Provides an overview of what is cloud computing and its role in library networking and automation. It presents the legal and ethical issues facing library and information specialists when using cloud computing including confidentiality, privacy and licensing.

1. The 2nd International Conference
of e-Publishing: ICEPUB 2016
University of Jordan Library
Amman, Jordan
26-28 /07/2016

2. Cloud computing:
Legal and ethical issues in library
and information services
Najeeb Al-Shorbaji
Vice-President, e-Marefa

3. Agenda
• Introduction
• Cloud computing: development, definition,
value, risks, benefits, local solutions
• Legal issues in library cloud computing
• Library/information ethics
• Ethical issues in library cloud computing

4. Are you cloud computing?
• Do you have a gmail.com, Yahoo or Hotmail
account?
• Do you have a Dropbox or Instagram account?
• Do you have a Facebook or Twitter?
• Do you have an iCloud account?
• If the answer is yes to any of these, then you
are cloud computing.

5. Cloud computing (1/8)
• Over the years, "cloud" has become a vague and flexible
term that does not reference anything in particular. (Expert
insight: Cloud computing defined.
http://docs.media.bitpipe.com/io_10x/io_100433/item_419064/HPandIntel_sCloudComputing
_SO%23034437_E-Guide_052611.pdf)
• Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool
of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be
rapidly provisioned and released with minimal
management effort or service provider interaction. (The
NIST Definition of Cloud Computing. 2011
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf)

6. Cloud computing (2/8)
• Efficiency through resource sharing:
– Local Area Networks
– Wide Area Networks
– Metropolitan Area Networks
– Storage Area Networks
– Internet (network of networks)
– Cloud computing
• Tata study (2015) reported that 83 percent of enterprises
are seeing benefits they did not expect. The most popular
of these are increased productivity (69 percent), better
access to data (65 percent), and reductions in costs (63
percent). Nathan Eddy. Cloud Computing Reducing Costs, Improving Productivity
http://www.eweek.com/small-business/cloud-computing-reducing-costs-improving-
productivity.html

7. Cloud computing (3/8)
• Provides shared services as opposed to local
servers or storage resources;
• Enables access to information from most web-
enabled hardware;
• Allows for cost savings – reduced facility,
hardware/software investments, support;
• Data resides on servers that the customer cannot
physically access;
• Vendors may store data anywhere at lowest cost
if not restrained by agreement.

8. Cloud computing (4/8)
• Essential Characteristics of cloud computing:
– On-demand self-service
– Broad network access
– Resource pooling
– Rapid elasticity
– Measured service
• Service Models:
– Software as a Service
– Platform as a Service
– Infrastructure as a Service

9. Cloud computing (5/8)
• Deployment Models:
– Private cloud
– Community cloud
– Public cloud
– Hybrid cloud
Peter Mell and Timothy Grance. The NIST Definition of Cloud Computing:
Recommendations of the National Institute of Standards and Technology.
Gaithersburg, MD: National Institute of Standards and Technology, 2011
(http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-
145.pdf)

10. Cloud computing (6/8)
• Advantages:
– Lower computer costs
– Improved performance
– Reduced software costs
– Instant software updates
– Improved document format compatibility
– Unlimited storage capacity
– Increased data reliability
– Universal document access
– Latest version availability
– Easier group collaboration
– Device independence.

11. Cloud computing (7/8)
• Disadvantages:
– Requires a constant Internet connection
– Does not work well with low-speed connections
– Features might be limited
– Can be slow
– Stored data can be lost
– Stored data might not be secure.

12. Cloud computing (8/8)
• Risk Areas
– Service Provider Risks:
• Dissolving, bankruptcy, merger, overexpansion, etc.
– Technical Risks:
• Availability of service
• Data/Service Reliability
• Data Management
• Scalability
• Flexibility
• Interoperability
• Maintainability

13. Cloud computing (8/8)
• Risk Areas
– Non-technical Risk
• Organizational change
• Legislations and standards
• Data ownership
• Privacy, trust and liability issues
• Usability and end users experiences
• External (Overseas) Risks
– Management/Oversight Risks
– Security / Connectivity / Privacy Risks

14. Library & Information Services:
Challenges
• Meeting the legal and ethical requirements to serve users
(Five laws of library science by Ranganathan 1931).
• The information explosion and overload. No one library or
even library network can fulfil all the needs of its users;
• The changing pattern of publishing and access to
information:
– Open Access,
– Mobile and ubiquitous access
– Electronic and digital publishing,
– Licensing requirements,
– Copyright and intellectual property laws,
– Privacy and confidentiality.

