Cloud computing
Tissa Jayaweera, Chairman, International Chamber of
Commerce Sri Lanka
Tissa Jayaweera
|
The International Chamber of Commerce sponsored Business Software
Alliance (BSA) study, Global Cloud Computing Scorecard was analyzed and
prepared by ICC Germany. BSA Global Cloud Computing Scorecard ranks 24
countries accounting for a total of 80 percent of the global ICT market,
based on seven policy categories that measure the countries’
preparedness to support the growth of Cloud computing.
Cloud computing marks the next contribution that software and
computing technologies will make toward greater productivity and
expanded economic growth. In small and large enterprises, as well as
government offices around the world, Cloud computing provides
initiatives that countries can and should take to ensure that they reap
the full economic and growth benefits. It is well established that each
of the individual elements of Cloud computing is critical to economic
growth and job creation as the Cloud provides a positive multiplier
opportunity. Executing on these policies will promote innovation. Cloud
computing will ensure that innovation is fully harnessed and realized.
There is a sharp divide between advanced economies and the developing
world when it comes to Cloud readiness. Japan, United States and
European Union, have established a solid legal and regulatory base to
support growth of Cloud computing. This is significant because, full
benefits of a global Cloud computing environment require a broad network
of effective laws and regulations.
Potential efficiencies and economies of scale enabled by the Cloud
truly take hold through effective laws and regulations. Cloud ready
legal and regulatory environments of these countries provide models for
those in the bottom half of the Cloud train including India, China and
Brazil. These regulatory environment models take on additional
importance when growth of the bottom half countries takes place.
As millions of new consumers and small businesses around the world
gain access to an Internet enabled environment, the global economy will
gain and grow most when they have the full power of the Cloud at their
fingertips. Such access, though, will require significant legal and
regulatory reforms.
Cloud computing is not any one thing. It is a mix of software enabled
resources and services that can be delivered to the user on an “as
needed” basis. As the United States National Institute of Standards and
Technology puts it, “Cloud computing is a model for enabling ubiquitous,
convenient, on demand network access to a shared pool of configurable
computing resources, networks, servers, storage, applications and
services that can be rapidly provisioned and released with minimal
management effort or service provider interaction”. What is more
important and more understandable are the economic and social benefits
inherent in Cloud computing. For small and large businesses, governments
and consumers, it equalizes access technology. It allows individuals to
enjoy the benefits that large users have long enjoyed, opening the door
to vastly greater enhancements in efficiency, productivity and
competitiveness for businesses in the global marketplace. For
governments, Cloud computing presents a twofold opportunity. The chance
to improve productivity and citizen engagement through IT procurements
as well as the benefit of encouraging economic growth, sustainable job
creation, higher wages and standards of living by encouraging the IT
economy.
Cloud computing is a technological paradigm that is certain to be a
new engine of the global economy. Attaining those benefits will require
governments around the world to establish the proper legal and
regulatory framework to support Cloud computing. The economic growth
predicted to flow from Cloud computing and the resulting transformation
of both businesses and national economies is predicated on the proper
policies being in place.
The success of Cloud computing depends on users faith that their
information will not be used or disclosed in unexpected ways. At the
same time, to maximize the benefit of the Cloud, providers must be free
to move data through the Cloud in the most efficient way. Users must be
assured that Cloud computing providers understand and properly manage
the risks inherent in storing and running applications in the Cloud.
Cloud providers must be able to implement cutting edge cyber security
solutions without being required to use specific technologies.
In Cyberspace, as in the real world, laws must provide meaningful
deterrence and clear causes of action. Legal systems should provide an
effective mechanism for law enforcement for Cloud providers themselves,
to combat unauthorized access to data stored in the Cloud. In order to
promote continued innovation and technological advancement, intellectual
property laws should provide for clear protection, vigorous enforcement
against misappropriation and infringement of the developments that
underlie the Cloud. The smooth flow of data around the world as with
between different.
Cloud providers require efforts to promote openness and
interoperability. Governments should work with industry to develop
standards, while also working to minimize conflicting legal obligations
on Cloud providers.
