubts about cost, bring-back in-house might be difficult, not enough major suppliers, etc.

Main challenges of Cloud Computing:

• Decrease of control over information and services.
• Data treatment and processing.
• International movement of data.
• Applicable law.

Discussion

Q: The Catalan Government is to move its education community to Google Applications. How are citizen rights guaranteed? Miralles: The problem can “easily” be solved by signing a contract. The problem is usually not as much as in privacy, but in transparency and availability of information by the user, to recover their information, etc.

Ramon Miralles: it makes no sense the distinction whether it is a human or a machine who processes the information, as this only creates legal defencelessness and insecurity. Indeed, it is in the core of data processing that it is automatized. So, we have to look at the essence of the data processing process, at what will be the end use, rather than at the how.

Manel Martínez: we have to differentiate between consented usage (contextual adds after reading your e-mail, as you agreed to that by accepting the terms of reference) and non-consented usage of data. Ramon Miralles: right, but the problem comes when the conditions are change unilaterally and, even if you are made aware of this, you are locked in and have really hard times migrating your data in a service you’re having difficulties to leave.

Q: how do we measure the cost of loss of reputation because a third party service failed? Xavier Ribas: this is very difficult to measure. It might be not very difficult to measure the non-returning customers, but it is definitely difficult to know how many new/potential customers will not use our services/products for the very first time after a reputation crisis has been suffered.

Jordi Vilanova: should not the WTO coordinate cloud computing services (in a legal and economic sense)? Miralles: it is clear that the traditional instruments to regulate economic activities (national and international regulation, contracts, etc.) might not perfectly fit in such activities as cloud computing. So, yes, WTO or another platform might be used to update regulation and procedures to brand new activities.

See also

• Y las leyes, ¿qué dicen de los límites de la nube?, by Karma Peiró.
• Cloud Computing Use Case White Paper V4 source documents
• Ann Cavoukian: Privacy in the clouds (PDF)
• Modeling cloud computing architecture without compromising privacy: a private by design approach (PDF)
• Nicholas G. Carr: The end of corporate computing (alternate link, PDF)
• StateWatch, monitoring the state and civil liberties in Europe.
• Do You Know Where Your Data Is In The Cloud? by Forrester Research

Myths and Realities of Cloud Computing
Pau Garcia-Milà, EyeOS co-founder

What media says that cloud computing is:

• We do not need to install anything;
• we do not to perform any backups, including software;
• we have no more storage limitations, adding more storage room is quick and easy;
• ubiquity, all services are available from anywhere.

Some problems with cloud computing that media repeat over time:

• Closed applications that are difficult to expand or modify: you cannot change (add features, customize, etc.) Google Documents easily
• Availability outsourced: to access a single Google Document we rely on our PC, our web browser, our Internet provider, Google, the government regulation (e.g. you depend on the Chinese government to allow Google to operate in China), etc.

But, where are our data? Where is our privacy? Most of our data/privacy is on Google, Microsoft and Amazon, the later the biggest provider of cloud platforms.

Indeed, some service providers cannot only access our data, but do have control over our devices:

• What happened with Amazon’s Kindle and the novel “1984″ affair: erased a novel from all books, got sued (and lost), but doubled their sales of Kindles.
• Facebook will retain ownership of your photos: huge claims for intellectual property and privacy, but Facebook users in Spain almost tripled during the “scandal”.
• The case of the accountability service that showed that no one reads the terms of service.

All in all: people do not read the terms of service and accept whatever terms. But the thing is that most service providers require this free access to data to be able to let data to third parties, the basis of the business plan.

Open Cloud Computing / Open Cloud Compliant: the services are in the cloud, but the user can choose where the data will be stored. At least, this allows for the user to know where their data are. It also avoids conflicts of interest: the one that provides the service is not the same that provides the infrastructure: the service provider will ensure that data are safe, and the infrastructures provider will ensure that the infrastructure supports the service.

We should then differentiate between infrastructure cloud computing and services cloud computing. Open cloud computing means that these are separate and there’s a possibility of choice, and closed means that they all come together with a single provider: in this case, privacy risks arise.

The average user prefers ‘easy’ to ‘nice’, even if ‘easy’ means ‘ugly’. This creates de facto standards. People prefer applications to be fast and easy, even if it is less powerful or less nice.

About eyeOS

eyeOS is an open-source browser based web desktop, which means that it acts as a framework that, once the user is logged in, logs the user to whatever application runs on this desktop. Thus, the user does not need to remember where the applications are (what third parties’ services) and how to log in them.

(NOTE: here comes an interesting discussion about institutional and individual uses of open cloud services, the free software community, etc.)

See also

• ¿Dónde está nuestra privacidad?, by Karma Peiró
• Mites i realitats sobre el cloud computing, by Joan-Baptista Gavaldà i Moran
• Open Cloud Manifesto.

Opening: Pere Fabra, Agustí Cerrillo

Privacy in the Cloud, a Misty Topic?
Ronald Leenes, Universiteit van Tilburg

An introduction to Cloud Computing

What is the relationship between Cloud computing, Grid computing, service oriented architecture (SOA) and Web 2.0?

