17 September 10
EMERGING ISSUES: CLOUD COMPUTING
* * *
Note: The following is the output of the real-time captioning taken during Fifth Meeting of the IGF, in Vilnius. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.
* * *
>> ALGIMANTAS JUOZAPAVICIUS: We're about to start the session. You can all sit down please. Thank you.
Ladies and gentlemen it's my pleasure to start our meeting and to open this morning's session dealing with as you know emerging issues, and this is devoted to cloud computing. I expect in these three hours we have a fruitful discussion.
Cloud computing, imagine a world with technology on tap where people can access computing services on demand from any location without worrying about how these services are delivered and where they are hosted. We expect this vision is now becoming a reality. Cloud computing is suspected to be a revolutionary Internet based technology which enables especially small and medium businesses to enter the market without up front costs and operate entirely without with a large I.T. Department. So if we talk clouds, the first impression is, of course, afforded to us by platforms like Google apps. Nevertheless, the issues for clouds are really much more complicated, and cover broader context.
So as an emerging issue, clouds have a lot of challenges to resolve. Cloud capabilities have not been developed to meet all potential opportunities of usage. There are technical and nontechnical gaps. The vision of clouds used any time anywhere depends on advances in the design computer system, especially in distributed computer system and current popular clouds are now deliver poor performance for computers for computer intensive applications so transferring data from customers into clouds now it's expensive and time consuming and legal boundaries have not been established yet for cloud operations and critical services, and even maybe the most important is that socioeconomic implications have not been fully understood.
So clouds in relation to Internet, clouds are in the Internet and this combination with computing access to network storage and software services. So cloud systems are related also to grid computing systems, service oriented architectures. So these clouds are also, we have to have clouds, enhanced cloud security and privacy mechanisms.
And clouds so therefore, clouds are expected to be an essential and core component for development. For developing regions, for developing countries, from developing companies. As I'm from academic society I would like to mention essential experience accumulated relating to grid computing and technology.
So especially it is true for European Union, so there are many successful grids of various content and for various purposes were created and implemented, and European Union makes coordinated efforts to develop European grid infrastructure, and in addition, such effort to continue and to enhance, there are a lot of financing from Brussels and now especially the devoted to clouds also.
Because of my native country Lithuania I can mention them here, we try to play an active role here. We participate in European grid infrastructure, and let's say the next user Forum will be also expected to be in Vilnius here next year and we have some potential for grid and also for cloud computing.
So we have now five science and technology parks being implemented involving most active universities, research institutes, National and international business companies. Also we have specific National research and development programmes, and we have special Governmental measures to stimulate research business collaboration in ICT and also in respect with clouds.
And we have special career programmes for our people to be higher educated and researchers in clouds and of course in Internet technology environment. And maybe you know it was already mentioned that Internet infrastructure is quite well developed here, so coming back to clouds, I can say that there is some joke and this joke says that if you have I.T. problem too complicated, just put into clouds. And that's it.
So our session has panelists and we ask them to consider the situation with clouds how to resolve many issues and statements on cloud computing. And we have two moderators, Ms. Katitza Rodriguez, and Mr. Patrik Fältström, and our remote moderator for remote participation is Ms. Sandra Hoferichter, so I pass it to Patrik and Katitza.
>> KATITZA RODRIGUEZ: We're very happy to see you today after a very intensive and productive meeting so today we're going first to lay out the session. The session has been divided in two parts. The first part we will have 5 panelists with each of them Mr. Make 5 minute statement. After that, we will invite the remote the reporters for the feeder workshops who will provide also a 5 minute summary of the main points of their workshop, the feeder workshops of the cloud computing sessions.
There will be no discussion during this first part. During the second part, we will have a lively and engaging debate. And we have divided the session in three parts. The first part is the concept, what is the cloud and how it can be used and why or why not? Should users use the cloud. The second theme is infrastructure. Integrity, confidence in the cloud, infrastructure, and environment and the third theme is privacy, integrity, confidence in the cloud, public policy and regulation. We will explain each of these topics in the second part, so now, we are ready to start the discussion, and let me hand over the talk to our first speaker, Mr. Frank Charles Osafo from Ghana. He's from VeriCloud Ghana, and Patrina Corporation, New York, USA. Thank you.
>> FRANK-CHARLES OSAFO: Good morning, ladies and gentlemen. Let me begin by expressing my gratitude to the IGF organizers for inviting me to participate as a panelist and to commend them in particular for putting this agenda as a main event for this year's Forum. Let me also extend my appreciation and thanks to Patrik Fältström and his co moderator, Katitza Rodriguez, for their tireless efforts.
I would be remiss if I did not mention the support and encouragement that I have from the African community, and especially AFRiNIC and two of its key players, Pierre Dandjinou, and Dr. Nii Quaynor. Cloud computing is a very important subject. As evidenced by the attendance in the workshops and the interest it has generated.
Together with a few others, I'm here to represent the private sector, and while my initial address will be general, I hope to end with a strong bias toward the private sector who in my hum billion opinion are driving and dictating the economic comply mat of cloud computing. Throughout my statements I will borrow information from NIST and white papers of companies such at Cisco, Oracle and others.
I encourage you to read these materials for yourself. My aim is to be provocative, inspire critical thinking and spark dialogue. To some people, cloud is a new computing paradigm. Some believe it's more of the same old same old. To some people Yahoo!, Hotmail, Gmail and others like them are cloud computing services. Others disagree strongly. And vehemently.
No matter where you stand, though, hopefully the following may help your understanding. In simple terms in cloud computing, I.T., Information Technology, resources and services are abstracted from the underlying infrastructure and provided on demand at scale and multitenant environment. With the cloud, the whole I.T. infrastructure is programmable. This is really what is different about cloud computing. It is a continuation of what we have had in the past, but with our Internet and other technologies we are able not only to programme software but to programme the whole infrastructure. And provide that as a service. I'm going to give you some characteristics of cloud computing, and this will differ a little bit from the often quoted characteristics of NIST, where I will normally talk about on demand self service rapid elasticity, and all that stuff. Those are very well and good but they're very theoretical. They apply to the free Internet services that people are used to for consumers. There's no way anyone seriously can go to some of these multinational financial institutions in the world and tell them that you're going to provide rapid on demand cloud services to them. They don't buy services that way. You still need to do needs assessment, they've got to vet you, make sure you understand their problem domain.
