PeaceGeeks Virtual Volunteer Internship
PeaceGeeks Virtual Volunteer Internship
Last year (2012) I accepted a volunteer virtual internship with a non-profit organization, PeaceGeeks.org. This wonderful organization is located in Canada, and since they do work for organizations across the globe, a virtual internship was the best option.
I’d like to outline the work I have done and the areas in which I had to explore and research in order to effectively do the job that they required.
International Tech Laws & Cloud Computing
Due to the nature of the organization, it was vital to learn the limitations that could affect them and their customer base, depending on the country their services were being used in. This was a tricky topic to explore, since they help organizations all over the world, specifically in low tech regions of the world. (That’s the point of the organization – to bring technology and assistance to areas that do not have easy access to it.) The organization would not be able to function without crossing international borders.
My biggest problem with this was the overall sense of fear that some countries displayed when dealing with privacy laws, international laws, and data storage. I could not assume that since PeaceGeeks was located in Canada, that they were protected strictly under Canadian/U.S./Great Britain laws. (Although that was very helpful and allowed for a much greater sense of security.) But we had to lock down how any product or service was used and where it was being used, in order to protect their organization (and subsequently any organization they were helping). A good example of this gray area would be Italy’s prosecution of Google Executives . This was one of several cases I researched and studied in order to have a good foundation of potential problems.
Another concern is that PeaceGeeks provides continuous support to organizations, as long as they require it. Which I categorized as a ‘Support Contract’ (for lack of better term). So with this in place, I created a standard contract with the organization limitations and requirements. Since PeaceGeeks would remain responsible for their service use, this would allow a fail safe, in the event a customer /organization were to use the product or services in a way it was not intended. However, I did not want to limit their use in the same vein as the big corporations do, this was strictly for self preservation and safety -only limiting users based on laws prohibiting the action, not only for PeaceGeeks but all organizations involved. An example would be: If an organization requested a product to use in Canada but would later like to use the same technology in India. (Under the ITA-2000 under mandatory decryption, law enforcement can require any encrypted data be decrypted or serve a 7 year prison sentence for non-compliance.) Another example of potential issues is China’s WAPI protocol, even though it has been rejected as late as mid 2012 by the ISO, China has been submitting this protocol since 2004 and was a big factor in the US/China Trade Dispute. So knowing the local laws became vital, not only in the implementation of the products and services, but also in maintaining support afterward.
I quickly realized that I needed some form of tech law database. I do belong to several Info Sec organizations as well as several LinkedIn groups. So I reached out for advice.
Conclusion with Experience Notes
In closing, this was a very good learning experience for me. I learned what keywords to use to promote my specific interests, since Information Security is such a huge industry, narrowing down what you find fascinating and fun, is very important. I also learned a great deal about the limitations and how easily the situation can become complicated based on multiple countries and their own laws coming into play. What is alright i one country is illegal in another. Or there is a slight variation, enough to cause confusion. Paying attention to changes and differences in the laws is critical when working with companies around the globe. Especially when the teams are used to their own countries laws and may enter into sticky territory when they assume they apply in another country. Overall, it was a great opportunity to learn and find my own comfort level and interest areas.