By their very nature, Cloud technologies operate across national
boundaries. The ability of Cloud to promote economic growth depends on a
global market that transcends barriers to free trade, including
preferences for particular products or providers. Cloud computing
requires robust, ubiquitous and affordable broadband access. This can be
achieved through policies that provide incentives for private sector
investment in broadband infrastructure and laws that promote universal
access to broadband. The move to the Cloud and capitalization on its
benefits across the board is inevitable and an urgent task lies ahead
for governments. To obtain the benefits of the Cloud, policymakers must
provide a legal and regulatory framework that will promote innovation,
provide incentives to build the infrastructure to support it and promote
confidence that using the Cloud will bring the anticipated benefits
without sacrificing expectations of privacy, security and safety.
The first of its kind BSA Global Cloud Computing Scorecard ranks 24
countries accounting for 80 percent of the global ICT market based on
seven policy categories that measure the countries’ preparedness to
support the growth of Cloud computing. This unprecedented insight into
the laws and regulations of markets around the world provides a window
into which countries are best poised to capitalize on the technological
and economic benefits of Cloud computing.
All countries, regardless of their level of economic development,
could benefit from coordinated policy responses for the government and
the public to fully benefit from Cloud computing.
Among findings, the Scorecard reveals that while developed nations
are more “Cloud ready” than developing economies, troubling obstacles
emerge when examining the lack of alignment in the legal and regulatory
environments in many of those advanced countries. A healthy national
market for Cloud computing does not necessarily translate into a market
that is “in harmony” with the laws of other countries in a way that will
allow for the smooth flow of data across borders. It is this kind of
harmony that is needed to advance the growth of Cloud computing at the
level that will allow it to truly take advantage of its global
efficiencies. As in broader measures, the Scorecard finds two worlds
exist when it comes to Cloud preparedness.
Advanced economies like Japan the Scorecard’s top finisher have laws
and regulations that promise to support the development of Cloud
computing. Less developed economies, such as last place finisher Brazil,
face several challenges when it comes to fully capitalizing on the
economic benefits of the Cloud. Further, countries on both sides must be
vigilant not to take steps that would hurt their chances of growing the
Cloud market. Already many countries plan new laws that will help them
advance in the digital economy. New privacy laws of Mexico, have the
potential to advance the country’s score. Others, such as the proposed
Data Protection Regulation in the European Union, which has the
potential to undermine its benefits with new, overly prescriptive rules,
threaten to undermine the economic advances that a truly global Cloud
can provide.
Those interested in advancing Cloud computing can find a model in
Japan.
The country is the leader in Cloud readiness and easily topped the
Scorecard rankings. Japan has a comprehensive suite of modern laws that
support and facilitate the digital economy and Cloud computing, from
comprehensive privacy legislation that avoids burdens on data transfers
and data controllers to a full range of criminal and IP law protections.
Further, Japan is a leader in the development of international
standards related to Cloud computing and the country is working to
provide all households with high speed fiber broadband connections in
the next three years. Perhaps fittingly, the countries with the most
room for improvement are those countries where ICT sector growth will be
most dramatic in the coming years. Consider China, for example,
according to research firm IDC, the size of China’s ICT sector is
expected to nearly double between 2012 and 2015, going from $ 221
billion to $ 389 billion. International companies, confront several
obstacles to growth in China, including extensive regulation of Internet
content and the continued promotion of policies that discriminate
against foreign technology companies. The scorecard is a snapshot of the
current legal and regulatory regimes in the countries examined. Already,
countries around the world are moving to adapt their laws and
regulations to help boost Cloud computing. Some of these for example
are, new laws on privacy in India, Korea, and Mexico, while other
reforms are expected in the coming months and years. Finally, countries
must take care not to adopt new policies that inhibit the development of
the global Cloud economy. Some countries are placing geographic
restrictions on data and considering other limits on outsourcing of work
or off shoring of data. Germany, for example, is a country that scores
well in the initial Scorecard, but it threatens to undermine the
advantage with over restrictive legal interpretations to keep some data
within national borders. It is also clear in most categories that
numerous issues remain to be addressed and that all countries,
regardless of their level of economic development, could benefit from
coordinated policy responses for the government and the public to fully
benefit from Cloud computing.
The Scorecard examines major laws and regulations relevant to Cloud
computing in seven policy categories as well as each country’s ICT
related infrastructure and broadband deployment. These policy categories
align with the BSA’s Cloud Computing Guiding Principles, which underpin
the Scorecard’s analytical framework and its suggestions for providing a
workable framework to allow for the growth of Cloud computing.
