Cloud computing

Tissa Jayaweera, Chairman, International Chamber of Commerce Sri Lanka

The International Chamber of Commerce sponsored Business Software Alliance (BSA) study, Global Cloud Computing Scorecard was analyzed and prepared by ICC Germany. BSA Global Cloud Computing Scorecard ranks 24 countries accounting for a total of 80 percent of the global ICT market, based on seven policy categories that measure the countries’ preparedness to support the growth of Cloud computing.

Cloud computing marks the next contribution that software and computing technologies will make toward greater productivity and expanded economic growth. In small and large enterprises, as well as government offices around the world, Cloud computing provides initiatives that countries can and should take to ensure that they reap the full economic and growth benefits. It is well established that each of the individual elements of Cloud computing is critical to economic growth and job creation as the Cloud provides a positive multiplier opportunity. Executing on these policies will promote innovation. Cloud computing will ensure that innovation is fully harnessed and realized. There is a sharp divide between advanced economies and the developing world when it comes to Cloud readiness. Japan, United States and European Union, have established a solid legal and regulatory base to support growth of Cloud computing. This is significant because, full benefits of a global Cloud computing environment require a broad network of effective laws and regulations.

Potential efficiencies and economies of scale enabled by the Cloud truly take hold through effective laws and regulations. Cloud ready legal and regulatory environments of these countries provide models for those in the bottom half of the Cloud train including India, China and Brazil. These regulatory environment models take on additional importance when growth of the bottom half countries takes place.

As millions of new consumers and small businesses around the world gain access to an Internet enabled environment, the global economy will gain and grow most when they have the full power of the Cloud at their fingertips. Such access, though, will require significant legal and regulatory reforms.

Cloud computing is not any one thing. It is a mix of software enabled resources and services that can be delivered to the user on an “as needed” basis. As the United States National Institute of Standards and Technology puts it, “Cloud computing is a model for enabling ubiquitous, convenient, on demand network access to a shared pool of configurable computing resources, networks, servers, storage, applications and services that can be rapidly provisioned and released with minimal management effort or service provider interaction”. What is more important and more understandable are the economic and social benefits inherent in Cloud computing. For small and large businesses, governments and consumers, it equalizes access technology. It allows individuals to enjoy the benefits that large users have long enjoyed, opening the door to vastly greater enhancements in efficiency, productivity and competitiveness for businesses in the global marketplace. For governments, Cloud computing presents a twofold opportunity. The chance to improve productivity and citizen engagement through IT procurements as well as the benefit of encouraging economic growth, sustainable job creation, higher wages and standards of living by encouraging the IT economy.

Cloud computing is a technological paradigm that is certain to be a new engine of the global economy. Attaining those benefits will require governments around the world to establish the proper legal and regulatory framework to support Cloud computing. The economic growth predicted to flow from Cloud computing and the resulting transformation of both businesses and national economies is predicated on the proper policies being in place.

The success of Cloud computing depends on users faith that their information will not be used or disclosed in unexpected ways. At the same time, to maximize the benefit of the Cloud, providers must be free to move data through the Cloud in the most efficient way. Users must be assured that Cloud computing providers understand and properly manage the risks inherent in storing and running applications in the Cloud. Cloud providers must be able to implement cutting edge cyber security solutions without being required to use specific technologies.

In Cyberspace, as in the real world, laws must provide meaningful deterrence and clear causes of action. Legal systems should provide an effective mechanism for law enforcement for Cloud providers themselves, to combat unauthorized access to data stored in the Cloud. In order to promote continued innovation and technological advancement, intellectual property laws should provide for clear protection, vigorous enforcement against misappropriation and infringement of the developments that underlie the Cloud. The smooth flow of data around the world as with between different.

Cloud providers require efforts to promote openness and interoperability. Governments should work with industry to develop standards, while also working to minimize conflicting legal obligations on Cloud providers.