So the cloud characteristics that I'm going to give you, which are the same, Information Technology from infrastructure to applications is delivered and consumed as a service over the network. Services operate consistently regardless of the underlying systems. Very important concept here. Services operate consistently, regardless of the underlying systems. In other words, we're not interested a lot of folks have been concentrating on: Where is the data? Where is what's inside the box? That is not what the cloud is. The cloud is operating, a good cloud should operate almost like a black box. It should work. For the consumer, your position is just to make sure that you are getting what is intended.
The service models that I'm going to give you, and I give you just some samples. Ladies and gentlemen, there's a cloud in action right now. I'm not sure if you've noticed but if you look around you, we have a cloud service. Ladies and gentlemen, may I present to you Google may I present to you Cisco's WebEx. This WebEx is cloud computing provided by a Corporation donated to the U.N. and this is a very complicated service providing Web conferences, video, through the cloud. That is a cloud service.
The other cloud service models are infrastructure as a service, and again the providers in the space are Cisco, unified fabric, unified computer system, and platform as a service that you have Cisco providing some things in that space. Of course, software as services is well known to most people and you have Cisco WebEx, and Google Postini. Google provide Postini email and Web services for corporate America. The private clouds, the public clouds, and again, when talking about the cloud computing, it is very important, in my opinion, in any discussion involving cloud computing, it's necessary and helpful to separate the actors, consumers from producers, individual consumers and corporate consumers.
Producers creates and provides the services, and consumers acquire and use the services. Also, most of the press reports are focused exclusively on consumer services, made possible by public clouds. In actuality, most of the money being made from cloud services is from services provided to corporate customers.
I think at this point I will just end and look forward to the rest of the discussions and we will explore some of these issues further.
>> KATITZA RODRIGUEZ: Thank you very much. Mr. Osafo. Now we have the opportunity to give the word to Mr. Luis Magalhães, President of the knowledge society agency, Ministry of Science, technology and higher education, Portugal. Thank you.
>> LUIS MAGALHÃES: Thank you very much. Well, I will address cloud computing from the point of view of public policy in this panel. My aim basically is to introduce a few threads for the discussion that we'll have later on, along 3 lines: First, benefits. Second, big challenges. Third, enabling framework.
First, on benefits. The cloud computing facilitates Information Technology support to startup companies which can start their businesses without having to invest large sums on an initial I.T. infrastructure and its management. Sustainability of this infrastructure is also a cost that frequently is difficult in market, and of course, the need for creating human resources with adequate competencies is also very difficult sometimes.
In this way, cloud computing decreases the barriers to entry for new businesses. So it can contribute to speed up innovation, and to enable innovative enterprise in locations where there is insufficient supply of human resources with the necessary qualifications. Of course, provided and this is a big "provided" there is sufficient and reliable broadband.
Well, for mature organisations, businesses, NGOs, or Government, public universities, hospitals, et cetera, the promises of cloud computing are reduction of I.T. costs and rationalization of certain supporting services by economies of scale, such as reliable security of I.T. resources and more efficient data centre share of costs.
As an analogy, I could say that cloud computing is today for I.T. what one century ago for electricity was its provision as a utility instead of are requiring a new enterprise that needs electrical supply to build its own power plant and to run it. So the idea is that they could just plug on utility, and in this sense you can be provided with services without having to have them run in your own enterprise. That's for the benefits.
Let me now go to the line on big challenges. Here I would like to use the form of posing questions. I leave the questions unanswered, because I think they could be picked up in the debate, and I think my contribution here should remain like that, even though I have some answers for the questions I'm posing.
The first: Is there a risk of market dominance by the most powerful I.T. companies? As it has happened in fact for other utilities before. Can it be a global dominance made further amplify inequalities of wealth distribution in the world?
The second question is: Does cloud computing offer of I.T. services as a utility offer opportunities for innovation as it favors large scale services with some sort of standardization? Will cloud computing contribute to the generic nature of the Internet which together with the computer was responsible for incredibly dynamic user driven innovation in the past 30 years? Or will it actually reduce Internet activity?
And the third is what are the facts of cloud computing regarding digital divide questions? As cloud computing services require broadband of considerable speed, will we exist to a situation where the main factor of digital divide will become the lack of high speed broadband infrastructure? What would be the consequences for developing countries and other deprived regions? What policies could mitigate the negative effects? Usually the introduction of powerful communication technologies reinforce the competitive advantages of attraction of precisely the most already strong centres and the best policy to compensate this is to foster the very same technologies in the more deprived regions. So the question is: What should be the policies to foster broadband infrastructure and cloud computing capacity in developing countries and the most deprived regions?
I announced the third line of thread would be on enabling frame works. I'll be very short on this, because this is the kind of thing that most of the people have already talked about. Like any enabling technology, this one brings new problems, and in this case, with a considerable complexity due to the Internet global nature, and some of them require new enabling frame works, like the need of appropriate policy and security legal framework, requirements of data and applications portability between different providers and the consumer needs in case of bankruptcy or other reasons for the business to stop providing services. Assurance of confidentiality and secrecy and the associated needs of encryption. The capacity of control over data by its owners, including transfer and deletion of data. And finally, the one thing without which none of the above could be assured: Efficient, independent auditing systems. Thank you very much.
>> KATITZA RODRIGUEZ: Thank you, Mr. Luis Magalhães. I now give the
word to Susana Sargento, assistant professor of the Department of
Electric Communication of the University of Aveiro, Portugal.
>> SUSANA SARGENTO: Thank you very much. First of all I would like
to thank the opportunity to be here on this panel, which is a great
pleasure. And second, I'd like to refer that since I'm a person from
academia, and a technical person in the mobile Internet world, I will
address some issues of this mobile world in the cloud environment. So
I hope it will be complementary to the other panelists.
So first of all, what is the mobile world?
So it is the access to the Internet, applications, communication,
through mobile terminals, such as this one, such as Smartphones, iPads,
which recently and strongly entered in the market and have a tremendous
adoption by the end users, as all of you know.
As in these mobile environments, cloud computing is even more
important. And why is it so important?