15. Library & Information Services:
Challenges
• Availability of ICT solutions that meet the needs of
libraries:
– Proprietary software solutions
– Integrated services
– Platform dependence
– Multilingualism
– Standardization and interoperability
• Technology
• Content
– Maintainability and sustainability
– Adaptability for local content
– Low bandwidth
– Power supply

16. Library & Information Services:
Challenges
• Budget constraints on:
– information and communication technology
infrastructures;
– Collection development (acquisition);
– Human resources and
– Expansion and sustainability of services.
• Multidisciplinary professionals:
– In the library and information services
– User community.
• New breed of librarians and information
specialists

17. Library & information services enabled
by cloud computing: challenges
1. Most library computer systems are built on pre-Web technology;
2. Systems distributed across the Net using pre-Web technology are
harder and more costly to integrate;
3. Libraries store and maintain much of the same data hundreds and
thousands of times;
4. With library data scatter across distributed systems the library’s
Web presence is weakened;
5. With libraries running independent systems collaboration
between libraries is made difficult and expensive;
6. Information seekers work in common Web environments and
distributed systems make it difficult to get the library into their
workflow ;
7. Many systems are only used to 10% of their capacity. Combining
systems into a cloud environment reduces the carbon footprints,
making libraries greener
OCLC, 2010. http://www.oclc.org/content/dam/oclc/events/2011/files/IFLA-winds-of-change-paper.pdf.

18. Library & information services enabled
by cloud computing: potential
1. Take advantage of current and rapidly emerging
technology to fully participate in the Web’s information
landscape;
2. Increased visibility and accessibility of collections;
3. Reduced duplication of effort from networked technical
services and collection management;
4. Streamlined workflows, optimized to fully benefit from
network participation;
5. Cooperative intelligence and improved service levels
enabled by the large-scale aggregation of usage data;
6. Make libraries greener by sharing computing power thus
reducing carbon footprints.
OCLC, 2010. http://www.oclc.org/content/dam/oclc/events/2011/files/IFLA-winds-of-change-paper.pdf

19. Legal aspects influencing library cloud
computing
• The basic principle is that the library “rents” the
application functionality from a service provider
instead of the traditional approach of “owning” the
software. This renting of computing services as
needed, deploying of applications, storing and
accessing data is equated with a scalable computing
power at a much reduced cost structure.
 Legal frameworks have been developed to govern the
availability, quality, security, expandability, etc. of such
services.
 Information policies should be in place to allow for
better legal agreements, audit, transparency and
accountability.

20. Legal aspects influencing library cloud
computing
• Some regularity controls need to be articulated as part
of the relation between the library and the cloud
service provider, including:
– reasonable assurance that library staff are aware of their
responsibilities related to the confidentiality, integrity, and
availability of data and information systems;
– reasonable assurance that systems and services are
available to library users in accordance with the controlling
Service Level Agreements (SLA);
– reasonable assurance that installation of services are
properly partitioned and configures to ensure contractual
obligations are met; and
– reasonable assurance that confidential and/or personal
client data including system access credentials are
protected (e.g., encrypted) from unauthorized interception
when transmitted over open networks e.g., Internet.

21. Legal aspects influencing library cloud
computing
 Vendor lock-in and proprietary technologies. If
library data and databases get locked in, then the
flow of data will be disrupted, disrupting the very
nature of the cloud itself.
• Licensing agreements for access, availability and
ownership:
– Flat fee vs. pay per use
– Best seller phenomena
– Consolidation of resources
– Digitization and preservation
– Data ownership

22. Legal aspects influencing library cloud
computing
• National vs. international jurisdictions for:
– Definition of terms and conditions;
– Conclusion of agreements;
– Terms, conditions of payment, including currency;
– Conflict resolution and arbitration.

