jueves, 19 de diciembre de 2013

The European Parliament: The #cloud king is naked

According with one of  its most used definitions, a technology is considered a General Purpose Technology (GPT) when it has the following features
  • It is a single, recognisable generic technology
  • Initially has much scope for improvement but comes to be widely used across the economy
  • Has many different uses
  • Creates many spillover effects
Up to a certain degree, Cloud-Computing meets these four features of a GPT, and therefore could be thought a transformational technology of our society in the same level as the steam engine, electricity or the Internet. This rationale is behind the high degree of priorisation given by the governments to the development of a national cloud-computing industry.

However, not all the nations will be able to develop their own cloud-computing industry. There is a need of an strong and big national basis to boost the industry to the transnational level, because, due to its nature,  it is not possible to compete in the international cloud market without this strong national basis. As usual, in the fragmented Europe the only solution is tackling the development of the cloud industry from an European perspective.

Not tackling the development of the cloud.computing industry at the European level has clear economic implications. According with a recent study, only 6% percent of the cloud providers are European, while the USA counts with an 88% share of the market. This fact not only has an impact in terms of value added to the GNP, the same study indicates that 63% of the revenues are generated by USA suppliers and 23% by EU suppliers, it also has an impact in the development of colateral markets (e.g. cloud insurances), employment and the taxes collected by the governments.

Due to this foreseen economic impact, the US industry has accused the EU countries of being obstructionist when they use their legal framework as a reason for not using cloud-computing services in a massive scale. Neither governments nor big companies have migrated to the cloud its IT infrastructure, and cloud services are only a clear success among SME and consumers. But the theorical false excuse have taken a real form with the Snowden case, and the European Parliament (EP)  has published probably the best report ever about how the cloud could be a driver factor to weaken our fundamental rights. Although the driver of the document are the recent PRISM-related revelations, it provides a whole set of details to being taken into consideration for the development of a cloud-computing policy in Europe.

To begin with, the EP document gives an interesting historical background of US surveillance. Perhaps the most revealing detail are the existence of possible secret surveillance treaties between US and UK as a continuation of their II World War partnership against the Nazis. Certainly, a possible secret "no spy" agreement between them could explain the opposition of UK government against the European Commission (EC) proposal for a new Data protection regulation in EU, as well as its petition to "The Guardian" to destroy Snowden files or to hand them back.

Something that also should concern us is the complexity of US regulation related with intelligence surveillance on communications. To begin with, the Fourth Ammendment that protects US citizens rights to privacy it does not seem applicable to EU citizens or any other foreign citizens. But even more, even if it protect them a twisted interpretation of the third party doctrine could have as a consequence not having "a reasonable expectation of privacy" and our transactions in the cloud being inspected without the supervision of an independent judge. Even more, the power of surveillance does not stop in infrastructures deployed inside USA, an 2007 ammendment of the FISA could also be interpretated as a new power targeted at the communications of non-US persons located outside the territory of the US. As cloud infrastructure could be considered as a communication infrastructure, the report concludes, the US legal framework related with intelligence surveillance has a consequence a legal uncertainty over EU citizens fundamental rights in their usage of cloud services provided by US companies.

The report gives in the end some recommendations about how to increase the degree of protection for EU citizen in the usage of cloud services. Perhaps, the most important one is the recommendation to renegotiate the agreements for transfer personal data between USA and EU. The general idea is that if we want that the US companies to fulfill our Data Protection legal framework we need to introduce heavy sanctions in case they do not comply with it. The reason is obvious, cloud computing introduce in the IT providers the need to fulfill with different legal frameworks and now the legal framework in the USA is more strict than the one we have in the EU (e.g. if a US provider does not comply with intelligence surveillance regulation faces prison). The document even critizises the Safe Harbour agreement as a false solution with insufficient safeguards.

Certainly cloud computing looks as a powerful and needed solution for many applications, for instance it is unthinkable to thing in big data applications without cloud storage capabilities. Same could be said about the processing needs for smart cities. But without the trust there will not be a take-up of cloud services, and the document of the EP has had the courage to denounce this need.

No hay comentarios:

Publicar un comentario

palyginti kainas