Because these devices, they have very, very limited storage. They
have very limited power, and they have an extremely high penetration in
the market. So therefore these are stimulus for placing the core
services of the devices on the clouds. So for this device it is much
more important to have the clouds out there.
So this is what is usually referred as mobile cloud computing, which
stand for anywhere, anytime, secured data access, applications, and
service access -- so to be able to use the mobile -- the clouds,
services, the cloud applications, through these mobile phones.
And users do not need technical hardware to run applications since
these computing operations are then within the clouds.
And moreover, you know that users can have -- and actually this is a
case nowadays, is that we know there are -- there is a significant
number of people that have more than one mobile phone. They have two,
three, or even more in some cases.
And so in this case these users would be able to access the services
from one of the mobile phones, from the other mobile phone, without
problems, because the service is not more in the terminal itself, but
it is in the cloud. So this kind of transparency is something that can
Just to give you some examples, so we have Dropbox and is an example
of online backup system. It was recently available not only for fixed
environment but also for in the mobile version for these mobile
But now we have other issues if we come to the mobile world, which
are the security and privacy issues. They are even more challenging
than they were before.
So one of the things is location of users. So this location could be
changing over time. As I referred, we can access terminals, so the
same user can access different terminals. So it has to be edified and
be able to use these different terminals without problems. And the
mobile terminals are in these uncontrolled environment. It's not so
easy to monitor the actions in these mobile environment. And this
is -- this makes it difficult to enforce the non0repudiation.
Some of them are privacy management. Some of them is how to provide
that in these different terminals. But also singular issues were in
the mobile environments themselves in peer-to-peer and ad-hoc
environments. So the issues already appear. Solutions are already
there for them.
But usually what happens is that every time we deal with security,
the solutions may be cumbersome. Which leads to the obvious
conclusion: What is the following?
Increase of security can lead to decrease in usability. And this is
a great problem.
So how to reach the balance, the balance between security and
usability. And the other point is could this be used as the killer
issue between the greater telcos, the operator in the cloud world. We
know operators are trying to get into the cloud world. It didn't start
with them, but they are trying to enter this world. And some of them
already did. Okay?
And they are trying to provide new services and business models. And
in a sense the application of service providers could contribute with
the communities, with the creation of applications, they could be
targeted toward of thousands of these small markets. This is very
important. Since the start of cooperation has been more common even in
Internet for many years. So the problems of network as a service or
even communication as a service are just the extension of a well-proven
model into telecoms area.
But telcos could go even further. And they could provide the
possibility to extend the data centres from the core, from these core
centres, they could extend them to the operator networks. For example,
to the access networks that are closer to the users with the most
accessed services and data.
And this could greatly increase the speeds to access the service.
And this would somehow go towards the vision of referred to yesterday
in the 154 workshop, the vision of distributed clouds and computer
This would not be so visionary as this peer-to peer vision but could
be a good step to take the cloud closer to the users.
And a last message, this could be used into developing countries into
the cloud world and try to decrease this gap that we have now-a-days in
the developing world.
>> KATITZA RODRIGUEZ: Thank you, Mrs. Sargento. Now we give it to
Kristina Irion, the Central University, member of the advisory board of
Privacy International and epic, from Germany.
>> KRISTINA IRION: Thank you. Good morning to everybody. Cloud
computing is a disruptive technology and we could hear from the other
speakers, it will change the way how we process information and that
will consequently also challenge existing regulatory paradigms. User
word records stored in the clouds require adequate, effective and
enforceable protection in order to generate the confidence for users to
take up these services. Cloud service providers have to be transparent
and accountable for their services, including modification requirements
and independent data security audits. Regulation or not regulation,
this has been very much controversial also in the workshops. The
answer to this question is do something.
As a minimum about security, privacy, interoperability, openness and
An important security concern relates to the lower threshold of
protection for undisclosed personal data in the cloud against, for
example, access by law enforcement, which pervades in a number of
European countries and in the United States. Because the date at that
is stored by a third party, law enforcement have easier means to access
this data. It is important to change this paradigm because that on the
cloud should be protected by the same safe guards against public and
private interference as is data today on our desks or on our hard
Next issue is portability and interoperability which is key to
prevent users to be looked in the given service provider and be able to
(Off mic for scribe.)
>> Can the scribe hear us now?
>> PATRIK FÄLTSTRÖM: Please continue.
>> KRISTINA IRION: Business customers can --
(Off mic again for scribe.)
>> KRISTINA IRION: So examples of such unfair commercial practices
would be that the cloud service provider is changing subsequently the
terms and conditions of the contract or that in the contract the
liability is waived for the service provider, which would be unfair as
we are going.
Another major concern is that future business models may rely on the
use of personal data of consumers of cloud services. For advertisement
or behavior targeting. It is problematic when consumers consent to the
secondary use of their personal data is almost automatically generated
when they are signing up for such services.
And cloud services or remote hosting of files is not available on a
stand-alone basis without committing to share the data.
Indeed regulation and common standards for these important issues
will be needed. In addition to working through what's international
harmonization with all stakeholders, which may take longer but its need
is compelling. I'm looking forward to our discussion about public
policy pertaining to cloud services and the consumer protection issues
>> KATITZA RODRIGUEZ: Thank you, Kristina, now we will give the
floor to Mr. Robert Pepper, vice president of global technology policy
for CISCO systems.
>> ROBERT PEPPER: We've already heard definitions of cloud and as
the first speaker said there are many definitions of the cloud. If we
think about it as a shared resource -- by the way, thank you for the
mention of WebEx. That was great. I didn't realise that was coming.
Let me speak for a moment about -- as a result of that shared
resource how cloud can be used by government users to address real
issues that they have.
So the pressures on governments which are constrained by budgets,
money, people, governments want to expand services for their citizens.
But they also need to control IT costs and operating costs. They want
to share information across agencies so that the government itself
becomes more efficient.
They also want to Drive interagency interoperability but a lot of
government IT systems are siloed, many governments, including the U.S.
government, even just as several years ago had multiple incompatible
e-mail systems. Government agencies, even within a government, have
difficulty talking to each other. But they need interoperability.
