Tag Archives: FERPA

It’s a bird, it’s a plane, no wait, it’s the CLOUD!

cloud-computing_2To many in Higher Education, the first time you heard “it’s in the cloud”, you probably looked outside to see if your IT guy was making a weather joke; it is of course apparent to many now both in Higher Education and other industries that this is far from the reality, although how would you really even know (relax, that was a joke…probably). It is a new world we are living in when it comes to how we not only store information, but especially how we distribute it. Gone are the days of library card catalogs and in some cases even books, welcome to the time of ebooks, MOOCs, and complete online programs; and I am not just talking about University of Phoenix, nay, I am talking even the Ivy League. colleges-cloud-computing-infographic

First things first, what is the cloud? In case you have been buried under a rock for the last 5 years, or are not as much of an IT geek as I am (the most likely rationale), let’s go over a brief introduction to the cloud. At its core, the cloud can be described as the internet itself; I am just kidding, that is a very complex and even philosophical based way to look at the cloud. In all seriousness though, you can think of the cloud as an ATM (which by the way also works on the cloud). In this respect, an ATM can be viewed as a portal to your financial data and funds that are accessible on all ATMs; no matter the ATM the information is up to date and readily available wherever you can access an ATM. The cloud is the same in that your data is accessed through portals (phones, laptops, tablets, etc.) and is synced across all these different portals.cloud-infograph-vert1

So if you are like most people, the question of “how does affect me” has now just crossed your mind; I promise it affects you in more ways than you would think. Cloud storage has taken over the bulk storage operations in to what could be described by some as an overnight transition. Don’t think so, do you think this is an exaggeration? OK, let’s test this concept out. Ask yourself, do you own a smart phone that operates on either Apple IOS or Android? If you answered yes, than congrats, you are a cloud user; all that photo stream, contact syncing, even your Google/Apple ID information is in the cloud. So what does this really all mean? Well, most importantly it means that barring a server outage, as long as you have an internet connection you will have access to your cloud based information. Now I know what you are thinking, I already have access to my information, it’s called my hard drive. Well my response to this would be, so you take your hard drive everywhere? Most people would of course say no to this question, while in the same respect you CAN take the cloud everywhere because well, it’s already everywhere.
While the average person will/ does use the cloud regularly without giving it a second thought, students on college campuses are a little more involved in such interaction and they seem to “like” it; that’s right, that was a Facebook pun. With most campuses being either completely or at least mostly wireless it is fair to say that checking a students homework may be right under the total number of times that they are checking Facebook/ updating their status; all through the beauty of cloud data. While social media is an obvious byproduct of the cloud, something less obvious is the average student’s access to their own information; this includes not only their homework assignments but books, multimedia, and even their sensative information such as FERPA protected self identifying information. Gone are the days, for the most part, when students had to go to a records office and request a transcript; it’s all about ease of access through online services, because realistically, when was the last time you even used a fax machine?
Like most tech innovations however, the cloud is not all glitz and glamour; there are several issues associated with cloud storage that are cause for concern. Most notably is the nature of securing such data, especially such data that comes under privacy laws such as anything related to FERPA. With the rise of cloud data and ease of access to information that used to only be stored in locked cabinets in the basement of your university records office, there have arisen a whole new set of concerns and challenges to be combated; including security breach threats from the government. In an age where few people understand where their data actually is, and such data travels along the information superhighway, some critics argue that privacy (true privacy) is dead; see video Privacy (medical records) in the Digital Age. It is not just merely about the lack of privacy based on flawed security measures, but also about the very nature of where such cloud data is being stored and the concept of ownership; remember that possession is 9/10th of the law! In this respect you should now be wondering about who really owns that Kindle Ebook you bought; here’s a hint, you don’t own it, your just kinda borrowing it (http://bit.ly/RsVDYF) . The same question can be applied to most information stored via the cloud, which is exactly why I highly recommend that people ask, ask, and ask some more when it comes to such questions of ownership/ access to their cloud data.

Much of the privacy issues associated with cloud data is really from a lack of questions from the end users (you) and not from tech fault; yes, I did just put a good chunk of the blame on human error, because well, let’s face it, we make more mistakes than computers do. One such human based error is that of access to the actual server where the data is. You see, while the cloud means that the data is being stored digitally, at some point it has to physically be somewhere; this location is known as the server/ server farm. These locations on average are in very remote locations (other countries that are very cold) and are encased in tons of physical security; by physical security I am talking surveillance systems, access control (card, fingerprint, retina based “keys”), blast doors, etc. However like any security system, it is only as good as the following of the policies/ processes that are in place i.e. a bank vault only works if it’s locked. In the same respect, such security measures are only effective if those people with access ensure that they are not compromising such access; a perfect example of this is password sharing. You see, computers can be hacked (broken into) but that doesn’t mean that all levels of hacking present the same challenges. Hacking into a server (with a decent firewall) via the internet can be like trying to tunnel, you may be able to do it but you’ll most like have to go through hell to get there. On the flip slide, hacking into a server on-site (face to face) can be exponentially easier; which is the exact reason why most cloud servers are secured in physical enviornments that would leave some people to believe that location of the holy grail may be on one of the servers (hey, it could be).

So after all this, do you think your cloud data is safe from prying eyes if your incorporate good passwords and a cloud server that has impeccable security protocols?I hope you said no, because there is still one more entity that can access your information without your knowledge and permission, and wouldn’t you know it, it’s even legal (kind of). That’s right, to all those in the audience that recall the immediate post 9/11 era, I’m talking about the mighty Patriot Act. Now here’s some food for thought, if your cloud server is based outside of the U.S., does it still have to give up your data to Uncle Same? The answer to this question is 99.9% of the time, the cloud server can do nothing more than open its server room door and tell the U.S. government to have at it. That’s right, geographic location of you server has almost no effect of the government’s ability to access your data. This is based on the notion that “Most cloud providers, and certainly the market leaders, fall within the U.S. jurisdiction either because they are U.S. companies or conduct systematic business in the U.S.” (Wittacker, 2012). Now to many people, this access by the U.S. government means nothing because if the DOD really wants to see your pictures from grandma’s 80th birthday, they are more than welcome to; however such a privacy issue is in part merely to illustrate the point that in this digital world, privacy is more often than not just an illusion.

While the downsides of digital data and cloud based tech can be somewhat depressing, the positives FAR out way the negatives. Just think about it, you can access all of your data (family photos, books, movies, drawings from the 3rd grade (if scanned of course) instantly through your cloud. I don’t know about you, but all of that makes a few government prying eyes a small price to pay.


Wittacker, Z. (2012, December 4). Patriot Act can “obtain” data in Europe, researchers say. Retrieved from CBS News: http://www.cbsnews.com/8301-205_162-57556674/patriot-act-can-obtain-data-in-europe-researchers-say/