5 May 2011
The American computer scientist John McCarthy – who coined the phrase “artificial intelligence” – predicted in 1961 that computing power may someday become a public utility, much like electricity or water. The idea that you could flick a switch for data-crunching was as futuristic at the time as humanoid robots or flying cars.
But 50 years on, a robot has won the US quiz show “Jeopardy”, multiple jet-propelled skycars are under development and McCarthy’s computing vision is slowly taking shape. The idea of siphoning computing power from afar – cloud computing – has been in active development for much of the past decade, with companies such as Google, IBM and Amazon playing a central role.
Now the EU is rapidly adopting the idea, hoping that it can streamline businesses, rid the 27-country union of overlapping infrastructure and ultimately save time and money.
But it’s also causing intense headaches for EU regulators, who are troubled by issues of privacy and jurisdiction, including tough questions about who owns information and who bears responsibility for how European laws are applied.
Clouds all around
Anyone who uses Gmail, Flickr or other services where the data is not saved on their computers is already taking advantage of cloud computing. Businesses are increasingly switching their entire networks to such internet-based systems.
Although, while it saves money, it also means that personal data can essentially be stored anywhere in the world and that the ability to reach it depends solely on the cloud provider working properly. It’s a potential privacy and logistical nightmare.
Still, the economic argument is striking: The Centre for Economics and Business Research predicts that Europe’s five largest economies could save €177bn ($257.1bn) – roughly the output of Ireland – each year for the next five years if all their businesses were to switch over at the expected rate.
In response to the new business possibilities and in an effort to head off the impending privacy concerns, the EU executive is putting together its first cloud-computing strategy. The target for completion is next year, and there’s a sense of urgency to get ground rules in place.
“Normally I prefer clearly defined concepts,” Neelie Kroes, the EU’s top official responsible for information technology and the digital agenda, said as she announced the unveiling of the EU’s cloud strategy in January. “But when it comes to cloud computing I have understood that we cannot wait for a universally agreed definition. We have to act.”
Compared to the US, Europe has been a slow adapter to the new technology. Last year, western Europe accounted for less than a quarter of the $68bn spent globally on cloud-computing services, according to technology research consultancy Gartner. The US occupied nearly 60 percent of the market. That leaves plenty of room for the technology to expand in Europe, but it’s the privacy issue that is likely to prove the biggest hurdle to a rapid and successful expansion.
One significant problem is that there’s no way for a user to verify where their data is sitting, whether on a server in Sao Paolo, Siena, Singapore or Seoul. This raises a particular problem for EU Member States, who under EU law can only send personal data outside EU borders if the receiving country meets “adequate” privacy standards.
It’s also unclear under EU regulations whose privacy laws would apply in any dispute where the end-user, the cloud-provider and the actual data servers are all in different countries. For that reason, the EU’s 27 Member States are first trying to align their privacy laws and close jurisdictional gaps.
“This is a necessary condition for cloud computing to be effective in the near future,” said Daniele Catteddu, a communication security expert working on the EU’s cloud computing strategy. “The major obstacles are legal barriers, the enormous levels of bureaucracy, the difficulties of being compliant with 27 different sets of rules,” he said.
One Sunday last February, tens of thousands of Gmail users opened their email accounts only to find them completely empty – data stored in the cloud had temporarily disappeared.
“In some rare instances, software bugs can affect several copies of the data. That’s what happened here,” Google’s vice president of engineering explained on the company’s blog. Although the data was recovered, it was a jolting reminder that using the cloud means giving up control and that the technology is only as good as its stability and reliability.
Similar incidents have happened to businesses. In 2006, the British-Swedish gaming services company GameSwitch lost access to its software and data following a police raid on a different company that happened to use the same data centre.
“It basically comes down to the degree to which you trust the cloud-provider,” said Giles Hogben, a communication security expert for ENISA, the EU’s internet security agency. Determining whether to trust can be tricky for customers because providers are wary of disclosing their exact security infrastructure, arguing that to do so would make them more vulnerable to cyber-attack, Hogben said.
Customers also do not have much bargaining room with cloud providers, according to a study conducted at Queen Mary, University of London. As with electrical companies or other utilities, it’s “take it or leave it”. EU regulators have taken note of the potential issues. “We can’t simply assume that voluntary approaches like codes of conduct will do the job,” Kroes said recently. “Sometimes you need the sort of real teeth only public authorities have.”
However once the regulation eventually shakes out, big computing companies like Microsoft say cloud computing will be the next big thing for Europe and the rest of the world.
“It really is the future. All of our products will run on the cloud,” Microsoft associate general counsel, Ron Zink, told reporters. Zink said 70 percent of Microsoft’s research and development funds were already devoted to cloud computing, with the figure expected to rise to 90 percent soon.
Kroes is also pushing for more of Europe’s public sector to switch to cloud computing, following the US, which is planning to close 800 of its 2,100 data centres, almost 40 percent, by 2015 as part of a new “cloud-first” policy. “I want to make Europe not only ‘cloud-friendly’ but ‘cloud-active’,” Kroes said. The aim and the ambition are there, but negotiating the legal and privacy maze may take time first.