Government wants to hire top people, and retain them. But they also
have to manage budget pressures. So you have to do more, right, with
fewer but better employees and people.
You want open access to information for citizens so that you can
actually have better governance and transparency. But you also need to
ensure security and privacy.
Cloud services or shared data centre services can actually help
governments balance their needs and do it more efficiently being
smarter about using information technology resources. So there are
There are other benefits -- you know, we've already heard about the
benefits of more computing power for small business and individuals
without having to have constant upgrades of your own computing at your
Oh, by the way, all of us who either are currently or have been in
government know that the government procurement time to bye new
technology and computers is very long. You can't add new capacity and
computing power incrementally quickly. You have to put out, you know,
tenders, which is the right thing to do, but it takes time, it could be
months. In a cloud environment you can increase capacity in minutes
because you already have access through contracts to the computing
power, or you have your own data centre, and you can dial up capacity,
you can add new people instantaneously.
So that's, you know, part of the -- also the advantage of small
business. It's really using computing power on demand.
There are other efficiencies or benefits that come from efficiency
and scale. Including -- and this is extremely important -- lower
per-user energy costs. There's a lot of debate about data centres
increasing energy costs because data centres use a lot of electricity.
They have to be cooled. All of that is true.
But on a per-user basis when you have efficiencies in the data
centre, the per-user cost of not just the money but the energy
One of the things that we've been talking about this week is how do
we add the next billion and billion after that and billion after that
of people -- for users globally to Broadband services. The only way --
we already heard this, you know, that getting Broadband everywhere and
getting everybody connected is a goal. It's a goal of everybody in
this room. So it's a good thing that we have billions of people
connecting. But there are costs to do that, including energy costs.
Cloud computing and access to services through data centres and cloud
access can significantly reduce the per-user energy consumption cost.
This is very important to understand.
There are trade-offs, of course, because there will be costs in terms
of energy for the data centres. But if we're going to add the billions
of people we want to be added to the net, and we need to do it in a
smart way. We need to do it in a very efficient way.
So what is the challenge?
One of the challenges -- there's good news, bad news, is that data
centres are seen as the next generation entry into the IT business and
investment by every country, province and city. Everybody wants to
attract their own data centre. We all know this.
Problem is, if you do that, you fragment the data, the opportunities
and the efficiencies in the scale of data centres. You don't get the
efficiencies. You increase the monetary cost and you increase, for
example, the energy cost without getting the per-user decline in
It's a balancing. It's very difficult. In fact, there was a
study -- Heather Creech, from the International institute for
Sustainable Development yesterday on one of our sessions talked about a
study in Canada. One of the findings was that Canadian Universities
are not efficiently using their own clouds and data centres, and their
super computer centres, and it -- there are significant energy and
money savings if the Universities in Canada could combine their data
centres so that they could have more efficient use. And it would be a
smarter use of those centres.
So coming back finally to one of the questions that was raised, is
how do we benefit -- how do we balance these benefits and cost?
We need scale. We need the efficiency. But we also still want
diversity, we want competition, we want the distribution of these new
resources globally so that they close the digital divide, not expand
it. These are difficult questions. And that's what the discussion's
going to be about. But it's not either/or. It has to be a balance and
we have to do this in a very smart way.
>> KATITZA RODRIGUEZ: Thank you, Mr. Pepper. Now we have the
reporting session. We are inviting those who have organised our
workshop on cloud computing. The first speaker will be the report of
the workshop implications of cloud computing, Mr. Michael Katundu,
Kenya, Communications Commissioner of Kenya. ICT regulator of Kenya.
Five minutes, please.
>> MICHAEL KATUNDU: Thank you very much. Yes, I'm here to present
our report of a workshop which was held yesterday. And the workshop
was conducted by ICC BASIS and the government of Kenya on implications
of cloud computing.
The definition of cloud computing, a number of issues were raised by
the panelists. It occurred that cloud computing is basically a new and
emerging technology in computing where an organisation leases or
outsource software applications from another company, either within the
country or outside the country. Cloud computing also offers services
At the time cloud computing denotes something new. It has its
origins dating back to the early 1960s. So basically it's not a
technology revolution, but the revolutionary element is its
availability to individuals. Extending use and sharing of applications
and facilitating consumer-to-consumer interaction in new ways.
Among the positive implications for consumers and businesses, it was
also noted that identifying providers and evaluating them would be a
difficult issue of cloud computing adoption.
Using cloud computing requires basically a paradigm shift on the part
of the IT experts as well as on the part of the IT services users.
However, there are more benefits to using cloud computing than in
providing the cloud itself.
Some of the identified benefits of using the cloud include
inexpensive hardware, software, and applications, such as large capital
investments and initial take-up of the business; inexpensive labour,
again, was noted as one of the benefits; no need for software updates
and upgrades added; no headache for investing in expensive plans as
well as business continuity plans because somebody else will take care
of that across a cloud; no added headache on hardware and systems
maintenance, among other benefits; for developing countries it was
noted that E-Waste is becoming an increasing concern basically due to
necessary policies and laws. And cloud computing would be a solution
because this requires the developing countries not to invest heavily on
hardware and application, but instead use minimal IT treatments like
mobile and software.
Some of the identified challenges in the utilization of cloud
computing were limited awareness on the benefits of cloud computing;
inadequate policy, laws, and regulatory frameworks to support cloud
computing, among them privacy law, data protection laws and software.
And some concerns were how do you handle sensitive data. For example,
governments who are not protecting a lot of their data. What happens
when one loses data in the cloud, where do you go?
Do you go to your local laws or international laws for litigation?
How do you choose a cloud computing provider?
Issues of trust again were related.
How do you change from one cloud to another?
An issue of that has been a great concern.
But with the limitations again were areas of concern, indeed
developing countries, lack of sufficient power supplies and so forth.
But of course again, lack of trust, how do you trust a company with
Complicated contracts, basically laws to apply in the case of breach
of contracts. And again issues of taxation laws and so forth in case
of financial systems.
In the conclusion, it was felt that there's a need for continuous
sharing of best practices on cloud computing issues, and particularly
IGF is very good for this.
