“Web 2.0” is the name for the latest Internet based technologies. Web 2.0 now provides a much improved user’s experience but there are reasons to be cautious. This article will discuss some of the reasons starting with a brief history.
Most everyone of adult age remembers the dot-com bubble burst that happened in the year 2000. The Internet was the latest hot thing that was going to change people’s lives by offering new services that were previously non-existent such as buying books, music and postage on-line. Billions of dollars of investor’s money was raised on these new, hot business ventures and the majority of these companies failed at about the same time in the middle of 2000. Some of the dot-com companies survived the bubble burst because they had a sound business model and were able to produce the services that were promised. EBay and Amazon are just two examples.
Certainly many things have changed in the past seven years in both the technical and legal realms that pertain directly to Businesses, Information Technology and the Internet combined. In 2002, the Sarbanes-Oxley Act became law in response to the Enron and WorldCom disasters. This law applies to publicly traded companies in order to curtail financial fraud to protect employee’s pensions and investor’s funds. Without going into a complete dissertation on this law, a large financial burden fell upon publicly traded companies to upgrade their internal processes, procedures and IT systems in order to comply with this law.
In 2004, an amendment to the FRCP or Federal Rules of Civil Procedure became law. Part of the new FRCP requires all companies who are defendants in U.S. courts to provide evidence of their processes for archiving and retrieving records in the event that the records need to be subpoenaed. In very recent history Microsoft was levied a fine because they were unable to produce certain emails that were subpoenaed. Also, the FIPS or Federal Information Processing Standards have been updated which includes standard number 140-2. This standard pertains directly to the encryption and security of digital information that is protected by any number of Federal laws such as HIPAA or The Health Insurance Portability and Accountability Act. In summary, this FIPS rule applies to all companies that store digital information that is regulated under any of the Federal laws and requires certification from the NIST or National Institute of Standards Testing.
Perhaps one of the contributing factors to the 2000 dot-com failures was the fact that the Internet was a lack-luster experience for users of the Internet. People who used the Internet with Web Browsers had to suffer from a poor experience because the technology was based strictly on HTML or Hyper Text Markup Language. With HTML only, a person on their computer and browser had to wait for the complete web page to reload and update each time they clicked on a link. This could take up to a minute or more on dial-up connections. Today the majority of web sites are still based on HTML only, but thanks to newer broadband Internet connections, the user experience has improved, somewhat. However, even with a broadband connection, HTML based web applications are still no match to the user’s experience of using a locally installed and executed “Desktop” application such as word processors, spreadsheets and e-mail.
Since the development of the AJAX technology and other similar technologies like FLASH, several new Internet buzzwords have appeared. The new hot Internet thing now is known as Web 2.0 and is based strictly on these asynchronous technologies. Part of the Web 2.0 is a new business model known as SaaS or Software-as-a-Service and is also referred to as Hosted Applications. With SaaS a computer user can use Internet based applications that are identical to conventional software applications that are installed and run on the user’s personal computer “Desktop”. Word processing, spreadsheets, Customer Relationship Management (CRM) and e-mail are a few examples of applications that are now available as AJAX-Saas web applications. Microsoft’s “Office Live” is perhaps one of the most useful SaaS examples. The financial justification for SaaS is that the user does not have to buy a software package (license) and maintain it. The user simply goes to a SaaS web site, enters their login credentials, and uses the software for a nominal fee. There are other aspects of Web 2.0 technologies such as SOA or Service Oriented Architecture for future articles.
As great and promising as Web 2.0 sounds with the reality of serious financial benefits, there are also serious legal pitfalls. If you are a non-business user of Web 2.0 services, there should be no problems. The legal pitfall for business users of Web 2.0 stems from the fact that most SaaS applications reside on an Internet hosted server and so are the user’s computer files. This fact alone violates the three previously mentioned Federal laws and regulations for many businesses. If an SaaS provider is willing to send their attorneys with your attorneys to a U.S. Court for the FRCP discovery phase of a law suit, then we only have the two other legal issues to address. That’s really going to happen now isn’t it? If you don’t put FIPS regulated data on a SaaS service, then that isn’t an issue but how can your company know that it isn’t? As for Sarbanes-Oxley compliance, are you willing to pay your accounting firm’s auditors to audit your SaaS providers? This is not going to happen either. Recently Google has acknowledged the FRCP legal issue with the use of their gmail service and they now offer a fee based service that will automatically print and mail a copy of a user’s emails. Not many business email users will be willing to archive all paper copies of their emails. And what about the postal service costs? This is a self defeating reason for using SaaS email.
The solution to these legal issues and other compliance issues is to use Web 2.0 services (SaaS) that execute on remote servers but store the user data on the business’s in-house servers where it can be safe guarded and easily audited. If a SaaS provider cannot provide this functionality then a locally installed network appliance can accomplish this task. These appliances can capture the flow of XML data between the users and the Web 2.0 providers and send it to a local data base archive. Perhaps the capturing of XML data traffic could be yet another Web 2.0 service.