23. The EU Cloud Service Level
Agreement Standardization Guidelines
• The guidelines will help reassure cloud users that the
Service Level Agreement and the contract with the
cloud provider meet key requirements. These include:
– the availability and reliability of the cloud service being
purchased;
– the quality of support services they receive from their
cloud provider;
– what happens to their data when they terminate their
contract;
– the security levels they need for their data;
– how to better manage the data they keep in the cloud.
http://ec.europa.eu/newsroom/dae/document.cfm?action=display&doc
_id=6138

24. Access to information is a human right
• The United Nations Universal Declaration of
Human Rights (1948), Article 19 sets out rights of
freedom of opinion, expression and access to
information for all human beings.
• The Article (19) expressly sets out a right to
“Seek, receive and impart information and ideas
in any media and regardless of frontiers”;
• Libraries, information centers and services and
all modern methods and tools for managing
knowledge (collecting, processing, storage,
dissemination, sharing, utilization) fit into this
domain.

25. Library ethics in a changing environment
• Protection of the privacy of the library user
(patron) and confidentiality of data are basic
principles of librarianship;
• This principle was strictly safeguarded by the
librarians when they kept paper records. They
were safeguarded when library computer
systems were locally developed, configured
and managed.

26. Library ethics in a changing environment
• The challenge by cloud computing emerged as
data on library users is kept on third party
computers out of direct control of the librarians;
• Personal data and usage transitions may include:
– Personal information which may expose the patron to
abuse if leaked including unsolicited marketing,
exposure of professional, research and personal
interests, address, family history, user names,
passwords and other credentials; etc.;

27. Library ethics in a changing environment
• Transactions data by a user may include:
– Frequency and timing of visits/searching the
database;
– Materials requested fro acquisition or interlibrary
loan,;
– Materials borrowed, downloaded or used;
– Search strategies used to find content or
references;
– Private space on the cloud where downloads,
profiles, private content is stored;

28. ALA code of ethics: selected elements
I. We provide the highest level of service to all library users through
appropriate and usefully organized resources; equitable service policies;
equitable access; and accurate, unbiased, and courteous responses to
all requests.
II. We uphold the principles of intellectual freedom and resist all efforts to
censor library resources.
III. We protect each library user's right to privacy and confidentiality with
respect to information sought or received and resources consulted,
borrowed, acquired or transmitted.
IV. We respect intellectual property rights and advocate balance between
the interests of information users and rights holders.
V. We strive for excellence in the profession by maintaining and enhancing
our own knowledge and skills, by encouraging the professional
development of coworkers, and by fostering the aspirations of potential
members of the profession.

29. Arab Federation of Libraries and
Information Code of Conduct
The Code of Conduct issued by Arab Federation of
Libraries and Information (AFLI) included a number of
elements under the section “Information and Intellectual
Priority”, including:
– Ensure satisfaction of users anywhere, …;
– Encourage the free exchange of information and
resources, open licenses, and other means to support
access information in equal, fast and economic manner;
– Library and information specialists have to protect the
right of users for privacy and confidentiality of their
information activities in addition to respecting their
personal data taking into consideration the social
responsibility and placing public interest above personal
interest.

30. Security and privacy issues in the
library cloud environment
• Confidentiality: ensuring that personal and system data is not accessed by
unauthorized parties.
• Integrity: ensuring the accuracy and consistency of both bibliographic and
non-bibliographic data.
• Authentication: ensuring that library users are the persons they claim to
be and who have the right to access the resources.
• Access control: ensuring that library users access only the part (s) of data
that they are allowed to access based on their authentication and access
levels.
• Non-repudiation: ensuring that a party of a communication cannot deny
having sent or received the data.
• Privacy: ensuring that library users maintain the right to control the
personal data collected about them, how it is used, who uses it, who
maintains it, and what purpose it is used for.
• Audit: ensuring the safety of personal and transaction data and the overall
Cloud library system by recording and monitoring all users and data access
activities .

31. Thank you
shorbajin@e-marefa.net
Q&A