A proposal that countries interested in the cloud services of others
could negotiate bilateral Memo of Understanding, and developing
countries can also take up their services and benefit from using the
cloud, among other benefits. Again, developing countries can take
advantage of high mobile penetration. And also developing countries
are encouraged to venture in the provision of the cloud services where
possible in case of bandwidth. In regards to regulation it was felt
that lawmakers should not presume the need for new laws because cloud
is a new phrase. Intercooperation of new clouds were also related.
>> KATITZA RODRIGUEZ: Thank you.
Thank you for your beautiful smile. Now we have a second speaker.
From the workshop cloud computing for leaner and greener IT
infrastructure in government and business, Mr. Michael -- --
>> ARTHUR MICKOLEIT: Thank you, Katitza. And our working workshop
for leaner and greener governments. We discussed first of all why is
cloud on the rise with governments?
And it's basically because it helps governments and citizens to
deliver many of the services that they need to deliver. And we have
two great examples from India, a very ladies and gentlemen of the jury
country and Trinidad and Tobago. It was essential to see for a small
island developing country such as Tobago, cloud is essential to be able
to maintain and create IT infrastructures, and it's also a possibility
to do that in cooperation with other smaller states in the region.
Now, what does this mean for the environment?
And Robert Pepper from CISCO already highlighted some of the issues.
He was on our panel yesterday. Data centre energy use around the world
is one percent of global electricity consumption. In 2005. And maybe
1 percent doesn't sound too much but it will be 2 percent probably in
And it is the rise that is very -- that is something that needs to be
At the same time the cloud workshop very much highlighted that we
need to look at this issue holistically, looking at the direct impact
such as energy use or trunk waste mention bid my colleague. We also
need to look at the enabling context, the mart -- in industry sectors
to improve lifestyle and this includes the cloud.
So how this really exactly relates to the cloud is very simple. Is
that the ICT institute itself is coming up with innovative solution,
some of them we heard yesterday in the workshop. How to reduce the
environmental impact of data centres. It was mentioned that the cloud
is a very powerful strategy to reduce machines and increase the number
of users connected. And that's also because of the devices.
And the mobile devices were mentioned. I'm using a mobile device
myself, using drop box that was mentioned on the panel before.
So this is something very important to keep in mind.
But we also need wider systemic thinking to think of it out of the
box to tackle the absolute growing energy use. And we had a fine
example from the Canadian ISD, international institute for sustainable
development. It was looked at whether it's possible to locate data
centres closer to renewable energy sources and thereby power them by
renewable energy sources. This was to be financed by carbon credits,
that means a bridge is being made through the international climate
change negotiations there. And the project of the ISD has a somewhat
sobering message which is with current carbon prices such a project is
not profitable. Not profitable for these Universities in Canada to
build their new data centres and put them together closer to renewable
energy locations. And it was also highlighted by a colleague from the
Lithuanian -- are not a solution for making cloud computing greener.
So let me give you the challenge of the question to the audience.
The panel of course also. Something that we all need to think about in
the coming years as the cloud rises in its important for everybody and
especially in developing countries. The incentives to reduce the
environmental impact of today's cloud infrastructure and also of
tomorrow's cloud infrastructure which of course includes the many
emerging economies and connected devices that connected billions of
users. And this was also highly -- by our ITU speaker the importance
of having this dialogue between the already more developed countries
and the emerging economies. So what are the incentives that are needed
to create eve data centres, but also out of the box thinking such as
powering data centre, powering the cloud to renewable energies and how
can policy makers help with this?
Well, thank you very much. It was a very fine panel. Looking
forward to some of the discussions.
>> KATITZA RODRIGUEZ: Thank you. And thank you for respecting the
timing. Now we have the next workshop, engendering confidence in the
cloud and serving the questions of security and privacy.
Mr. Wilfred Gromen, general manager and technology for central
eastern Europe for Microsoft.
>> WILFRED GROMEN: Good morning, everybody thanks. The workshop was to examine the trust into the cloud and to search how this impacts especially cloud computing adoption in the developing world. It was a very diverse panel group with multistakeholders from Civil Society, business community, and representatives of I think practically all geopolitical areas of the world, Africa, U.S., China, Europe so it was a rather interesting one. Covered the definition of cloud, covered of course the risks and rewards, less money, shorter time to market, increased reliability. Risks, data protection, law enforcement request and risk of the free speech. Maybe some of the core themes we covered the first one is the big promise that cloud computing could enable the creation of a truly single market for digital services. That on a global base or within specific a geopolitical areas.
To really do that we found immediately there's regulatory issues to cope with and the biggest one is solving the sovereignty discussion around cloud computing, which jurisdiction will rule in cases of dispute or digital crime? Coverage of digital crime, what is a good strategy to combat it? Strong deterrents through civil enforcement with meaningful penalties and remedies. A legal framework, which really pushes information sharing between public and private sectors, especially sharing of technical expertise, and then of course, disability of law enforcement in different jurisdiction to team up and exchange information globally. To do that it was obvious there must be some consistent rules governing access to and jurisdiction over user data and data which may be conflicting from nation to nation.
So how to solve that and the panel had several options of one maybe an international trade agreement, a treaty of some sort, or maybe only folk sis on the cloud computing issue and not on data privacy in general so this was a concrete take away, panelists for the IGF may be facilitating this framework.
Regarding some specific comments out of Africa, our colleague from Senegal raised the possibility of convening a multistakeholder workshop study for the African countries interested in cloud computing to address their unique challenges, because they have really a question about understanding and also the confidence to embrace this technology, of which for everybody clearly the adoption is very strongly related to the whole access the debate. Mobile computing, broadband, infrastructure. Colleague from Nigeria was insisting upon security infrastructure standards and assessments by third parties. And we had our colleague from China which gave really examples how to secure the cloud infrastructure with the remarkable statement and study that in two years, 88% of the Chinese computer users will be using cloud computing.
From a user's perspective, you could summarize the call for transparency and security and privacy. Privacy and security practices of cloud providers often are not transparent. Ensure that users get better information from the cloud providers, how their data will be stored, processed and made available. And the idea that cloud providers should engage with other relevant stakeholders such as consumer groups and data protection regulators how to educate best the users on privacy and security.
