Friday, September 12, 2008 - The Progress & Freedom Foundation Blog

Still Cloudy on Cloud Computing: A Matrix to Guide the Coming Policy Debates

Today Google's DC office hosted an interesting panel on cloud computing. What was missing was a good definition of what cloud computing actually is.

While Wikipedia has its own broad definition of cloud computing, many think of cloud computing more narrowly as strictly web-based for which clients need nothing but a web browser. But that definition doesn't cover things like Skype and SETI@home. And just because PFF has implemented Outlook Web Access so we can access the Exchange server via the Web, doesn't necessarily mean we've implemented what most people might think of as "cloud computing." Yet these are all variations on a common theme, which leads me to propose my own basic definition: any client/server system that operates over the Internet.

To understand the potential policy and legal issues raised by cloud computing so-defined, one must break down the discussion into a 4-part grid. One axis is divided into private data (e.g., email) and public data (e.g., photo sharing). The other axis is divided into data hosted on a single server or centralized server farm and data hosted on multiple computers in a dynamic peer-to-peer network (e.g., BitTorrent file sharing).

Examples User Data is Public User Data is Private
Centralized Server(s) Blogs Discussion boards Flickr Web-based email servers Windows Terminal Services
Peer-to-Peer BitTorrent FreeNet (article) Skype Wuala

There are also a great number of peer-to-peer cloud computing projects that don't require the sharing of user data. SETI@home may be the most well-known example: When the Search for Extra-Terrestrial Intelligence (SETI) project lost its funding and could no longer afford the massive servers it used to process the data from its radiotelescopes, it realized that it could distribute the work to Internet users in the form of a screensaver (thus the SETI work would only be done when a user's computer was idle).

It is encouraging to see that Congress is no longer considering simply outlawing cloud computing (which used to be called distributed computing), but if there is to be an intelligible debate about policy responses to cloud computing,, we must define our terms and realize that policies beneficial to some forms of cloud computing may complicate-sometimes fatally, in business terms-other forms. For example, regulations imposed on companies storing users' personal data may stymie peer-to-peer backup applications like Wuala, which distributes each user's backup data to other users, but uses encryption to prevent users from accessing the data they're storing for others. Wuala might be forced to close down if regulations requiring companies to keep records for a set period of time or follow separate procedures for minors were interpreted to apply to each Wuala user.

As Georgetown CCT professor Mike Nelson explained at the Google workshop, technology generally follows a clear evolution in the following steps: from hardware to software to people to organizations to policy. It's taken a long time to educate lawmakers about the Internet. Today's panelists all seemed to agree that cloud computing could be "the next big thing." That necessarily means that the education process for lawmakers needs to start all over again, explaining the ways in which cloud computing is similar to prior technologies, the ways it's different, and the salient differences among the four broad categories of cloud computing described above. Until that's done, any talk of legislation in this area is simply premature.

posted by Adam Marcus @ 5:50 PM | Internet