By their very nature, Cloud technologies operate across national boundaries. The ability of Cloud to promote economic growth depends on a global market that transcends barriers to free trade, including preferences for particular products or providers. Cloud computing requires robust, ubiquitous and affordable broadband access. This can be achieved through policies that provide incentives for private sector investment in broadband infrastructure and laws that promote universal access to broadband. The move to the Cloud and capitalization on its benefits across the board is inevitable and an urgent task lies ahead for governments. To obtain the benefits of the Cloud, policymakers must provide a legal and regulatory framework that will promote innovation, provide incentives to build the infrastructure to support it and promote confidence that using the Cloud will bring the anticipated benefits without sacrificing expectations of privacy, security and safety.

The first of its kind BSA Global Cloud Computing Scorecard ranks 24 countries accounting for 80 percent of the global ICT market based on seven policy categories that measure the countries’ preparedness to support the growth of Cloud computing. This unprecedented insight into the laws and regulations of markets around the world provides a window into which countries are best poised to capitalize on the technological and economic benefits of Cloud computing.

All countries, regardless of their level of economic development, could benefit from coordinated policy responses for the government and the public to fully benefit from Cloud computing.

Among findings, the Scorecard reveals that while developed nations are more “Cloud ready” than developing economies, troubling obstacles emerge when examining the lack of alignment in the legal and regulatory environments in many of those advanced countries. A healthy national market for Cloud computing does not necessarily translate into a market that is “in harmony” with the laws of other countries in a way that will allow for the smooth flow of data across borders. It is this kind of harmony that is needed to advance the growth of Cloud computing at the level that will allow it to truly take advantage of its global efficiencies. As in broader measures, the Scorecard finds two worlds exist when it comes to Cloud preparedness.

Advanced economies like Japan the Scorecard’s top finisher have laws and regulations that promise to support the development of Cloud computing. Less developed economies, such as last place finisher Brazil, face several challenges when it comes to fully capitalizing on the economic benefits of the Cloud. Further, countries on both sides must be vigilant not to take steps that would hurt their chances of growing the Cloud market. Already many countries plan new laws that will help them advance in the digital economy. New privacy laws of Mexico, have the potential to advance the country’s score. Others, such as the proposed Data Protection Regulation in the European Union, which has the potential to undermine its benefits with new, overly prescriptive rules, threaten to undermine the economic advances that a truly global Cloud can provide.

Those interested in advancing Cloud computing can find a model in Japan.

The country is the leader in Cloud readiness and easily topped the Scorecard rankings. Japan has a comprehensive suite of modern laws that support and facilitate the digital economy and Cloud computing, from comprehensive privacy legislation that avoids burdens on data transfers and data controllers to a full range of criminal and IP law protections.

Further, Japan is a leader in the development of international standards related to Cloud computing and the country is working to provide all households with high speed fiber broadband connections in the next three years. Perhaps fittingly, the countries with the most room for improvement are those countries where ICT sector growth will be most dramatic in the coming years. Consider China, for example, according to research firm IDC, the size of China’s ICT sector is expected to nearly double between 2012 and 2015, going from $ 221 billion to $ 389 billion. International companies, confront several obstacles to growth in China, including extensive regulation of Internet content and the continued promotion of policies that discriminate against foreign technology companies. The scorecard is a snapshot of the current legal and regulatory regimes in the countries examined. Already, countries around the world are moving to adapt their laws and regulations to help boost Cloud computing. Some of these for example are, new laws on privacy in India, Korea, and Mexico, while other reforms are expected in the coming months and years. Finally, countries must take care not to adopt new policies that inhibit the development of the global Cloud economy. Some countries are placing geographic restrictions on data and considering other limits on outsourcing of work or off shoring of data. Germany, for example, is a country that scores well in the initial Scorecard, but it threatens to undermine the advantage with over restrictive legal interpretations to keep some data within national borders. It is also clear in most categories that numerous issues remain to be addressed and that all countries, regardless of their level of economic development, could benefit from coordinated policy responses for the government and the public to fully benefit from Cloud computing.

The Scorecard examines major laws and regulations relevant to Cloud computing in seven policy categories as well as each country’s ICT related infrastructure and broadband deployment. These policy categories align with the BSA’s Cloud Computing Guiding Principles, which underpin the Scorecard’s analytical framework and its suggestions for providing a workable framework to allow for the growth of Cloud computing.