And this is also an idea maybe take away, this could be a self regulatory process of the industry but maybe facilitated as the multistakeholder by the IGF. And let me conclude, there are questions from the audience try to of course drill down further on getting more confidence level. Some points were raised like, protection of intellectual property on clouds, small medium businesses are deploying software on these clouds. Can they be protected?
What in case of bankruptcy of cloud providers? And then, in fact, there was even the comment made that people think we're discussing security and privacy in cloud but if we compare with maybe even the on premise software is even less taking care about security and privacy than cloud infrastructures and then the last two conclusions: Can Governments show the necessary political will to reach these international agreements like on this jurisdiction? And will Governments allow their sensitive data or their data to be stored outside their countries?
>> KATITZA RODRIGUEZ: Thank you very much.
>> WILFRED GROMEN: Thank you.
>> KATITZA RODRIGUEZ: Thank you very much.
Perfect timing. I would like to ask those who have any questions, there are persons in the back here to my left, a person to the right. There's a paper, please make the paper and we'll call you when the discussion starts. Now we will go for our final speaker, reporter, from the workshop, data in the cloud, where do open standards fit? Mr. Pranesh Prakash, Project Manager, Centre for Internet and Society, India.
>> PRANESH PRAKASH: Thank you. There were some things that we were all in agreement about, while others were raised as questions that we would like more discussion on during that panel. I'd just like to try and sum up some of these.
The questions arose as to whether the cloud is something new to be envisioned as thus, or whether it was just a different application of existing things. While providing us with this vision about the future of the cloud, just as we use Telnet to connect to another computer, we should think about how we could connect to the cloud. And that would mean data sharing, starting computation, start processes remotely.
TCP IP treats a supercomputer and a mobile phone as protocol equals. With that idea, he questioned whether we need to start thinking of cloudlets as a future model with cloud interaction functionalities being built into multiple devices including the smallest such as small phones. To move towards this, we shouldn't overspecify when it comes to cloud related standards to ensure that they are flexible enough, and that the capacity to innovate on top of standards is maintained.
Core function of standards is to ensure interoperability. Open standards ensure that they are developed through a participatory process and that they're openly available to everyone without discrimination to implement.
Cloud platforms should thus offer developers choice in software development tools, languages, and run times. This is what we must move towards, but such standards start as protocols from the ground up, and that's a reality we must face, and before we move towards standards, we still need to work our way through many difficult issues.
Additionally one has to also deal with questions while thinking about this, about what my data really are. While my own profile information and status posts et cetera clearly are my data, what about the data about my friends that I have been granted access to? We have to keep in mind, while clouds allow for distributed storage and computing, we have software now that allows for peer to peer distribution of the storage and computing as well. Having standards encourage such ideas which are aimed at increasing user and developer control over their own data. In this regard, there were comparisons with the freedoms that the free software movement seeks to guarantee, and how in present day cloud models they are, to a charge extent, not guaranteed at all.
Also important are issues of how privacy and encryption standards are built into cloud standards themselves. With Government employing cloud infrastructure, how should they take into consideration these issues, such that they are reflected in the policies such as e government interoperability frame works that many Governments have come up with. This is especially crucial in developing countries. Importantly, our academics conducting tests for instance on interoperability of clouds? We haven't seen any. And the last point, fundamentally, we have to address questions of distributed computing and the need for redundancy and the continuity of societal memory in a sense, without compromising on privacy and end user control. And that is the challenge that we currently face.
>> KATITZA RODRIGUEZ: Thank you very much. Thank you for respecting the timing. We finish this first session. And now we're starting our hopefully a lively and engaging discussion. I give the word to Mr. Patrik Fältström. Thank you, Patrik.
>> PATRIK FÄLTSTRÖM: Thank you very much. And now it's my turn to try to get a discussion out of this. We have three different areas which we're going to divide the discussion upon, and those of you who would like to ask questions or say something, bring out a new issue, please sign wave a little bit so people with the small pieces of paper. Write clearly so we can read what you're saying. We'll get the paper and then we will ask you to go to the microphone, ask the question. The panelists but also other people in the audience and the remote participation can participate in the discussion.
After a while, I will pick up a new piece of paper and we'll swap the topic. The three areas which we're going to discuss is the concept of cloud itself, what cloud is, how it can be used, why and why not? Various arguments for the cloud itself.
Then we're going to talk about infrastructure questions, environment. Many of the issues we heard the panelists talk about.
The third area will be about privacy, integrity, confidence in the cloud, public policy and regulatory issues. To start with, the first person I would like to ask to go to the microphone is Parminder Singh from I.T. for Change. Thank you.
>> PARMINDER SINGH: I would like the panelists to comment what is the connection between cloud computing and the issue of network neutrality? As more as more data which flows on the networks is data which is connected to or affiliated to this these large companies which are involved with cloud computing, how would that relate to a possibility of the net with different content. So how do those issues go together?
And if there is a certain innovatability as I hear from many of the speeches about a lot of our computing moving into cloud computing, does it not then make it more imperative that the cloud computing or network environment is more regulated from a competition policy viewpoint and absent of critical integration. Thank you.
>> PATRIK FÄLTSTRÖM: I think the policy thing we can come back to when we go to the third area but just in general, do we have any panelists who want to say something? Mr. Osafo, please?
Doesn't the microphone work?
>> FRANK-CHARLES OSAFO: Yeah, that's a good question, and regarding network neutrality, as I've said from the beginning, I'm answering these questions always through what's going on on the ground floor, what's actually happening today. In other words, from the private sector, from businesses, those of us who are actually providing services, what we're actually doing.
So in terms of your question regarding network neutrality, one of the things I was saying before was that when it comes to business, when we describe the characteristics of cloud computing, one of your attributes actually that we do mention and that we think is a strength of cloud computing is that services are shared across multiple organisations, allowing the same underlying systems and applications to meet the demands of a variety of interests simultaneously and securely.
So a very good architectured cloud computing will have multitenancy, meaning that multiple people can reside on the network. There will be data transparency. There will be no data commingling. There's no reason why data will be commingled so that data neutrality, network neutrality is ensured in the cloud environment. I don't think frankly it's a characteristic and I don't see that as an issue, because today, we are actually implementing that for corporations who deal with more sensitive information than any individual consumer.
