EIF's debate on 29 September focused on one of the hottest Internet topics of today: Cloud Computing and its regulatory framework. This framework has the potential of facilitating or undermining confidence in Cloud Computing. That confidence can only materialize when trust and security are in place. Only then will businesses, governments and consumers hop on the Cloud bandwagon.
Professor Ian Walden from London University explained that there are 4 regulatory areas where there is uncertainty in how the regulatory framework could and would apply to cloud computing. The first one is privacy. The privacy framework needs to become less bureaucratic. Compliance with privacy rules is still too costly between jurisdictions and therefore there is a risk of creating regional clouds by uploading European data into European clouds and American data in American clouds. This would be something that defies the Cloud business model and can hamper its growth.
Security is another key issue in Cloud Computing. In the Cloud, data is copied and distributed on multiple bases and this provides a robust computing platform. However, there are those that seek to attack data centers. That is why enforcement of security and spending money on such enforcement will be important. Transparency about the nature of security is also an essential element that needs careful consideration. For instance, if a service provider offers a backup of your local hard drive in the Cloud, but then states that they are not responsible should they lose your data, this would go directly against the spirit of what Cloud Computing is all about.
Last but not least, uncertainty still exists about the regulatory characterization of Cloud Computing. What is Cloud Computing? Is it an information society service or an electronic communication service? Currently there are no exact answers to this and other questions. This goes together with jurisdictional uncertainty. Governments, businesses and private users are concerned about the multiplicity of jurisdictions. Questions arise such as when and where do US authorities have access to EU data and when not?
Perhaps one solution to gain government confidence in Cloud Computing would be a system of data sovereignty based on diplomatic immunity. This would mean governments would still have access to information in the Cloud with sovereign control because diplomatic rules would be in place.
Learning by doing seems to be the best way forward. Mr. Nikos Kryvossidis, Engineering Director for Google's YouTube explained it with an interesting case study about jurisdiction and territoriality of copyright. YouTube had signed a contract with the Olympic Committee to make available clips from the Olympic Games via YouTube in certain territories, except for the U.S. In the U.S., NBC had the exclusive rights and therefore YouTube engineers developed a mechanism to prevent Olympic Games' clips from being seen in the U.S. Someone broke the protection system on YouTube and engineers had to work around the clock in the weekend to resolve the issue. Based on that experience YouTube created a content ID system to prevent distribution of illegal content by comparing uploaded content with a signature database. This system also alllows content control in particular jurisdictions.