The Scorecard examines data privacy regulation and the presence and
structure of privacy regulators in each jurisdiction, also examines
registration requirements for data controllers and data breach
notification requirements. The Scorecard reveals that most countries
have data protection laws in place and have established independent
privacy commissioners. Many of these laws are based on a mix of the OECD
Guidelines, EU Directive or APEC Privacy Principles. Unfortunately,
registration requirements for data controllers or data transfers may act
as barriers to the take up of Cloud services. Such requirements are
common in some countries, including requirements for registering cross
border transfers in some EU countries. Korea, which replaced its
patchwork of privacy protections with modern and comprehensive
legislation in 2011, scored 9.3 out of 10 available points to top the
Scorecard’s rankings in the privacy section. At the other end of the
spectrum, South Africa finished with 2.8 points.
The Scorecard also reveals substantial pending data protection law
reforms, with major reviews and proposals in China, European Union,
India, Singapore, South Africa and United States. This is an area of
rapid legal development. Unfortunately, some key jurisdictions,
including China, India, Indonesia and Singapore do not yet have any
substantial data protection laws in place. Such developments are
important because Cloud users will fully accept and adopt Cloud
computing only if they are confident that private information stored in
the Cloud, wherever in the world, will not be used or disclosed by the
Cloud provider in unexpected ways. National privacy regimes should be
predictable, transparent and avoid unnecessarily burdensome restrictions
on Cloud service providers such as registration requirements for data
controllers and cross border data transfers. Cloud providers should be
encouraged to establish privacy policies that are appropriate for the
particular Cloud service they provide and business model they use.
Consumers of Cloud computing and other digital services, including
private sector and government users need assurance that Cloud service
providers understand and appropriately manage the security risks
associated with storing their data and running their applications on
Cloud systems. The Scorecard examines whether security criteria and the
ongoing testing of security measures are the subject of regulation in
each jurisdiction. The Security section also examines electronic
signature laws and Internet censorship or filtering requirements. Japan
tops the Scorecard’s security section with 8.4 of the 10 available
points; Thailand’s regime, on the other end of the scale, nets just 1.6
points. The Scorecard reveals that most countries do have clear,
technology neutral electronic signature laws.
In addition, security requirements are in place in most jurisdictions
and security audit requirements were generally absent. A number of
countries, ranging from advanced markets like Korea 6.0 points on
security, to developing countries like India 4.4, have implemented
Internet filtering or censorship regimes that may act as a barrier to
the expansion of the digital economy and Cloud computing. Some regimes
regulate criminal conduct, including distribution of illegal material,
particularly child pornography.
However, a number of filtering or censorship schemes appear to
include a strong political element, they regularly block sites that
express political dissent. China, for example, restricts access to
online content under a large and complex legal and technical regime that
invokes the protection of national security and social order. This
factor played a significant factor in China scoring just 2.0 points in
the security section.
As Cloud computing involves the aggregation of massive amounts of
data in large data centers, it creates new and highly tempting targets.
As criminals turn their attention to these vaults of information, it
will become increasingly challenging to protect such data centers from
both physical and cyber attacks. Governments should ensure that domestic
laws provide an effective mechanism for law enforcement and for Cloud
providers themselves, to combat unauthorized access to data stored in
the Cloud. BSA examines these issues as well as rules relating to
investigation and enforcement, including access to encrypted data and
extraterritorial offences. The Scorecard finds that “most countries have
either computer crime legislation or cybercrime legislation and many
laws are broadly compliant with the Convention on Cybercrime.” Many
countries in the study,
EU members, Japan and United States have signed the Convention and
several other countries are considering signing. Australia and Mexico
are close.
Unfortunately, a few key jurisdictions still have gaps and
inconsistencies in their cybercrime laws. Canada, for example, signed
the Council of Europe Cybercrime Convention in 2001, but it has failed
to ratify the Convention for more than a decade. While the country has a
comprehensive computer crime law in place, it lacks essential online
investigation and enforcement tools, while Japan, Germany and France
scored a perfect 10.0 points in the cybercrime section, Canada trailed
6.2 points.
BSA examines rules on investigation and enforcement, including access
to encrypted data and extraterritorial offences. There is a greater
divergence in results in these fields. Intellectual Property Rights
Providers of Cloud computing and digital economy technologies and
services, as with other highly innovative products, rely on a
combination of patents, copyrights, trade secrets and other forms of
intellectual property protection. To encourage investments in Cloud R&D
and infrastructure, IP laws must provide strong incentives for these
investments, clear protection and vigorous enforcement against
misappropriation and infringement. Online intermediaries should have
incentives to behave responsibly and they should enjoy safe harbors from
liability when they do so.