>> PATRIK FÄLTSTRÖM: Thank you. You can pass the microphone to your left. So you talk about both data neutrality and network neutrality as two different terms. That's interesting. We'll come back to that. Susana do you have something to say?
>> SUSANA SARGENTO: I would going to say network neutrality is something we're discussing a lot in the networking area itself and I would say that there are many people that are against, there are many people that are pro, so if the user should get not the same opportunities to get to the network, and actually for me and in my opinion, I think that cloud computing can go and I think this was the question, if they can come together and if there is some relationship between them.
I think actually they can come together, and cloud computing from one side provides this neutral access to the information, neutral access to the services and to the applications, and could one of the killer issues that really increase and really goes inside this network neutrality concept. Of course, we know that it's always possible to then differentiated services to differentiated applications.
We know before we have all the regulations, all these policies, the access will not be similar to all of them. But I think that cloud computing is one of the ways to engage in network neutrality.
>> PATRIK FÄLTSTRÖM: Thank you very much. We'd like to have Mr. Pepper would like to say something, as well? Can I ask the sound people, is it the case that the microphones on the stage is broken?
>> ROBERT PEPPER: Ah, it's back on, great. Thank you. So there are the issues of access to the data in the cloud that have already been raised but addressing the specific question about the relationship between networks and access to the cloud. Again, we can spend more time in the policy third of the discussion, but the basic principles that I think everybody agrees on and currently networks globally operate under is that and one of the principles by the way that people embrace is the open Internet which basically is about the ability to have access to any content that you want including your own content or maybe especially your own content that's sitting in a cloud. That's something that obviously you have to have access to but I don't think anybody disagrees with that. The question that you asked is, do we need new and separate regulation or related to networks because of the cloud?
I think that it's essentially the same framework, and I'm not sure that it raises new issues other than the basic principle of having access to any information that's over the net and you have access to that content. You raised the question about the whether there should be new competition regulation limiting the vertical integration of who provides and builds data centres and cloud services. I think at this point that would be extremely counterproductive because we really today don't know what the eventual model will be for cloud and data centre. You do want to be concerned if there is not the end user access through an open Internet to all of the cloud services or data services that they may want, but that's not a question that is no different than the existing questions.
To me, more importantly, the question that you ask, that you imply, is about the networks themselves, and there is a need, which is again a separate discussion that it goes back to the broadband question, the need to have managed networks, because different cloud services are going to require different network characteristics.
If I'm having an enterprise or a large data centre where I have universities machine to machine talking at very high data rates, realtime symmetric, I need a different network accessing configuration than if I'm accessing content that's already been processed and I want to bring it back so the need to have differentially managed network capacity and capabilities to match the needs of what going on in the data centres I think is extremely important. Thank you.
>> PATRIK FÄLTSTRÖM: Thank you very much. And I think what we hear here, we start to talk about both ability for users to connect to the clouds, many plural, but also maybe we should talk about later on even more the role of the cloud operators themselves and those might be separate issues, something I hear, Kristina?
>> KRISTINA IRION: Just a short remark. I'm not a technology expert, but I believe that cloud services will very much thrive the development of encryption and the use of encryption because that's how the data is supposed to travel across the networks, right? So networks as such they should not recognize what they carry because it is encrypted. If the networks would know that then encryption would be ineffective so therefore at that level, networks have to be in a way, yes, of course neutral because they have to carry this meaningless data, for them meaningless data, to the destination. Thank you.
>> PATRIK FÄLTSTRÖM: Thank you very much. By the way, to the people running the video, it was very, very good for us moderators to have the clock start on 5 minutes. If it is the case that we can get the clock started on one minute every time we change the speaker, that would be appreciated.
A little bit oh, 5 minutes there. So I'm not allowed to talk more than 5 minutes, then. Good, good, good. So.
A little bit connected to what we just discussed, we got one piece of paper from Bertrand de La Chapelle that actually is connected to both this and the later issue on regulation. Please, Bertrand.
>> BERTRAND DE LA CHAPELLE: Thank you very much, I'm the special envoy for the information society in the French Ministry. I first want to say on a personal basis I find this panel absolutely fulfilling what I expected from it, like I didn't know really the challenges related to cloud computing, and even the real definition before, and this is really highlighting the different dimensions including the feeder workshops, which is a very interesting format.
Very quickly, what I take out or I understand from the discussion, and I want to share, is first of all, I would rather understand it as the clouds in the plural, rather than the cloud. The expression "the cloud" reminds me too much of the grid that we were talking in the past and actually what we're talking about is on demand computing power from shared data centre service providers.
So it is about a multiplication of cloud computing platforms. The other thing I take out is the notion that I think Michael Katundu was mentioning. We are moving in a qualitative change that has been produced by a quantitative evolution which is making this accessible to individual users.
The next thing is, I see a distinction, and correct me if I'm wrong, between the cloud computing platforms that are serving one single user like Facebook having 40,000 computers, and service providers for a third party. And in this respect, I see a tension between as Bob Pepper said between the distributed capacity and the need for centralization for optimizing.
Am I correct in guessing that the topology of the system will be in a power load distribution like a few very large ones and a lot of very small ones distributed?
And finally, I see this as an evolution in the next stage. We had the Internet mostly around email and so on. We have the Web. And this is a third generation with virtual territories, but we'll come back to that later.
>> PATRIK FÄLTSTRÖM: Thank you very much. Very interesting questions and I actually got a followup question that is very much attached to what you said. But we have remote moderator that has something from one of the remote participants. By the way, the timing I was unclear. Can we get it started at 2 minutes please when we change each one? Sandra, please.
>> SANDRA HOFERICHTER: Hello? Yeah. Okay, I have one comment, and a question of a participant. I'd just like to read out a comment from Michael Nelson. Over the last two years, I have been to at least 15 meetings on cloud computing. Surprisingly, there has been little discussion of how cloud will enable the Internet of things. In a few years we could have 12 million devices, et cetera, attached to the net. A truly global and corporate cloud would make it much easier to use simple devices so there's a question then, how can we design the cloud in order to maximize the growth and utility of the Internet of things? This question is from Michael Nelson, visiting Professor at Georgetown University.