The Scorecard examines data privacy regulation and the presence and structure of privacy regulators in each jurisdiction, also examines registration requirements for data controllers and data breach notification requirements. The Scorecard reveals that most countries have data protection laws in place and have established independent privacy commissioners. Many of these laws are based on a mix of the OECD Guidelines, EU Directive or APEC Privacy Principles. Unfortunately, registration requirements for data controllers or data transfers may act as barriers to the take up of Cloud services. Such requirements are common in some countries, including requirements for registering cross border transfers in some EU countries. Korea, which replaced its patchwork of privacy protections with modern and comprehensive legislation in 2011, scored 9.3 out of 10 available points to top the Scorecard’s rankings in the privacy section. At the other end of the spectrum, South Africa finished with 2.8 points.

The Scorecard also reveals substantial pending data protection law reforms, with major reviews and proposals in China, European Union, India, Singapore, South Africa and United States. This is an area of rapid legal development. Unfortunately, some key jurisdictions, including China, India, Indonesia and Singapore do not yet have any substantial data protection laws in place. Such developments are important because Cloud users will fully accept and adopt Cloud computing only if they are confident that private information stored in the Cloud, wherever in the world, will not be used or disclosed by the Cloud provider in unexpected ways. National privacy regimes should be predictable, transparent and avoid unnecessarily burdensome restrictions on Cloud service providers such as registration requirements for data controllers and cross border data transfers. Cloud providers should be encouraged to establish privacy policies that are appropriate for the particular Cloud service they provide and business model they use.

Consumers of Cloud computing and other digital services, including private sector and government users need assurance that Cloud service providers understand and appropriately manage the security risks associated with storing their data and running their applications on Cloud systems. The Scorecard examines whether security criteria and the ongoing testing of security measures are the subject of regulation in each jurisdiction. The Security section also examines electronic signature laws and Internet censorship or filtering requirements. Japan tops the Scorecard’s security section with 8.4 of the 10 available points; Thailand’s regime, on the other end of the scale, nets just 1.6 points. The Scorecard reveals that most countries do have clear, technology neutral electronic signature laws.

In addition, security requirements are in place in most jurisdictions and security audit requirements were generally absent. A number of countries, ranging from advanced markets like Korea 6.0 points on security, to developing countries like India 4.4, have implemented Internet filtering or censorship regimes that may act as a barrier to the expansion of the digital economy and Cloud computing. Some regimes regulate criminal conduct, including distribution of illegal material, particularly child pornography.

However, a number of filtering or censorship schemes appear to include a strong political element, they regularly block sites that express political dissent. China, for example, restricts access to online content under a large and complex legal and technical regime that invokes the protection of national security and social order. This factor played a significant factor in China scoring just 2.0 points in the security section.

As Cloud computing involves the aggregation of massive amounts of data in large data centers, it creates new and highly tempting targets. As criminals turn their attention to these vaults of information, it will become increasingly challenging to protect such data centers from both physical and cyber attacks. Governments should ensure that domestic laws provide an effective mechanism for law enforcement and for Cloud providers themselves, to combat unauthorized access to data stored in the Cloud. BSA examines these issues as well as rules relating to investigation and enforcement, including access to encrypted data and extraterritorial offences. The Scorecard finds that “most countries have either computer crime legislation or cybercrime legislation and many laws are broadly compliant with the Convention on Cybercrime.” Many countries in the study,

EU members, Japan and United States have signed the Convention and several other countries are considering signing. Australia and Mexico are close.

Unfortunately, a few key jurisdictions still have gaps and inconsistencies in their cybercrime laws. Canada, for example, signed the Council of Europe Cybercrime Convention in 2001, but it has failed to ratify the Convention for more than a decade. While the country has a comprehensive computer crime law in place, it lacks essential online investigation and enforcement tools, while Japan, Germany and France scored a perfect 10.0 points in the cybercrime section, Canada trailed 6.2 points.

BSA examines rules on investigation and enforcement, including access to encrypted data and extraterritorial offences. There is a greater divergence in results in these fields. Intellectual Property Rights Providers of Cloud computing and digital economy technologies and services, as with other highly innovative products, rely on a combination of patents, copyrights, trade secrets and other forms of intellectual property protection. To encourage investments in Cloud R&D and infrastructure, IP laws must provide strong incentives for these investments, clear protection and vigorous enforcement against misappropriation and infringement. Online intermediaries should have incentives to behave responsibly and they should enjoy safe harbors from liability when they do so.