Increasingly, data and applications are stored and/or run on a web server that hosts what usually was on your local machine. The web browser becomes the usual platform. Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources.

If we talk about “resources”, the definition becomes broader, as we can also speak about computing power or computing time. And these resources are shared by many users, instead of having a dedicated machine. This provide rapid elasticity that allows for easy and quick scaling (up or down).

Models

• Software as a Service (Saas): e.g. webmail, online office applications; etc.
• Platform as a Service (Paas): e.g. Amazon AWS platform;
• Infrastructure as a Service (IaaS): all the power you might have in our PC, in the cloud.

Advantages

• Price: many cloud services are reee.
• Reliability: redundancy of services and scalability makes the system more stable.
• Accessibility: your services, everywhere.
• No piracy.
• Multiple business models: fees, ads, etc.
• Always current version of the software, no needs to update.

Privacy and security issues

Privacy: bodily integrity, data protection, inviolability of the home, secrecy of communications. The later two are specially relevant for cloud computing.

Data protection goals aim at facilitating the free flow of information while providing a minimum level of data protection. Data aspects: confidentiality, integrity, availability. The three of them are (more or less) under control while data are stored in a PC. In the cloud it is certainly less so.

The first thing to state is that, in the cloud, you don’t know where your data exactly are. Indeed, those date are interlinkable by other services, which make them even more ubiquitous while difficult to locate.

Second is that, in “physical” life, one’s identity is made up of different and partial identities of one self. There is a certain control to segregate audiences according to what they can see of me. Not in the cloud. To a large extent, we’re evolving toward a world where you are who Google says that you are (JD Lassica).

As data travel from my browser (and through the Internet) to a cloud service, anyone can potentially intercept your travelling data. The way to avoid this is use encryption (HTTPS) but cloud services do not usually have the incentive to (unlike banks, that are liable for data loss or money stealing) and do have incentives not to (HTTPS requires much more server power and time to encrypt and decrypt, thus making it more expensive at the aggregate level).

Regulation

• In the European Union: Data Protection Directive (DPD).

Personal data: data that can lead to identification of a person (data subject). Thus, personal data can be taken very broadly as even an e-mail message can lead to identifiable individuals. A processor is a body that processes personal data. A data controller holds or stores personal data.

The DPD is applicable when the data controller is within the European Union jurisdiction, regardless of where the data processor is.

Thus, if Google just provides a platform where the user processes their data, then Google is not a controller, but a processor, which means it is being affected differently by the (European) law. But if data, after being processed, are stored in Google’s servers, then Google becomes a controller. So, cloud service providers can switch between data controlling and data processing or both at a time, with legal consequences.

DPD principles: transparency, legitimate purpose and proportionality.

Discussion

Jordi Vilanova: are there any legal differences in privacy between individuals and institutions? A: legally, in strict sense it only applies to individuals. In the case of companies, we would be talking about intellectual property, trade secrets, etc.

Mònica Vilasau: to balance unequal distribution of bargaining power between service providers and users, what should be done? More regulation? Better contracts? Is the data protection directive enough for cloud computing? A: Contracts should suffice, as they are a very powerful tool. The difference is that in the EU privacy is a public good that needs to be protected, so the law will always be above any contract; while in the US privacy is something that can be bargained between contractors. The DPD is not enough for cloud computing, because its purpose was to regulate over the data controller, a very identifiable agent at a time (e.g. a hospital having data of you). But now, who is a data controller or a processor is very difficult to identify.

Q: Is one of the problems that cloud services are based in the US? A: Yes, of course, if data controllers, processors and subjects were in the same jurisdiction that would make things much easier.

Mònica Vilasau: what about cookies? A: if you accept cookies, you get less of your privay. If you do not, the service provider is no more a data controller (it is not storing data from you, because you refused the cookie) and then you are no more under the DPD. This is an ironic dichotomy.

See also

• ¿Estás en la nube? Pues empieza a proteger tus datos…, by Karma Peiró
• Privacitat al núvol, un concepte difús?, by Joan-Baptista Gavaldà i Moran
• The Evolution of Privacy on Facebook, a graphic representation by Matt McKeon.

An example of the former can be (a) paper handbooks are very expensive, become obsolete very quickly and their content is imposed by publishers; (b) shifting from paper to bytes could solve the three issues and (c) the solution can come in the form of digital educational resources, managed with wikis or collaborative documents and licensed with open licenses.

The digital light has certainly covered all education-related topics and suggested vast ways of improvement. Some of them are (or seem to be) as crystal clear that we feel the urge to rush the improvements and we end up not understanding how will the system still stick together a year longer. Like night owls, we even get so dazzled how could anyone build such an educational system that is, according to some of my last readings, impersonal, inflexible, one-size-fits-all, not engaging, boring, expensive, old-fashioned, reactionary, etc. In one word: industrial.