The Scorecard reveals that countries are moving toward a consistent
approach on many key rights and protections. Gaps exist, however, in the
IP laws of key jurisdictions, including Canada, India and Thailand.
Russia, which finished in the 16th in the overall Scorecard rankings and
far back in the IP section with just 8.4 out of 20 available points,
serves as a prime example. The country was slow to make any progress on
its bid to join the Agreement on Trade Related Aspects of Intellectual
Property Rights, or TRIPS Agreement over several years. This and other
holes in the country’s IP regime could expose Cloud computing services
to risks. BSA also examines investigatory and enforcement approaches,
where there is a wide diversity of approaches and significant
inconsistency. Concerns also exist about the enforcement culture and
resources available in some jurisdictions. Even countries with up to
date IP laws sometimes fail to enforce these laws and piracy rates
remain high in many jurisdictions.
Support for Industry Led Standards and International Harmonization of
Rules Data portability and seamless use of interoperable applications
are key considerations for Cloud computing and digital economy
applications.
Consumers are demanding interoperability in the Cloud computing space
and industry is working hard through standards development organizations
and other international avenues to meet this demand. Government support
of these efforts is important. The Scorecard examines whether or not
governments encourage standards to be developed through voluntary,
industry led standards processes. It also examines international
harmonization of E-Commerce rules, tariffs and relevant trade rules. The
Scorecard reveals that governments take an inconsistent approach to
standards development and that many ad hoc decisions are made in the
absence of national frameworks and policies. Many countries have well
established frameworks for standard setting and United States National
Institute for Standards and Technology is carefully eyeing Cloud
computing. United States finished toward the top of this Cloud services
section, scoring 9.4 out of 10 points. At the other end of the scale,
countries such as Argentina 4.6 and Brazil 3.4 lack even a relevant
framework for ICT standards. Government agencies should work with
industry to accelerate standards development, where appropriate and
share user requirements with open standard setting organizations. As it
relates to E-Commerce rules, tariffs and relevant trade rules, the
Scorecard finds a great deal of consistency in E-Commerce laws, with
most countries implementing laws based on the UNCITRAL Model Law on
E-Commerce and / or the UN Convention on Electronic Contracting. Several
countries, including Singapore, Russia and Malaysia, have signed /
ratified the Convention, leading to even greater harmonization. Tariffs
and trade barriers for online software and applications are rare,
although a few jurisdictions still maintain tariffs on new technology
products that are used to access Cloud services. Promoting Free Trade
Cloud services operate across national boundaries and their success
depends on access to regional and global markets. Restrictive policies
that create actual or potential trade barriers will slow the evolution
of Cloud computing.
The Scorecard examines and compares Government procurement regimes
and efforts to remove barriers to free trade, including countries’
requirements and preferences for particular products. The Scorecard
finds that a number of jurisdictions that still provide preferential
treatment for domestic suppliers in government procurements, including
Brazil 2.2 of 10 points, China 4.8, and Malaysia 3.8. In a positive
development, Japan 9.2 points and a growing number of other countries
have become members of the WTO Agreement on Government Procurement,
which liberalizes such policies. ICT Readiness, Broadband Deployment
Cloud computing can achieve its full potential only if there is robust,
ubiquitous and affordable broadband access.
This can be achieved through policies that provide incentives for
private sector investment in broadband infrastructure and laws that
promote universal access to broadband. The Scorecard examines and
compares the infrastructure that is available in each economy to support
the digital economy and Cloud computing.
Several countries have implemented impressive national broadband
networks, including Japan 20.9 out of 30 points, Singapore 21.8 and
Korea 21.7. Major infrastructure improvements are under way in Australia
21.3 and a range of EU countries. Broadband penetration remains very
inconsistent, however, there is a risk that some countries do not yet
have infrastructure in place to take full advantage of the digital
economy and Cloud computing. Progress lags, however, in countries such
as India 8.5 and South Africa 9.4.
Cloud Computing, E-Commerce and Digital Economy can achieve its full
potential only if there is robust, ubiquitous and affordable broadband
access. |