Cloud computing could be described as the shift from storing data on hard disks on our computers to servers in the clouds (i.e., huge server farms). Cloud computing offers ubiquitous access to all our data and services from any device anywhere around the world (where there is Internet connection). At the same time, the fact that our data are stored with a third party - often in pieces and copies scattered around several jurisdictions - raises concerns for privacy. Security of the cloud is likely to be on a much higher level than of our own computers, but the risk from penetrating into a system of any cloud provider increases, since each cloud contains vast information about many citizens and companies.
The first wave of cloud computing started with the use of online mail servers (Gmail, Yahoo!), social media applications (Facebook, Twitter) and online applications (Wikis, blogs, Google docs). Apart from everyday applications, cloud computing is extensively used for business software. More and more of our digital assets are moving from our hard disks to the cloud. The main players in cloud computing are Google, Microsoft, Apple, Amazon, and Facebook, who either already have or plan to develop big server farms.
From hard disks to cloud computing
In the early days of computers, there were powerful mainframe computers and ‘dumb’ workstations. The power was in the centre. After that, for a long time, with PCs and Windows applications, computer power moved to the periphery. Will cloud computing close the circle? Are we going to have a few big central computers/server farms and billions of dumb units in the form of notebooks, monitors, and mobile phones? The answer to this and other questions will need time. Currently, we can identify a few Internet governance issues which are very likely to emerge in parallel with the development of cloud computing.
- With more services delivered online, modern society will increase its dependence on the Internet. When the Internet went down in the past, damage was limited to the inability to send e-mails or browse the web. In the era of cloud computing, we may not even be able to write texts or perform calculations. This higher dependence on the Internet will imply higher pressure on its robustness and reliability.
- With more of our personal data stored on clouds, the question of privacy and data protection will become central. Will we have control over our text files, e-mails, and other data? Could cloud operators use this data without our permission? Who will have access to our data?
- With a growing volume of information assets going digital, countries may become uncomfortable with having national information assets outside their national ‘borders’. They may try to create national or regional clouds or make sure that existing clouds are managed with some degree of international supervision. Nationalisation of clouds could be further accelerated by the fact that all main operators in this field are based in the United States. Some argue that the current ICANN-centred debate may be replaced by an Internet governance debate on the regulation of cloud computing.
- With a diverse set of operators of cloud computing, the question of standards is becoming very important. The adoption of common standards will ensure a smooth transfer of data among different clouds (e.g. from Google to Apple). One possibility that is being discussed is the adoption of open standards by the main players in cloud computing.
There are a number of working groups on cloud computing, such as The Open Group Cloud Computing Work Group, which includes some of the industry’s leading cloud providers and end-user organisations; and the Cloud Computing Strategy Working Group by the European Telecommunications Standards Institute (ETSI).
The governance of cloud computing is likely to emerge through the interplay of various actors and bodies. For example, the EU is concerned with privacy and data protection. The Safe Harbour agreement, which was meant to solve the problem of different privacy regimes in the USA and the EU, has been declared invalid by the European Court of Justice in October 2015. With more digital data crossing the Atlantic Ocean, the EU and the USA will have to address the question of protection of privacy according to EU regulation by US companies, the main operators in cloud computing. This issue came into sharper focus after the Snowden revelations of mass surveillance.
Standards will most likely be developed through agreements among the main companies. Google has already started a strong push towards open standards by establishing the Data Liberation Front, aimed at ensuring a smooth transition of data between different clouds. These are the first building blocks that will address the question of the governance of cloud computing. Others are likely to emerge as solutions for concrete policy problems.