While we all find stupid people every now and then — surely in front of our bathroom’s mirrors, that’s a fact — it is hard to believe that modern universities and schools have been designed and ruled for 250 years exclusively from ignorance, idiocy or, in the best cases, from aspirations to control people — like many suggest today.

A little bit of Economic History

The history of humanity (or at least a part of it, I’d dare say) is that of achieving higher levels of productivity through efficiency, and as an outcome to that, more quality of life and diversification of human activities due to more people being freed from other (more basic) activities.

Taming led to farming, and farming freed some members of the tribe from the need to go hunting, that could now improve their homes, treat fur to protect them from the weather, etc.

If some people can today devote their lives to activities not strictly related to survival (artists, most scientists, sports, fashion, etc.) is partly because we only need from 5% to 20% of the total workers to work in agriculture to sustain the world (that’s a very rough average, but the point is made).

Reversely, if we want everybody to dress up with the latest trends, we have to shift from hand seaming and knitting to individual loom weaving, and from individual loom weaving to massive, industrial ways of looming, cutting, seaming, boxing and delivering.

Baumol’s cost disease

During the 60s, William Baumol theorized about efficiency and cost in the arts sector coming up with what has been called Baumol’s cost disease. He and William G. Bowen described that, while you can make a craftsman shift from artisan seaming to industrial weaving, it will always take four people to play a string quartet (that’s the marvel of a quartet, mind you!).

We are then to witness how the human labour costs of producing a pair of socks will drop from the cost of some hours (when hand-knitted) to some seconds (when their production is industrialized). A Baroque quartet will, notwithstanding, remain in a fixed figure (and its cost) of four people playing for just and always the same time.

One of the results is that economic activities that can apply labour-saving technologies will increasingly be relatively cheaper than the ones that cannot. In other words, in the 1^st century a pair of socks would cost as much as a ticket for the gladiators (I’m guessing here), while in the 21^st you could not wear to a concert all the socks you bought for the same money that your ticket cost. A side effect of that is that less “human-efficient” activities push their wages up: while some can make thousands of socks a day, others can only perform a couple of concerts in an afternoon.

There are not many solutions to this “disease”, and the most usual are to increase prices (in relative terms, of course) or to decrease quality (the quartet played without the bass, or the symphony with just a couple of violins and no clarinets).

The industrialization of education

The education suffers Baumol’s disease, and the solutions so far have been both the aforementioned: to increase registration fees and to decrease quality by lowering the ratio teachers/student. In other words, education has been increasingly industrialized to look more like socks production than playing a string quartet. This is an undeniably truth.

But let us not only take a look at the what but at the why or, even more, at the what for.

Unlike opera, that almost everywhere remains very expensive and many times also classy, education is absolutely cheap and definitely popular, especially in Europe, where schools and universities are public or publicly funded. (In Europe again) quality schools and universities are the norm, with just very few of them standing out at the top, and another few lagging off at the bottom.

It is not out of idiocy or stupidity or stubbornness, then, that educational institutions where made the way they are, but to achieve some general purpose goals. And it is just because of that that the system is given oxygen, because the goal is worth a little trade off between individual quality and social equity. Universities and schools might not be as good as we’d like them to, but they are undoubtedly fair.

As Neil Selwyn puts it, we sometimes forget that education is not only about individuals, but about the society.

That said, of course is not only legit but necessary to aim at a transformation and improvement of education. And especially when brand new shiny tools appear that offer so much possibilities. And especially when these same brand new shiny tools are transforming all aspects of our lives whether we like it or not. But… just do not let us look back in anger.

The main ideas are:

Why Personal Learning Environments (PLE)

• Why not.
• Scarcity of explicit knowledge (books) led us to gather it into libraries.
• Cost of access to books led us to gather them into universities and schools.
• Cost of access to wise men led us too to gather them into universities and schools.
• The digital made scarcity of knowledge no more an issue, and costs of access to experts dropped to nearly zero.

Why institutional Virtual Campuses or why institutional Learning Management Systems?

• It still is difficult to tell good knowledge from bad (low information literacy levels around).
• Thus, we have a need for a curation of knowledge, for guides, to validate all the knowledge that has been fixed in digital artifacts.
• Not everyone can or wants to use the latest technology.
• Many people still have low digital literacy levels.
• Indeed, there are privacy, security and/or data ownership issues.
• And we have to ease monitoring, assessment and evaluation tasks (we are not hee taking about the need to monitor, assess or evaluate — let’s assume for a moment that many people still want to do that).

So, PLEs or institutional virtual campuses?

• We need to cope with both needs: the benefits (freedom) of digital technologies and some long-lasting (and maybe needed) trends.
• We should be able to find a middle-ground solution between centrifugal and centripetal forces.
• We have to keep intimacy, while allow third parties’ ideas in our conversation.
• We want to keep noise out, while keeping a window open to the outside.
• We should be free to either use an institutional tool, a third party’s, or one’s own, and nevertheless guarantee that conversation is the same for everyone.
• We should be able to keep our own learning space while participating in a collective one.
• And we should be able to keep a closed record of what a group did for later assessment or simply storage.

NOTE: sound quality is awful. Sorry about that.