The Scorecard reveals that countries are moving toward a consistent approach on many key rights and protections. Gaps exist, however, in the IP laws of key jurisdictions, including Canada, India and Thailand. Russia, which finished in the 16th in the overall Scorecard rankings and far back in the IP section with just 8.4 out of 20 available points, serves as a prime example. The country was slow to make any progress on its bid to join the Agreement on Trade Related Aspects of Intellectual Property Rights, or TRIPS Agreement over several years. This and other holes in the country’s IP regime could expose Cloud computing services to risks. BSA also examines investigatory and enforcement approaches, where there is a wide diversity of approaches and significant inconsistency. Concerns also exist about the enforcement culture and resources available in some jurisdictions. Even countries with up to date IP laws sometimes fail to enforce these laws and piracy rates remain high in many jurisdictions.

Support for Industry Led Standards and International Harmonization of Rules Data portability and seamless use of interoperable applications are key considerations for Cloud computing and digital economy applications.

Consumers are demanding interoperability in the Cloud computing space and industry is working hard through standards development organizations and other international avenues to meet this demand. Government support of these efforts is important. The Scorecard examines whether or not governments encourage standards to be developed through voluntary, industry led standards processes. It also examines international harmonization of E-Commerce rules, tariffs and relevant trade rules. The Scorecard reveals that governments take an inconsistent approach to standards development and that many ad hoc decisions are made in the absence of national frameworks and policies. Many countries have well established frameworks for standard setting and United States National Institute for Standards and Technology is carefully eyeing Cloud computing. United States finished toward the top of this Cloud services section, scoring 9.4 out of 10 points. At the other end of the scale, countries such as Argentina 4.6 and Brazil 3.4 lack even a relevant framework for ICT standards. Government agencies should work with industry to accelerate standards development, where appropriate and share user requirements with open standard setting organizations. As it relates to E-Commerce rules, tariffs and relevant trade rules, the Scorecard finds a great deal of consistency in E-Commerce laws, with most countries implementing laws based on the UNCITRAL Model Law on E-Commerce and / or the UN Convention on Electronic Contracting. Several countries, including Singapore, Russia and Malaysia, have signed / ratified the Convention, leading to even greater harmonization. Tariffs and trade barriers for online software and applications are rare, although a few jurisdictions still maintain tariffs on new technology products that are used to access Cloud services. Promoting Free Trade Cloud services operate across national boundaries and their success depends on access to regional and global markets. Restrictive policies that create actual or potential trade barriers will slow the evolution of Cloud computing.

The Scorecard examines and compares Government procurement regimes and efforts to remove barriers to free trade, including countries’ requirements and preferences for particular products. The Scorecard finds that a number of jurisdictions that still provide preferential treatment for domestic suppliers in government procurements, including Brazil 2.2 of 10 points, China 4.8, and Malaysia 3.8. In a positive development, Japan 9.2 points and a growing number of other countries have become members of the WTO Agreement on Government Procurement, which liberalizes such policies. ICT Readiness, Broadband Deployment Cloud computing can achieve its full potential only if there is robust, ubiquitous and affordable broadband access.

This can be achieved through policies that provide incentives for private sector investment in broadband infrastructure and laws that promote universal access to broadband. The Scorecard examines and compares the infrastructure that is available in each economy to support the digital economy and Cloud computing.

Several countries have implemented impressive national broadband networks, including Japan 20.9 out of 30 points, Singapore 21.8 and Korea 21.7. Major infrastructure improvements are under way in Australia 21.3 and a range of EU countries. Broadband penetration remains very inconsistent, however, there is a risk that some countries do not yet have infrastructure in place to take full advantage of the digital economy and Cloud computing. Progress lags, however, in countries such as India 8.5 and South Africa 9.4.

Cloud Computing, E-Commerce and Digital Economy can achieve its full potential only if there is robust, ubiquitous and affordable broadband access.