And there is another question, I don't know if it's good
>> PATRIK FÄLTSTRÖM: We should wait with the other one for a second because I got, on one piece of paper here, from Mohamed Jemni. Please go to the microphone. Because you ask a very interesting question here and that is we heard the terms now: Cloud computing, grid, and now Internet of things. Can you please can we get a microphone please to the centre?
>> MOHAMED JEMNI: Thank you very much. Mohamed Jemni from ATTR
Association, development technology and services in Tunisia. I would
like to thank the panelist for organising this interesting panel to
debate this new and emerging issue.
I would like to ask -- and I would like if one of the panelists can
explain also a little bit about the difference between grid commuting
and cloud computing. Grid as considered by Ian Foster, is to have
power computing as electricity power. So we don't worry where the
machines are or where we obtain the power of computing. We ask for
power of computing and we get it. And of course we have just to give
our data to be treated from a simple computer.
Many years ago to develop standards, and of course now there is a
huge amount of data and especially of middlewares. And I think a very
big project is Globus, the middleware of using grid computing. My
question: How we can use these achievements. For example, all work
done in miter ware for cloud computing is the same technology, is this
global investment by the community of researchers working -- who work
in grid computing. Can we use it for cloud computing?
And the second question, if you allow me, is about the model
economic. I know in grid computing there's many possibilities and many
kind of model economies. There's the volunteer computing, and
multiple -- the model economic and the cloud computing, how is it?
And thank you very much.
>> PATRIK FÄLTSTRÖM: Thank you very much. You were waiting.
>> SUSANA SARGENTO: Can I answer several questions?
Because there were so many.
First of all, about the question where we have clouds in the plural
and not the cloud itself. So actually this is what happens nowadays.
So we have -- so user accesses an application, an application in a
cloud. It does not know where it is, there's no idea how -- where it
is. And if it is only a cloud or interaction between different clouds,
but actually what happens and what will happen in the future is that
we'll have a different stakeholders that will have these agreements
between them. And each one of these stakeholders is providing parts of
the services. And we can think -- we can think about this cloud as
being plural, of clouds between different stakeholders with all these
agreements. And actually provide an application, we can have these
several stakeholders in hand.
For example, I gave the example of having application providers and
also telecoms in the area. So both of them providing them.
So for this -- another second part. So this was -- there was also
distributed needs for centralizing for optimizing. Actually this is
very nice and strange paradigm. Sometimes it seems opposite. But it
is not so opposite as it seem.
So basically we are somehow centralizing old information. But at the
same time it's for us -- it's distributed between different servers.
And the amount of information is so large nowadays that these two
paradigm, they are completely interrelated.
And concerning the question of how cloud really enabled the Internet
This is a very interesting question. I started this discussion with
the mobile Internet and mobile area. And what we'll have in the
Internet of things -- there are too many questions, so I don't know --
I try to answer all of them.
>> PATRIK FÄLTSTRÖM: We have two minutes still that we need to cut a
little bit because we have to do some discussions here. So if frank
Charles, maybe you can --
>> SUSANA SARGENTO: Can I finish, but what will happen in the
sensors, we'll have these small equipments. And they cannot handle
information. So yes, these users of simple devices will really require
cloud for them to work. So the cloud is really very important.
Just to finalize the difference between grid and cloud. Outside of
grid is a small part of a cloud. So with grid, what you need it for,
grid, is to have this competing resources. But now in cloud we are
doing much more than that. We are having -- sharing and storing our
data. So it's not just asking for resources for computing, it's
actually use applications from somewhere. It's actually including our
information in that somewhere.
>> PATRIK FÄLTSTRÖM: The question was this time just about cloud
computing and the application, yeah.
>> FRANK-CHARLES OSAFO: To continue with answering this question, I
think the actual grid computing, which was actually well discussed in
the book by Nicholas Karr, of Harvard business review in his
blockbuster book, the big "switch," well, the thing is grid hasn't gone
away. And I think your question actually raises some of the issues
that some of us have been saying all along. In the final analysis, the
cloud will hide the underlying infrastructure of whatever it is that's
out there. So we can still have a grid, you can have all kinds of
things, and still have -- allow people access to your system as long as
they can come there. And they don't know what you have. You can have
a grid, you can have just a simple computer.
In other words, we are dealing with a blockbuster situation. So the
grid doesn't go away. You can have grid and it -- as long as you have
people able to come to your service and your network to be able to get
applications on demand and that kind of stuff. You are fine.
So grid is just one of the many aspects of the underlying
infrastructure that will eventually go to the cloud. As far as the
Internet of things, it depends on what things are. The Internet is
also of subpoenaing. So if the things -- if you mean applications, or
what have you, that's what the Internet is. By definition Internet of
>> PATRIK FÄLTSTRÖM: Thank you. So we have -- I also -- I'm happy
to also have respondents from the floor on these questions that are --
we're not -- not only question/answer session. We do have a comment
remote from the remote participation. But let's start with Robert
Pepper, our panelist.
>> ROBERT PEPPER: This is a good example of how using the word
"cloud" confuses things. We have the cloud that we used to -- we
talked about the Internet. We said it's in the cloud. And that in the
cloud enabled grid computing, which is sharing resources across a lot
of individual computers globally. Right so my computer, your computer.
You know, through the Internet, through the quote, cloud, we can share
resources. Because none of us had enough power to do really powerful
processing. This goes to your question about topology, which is what I
want to answer.
So that's one version of cloud. Using the cloud for grid computing,
this distributed re resource. What we've already -- what we're also
talking about is when people talk about, quote, cloud computing, it's
really sometimes confusing because we're talking about sharing the
resource of a very large data centre with very, very powerful computing
We call that the cloud that because we use the same word for two very
different things, it becomes confusing. So let's just talk about that
maybe as a separate thing. Which is the shared resource.
You asked about the topology. Large data centre, small data centre.
There are going to be multiple sizes. But also there are the --
through virtualization there can be a very large data centre that is
partition the so that part of it is dedicated to a single user. For
example, a large bank. Or a government agency.
Or a transportation company.
Whereas other parts of the data centre and computing power can be
accessed -- the user -- the operator, rather, may be a company that, as
their business model they provide access to their computing power on a
shared basis by small business. But it could also reside in the same
physical location with racks of computers in that data centre.
And that's where you give to get into some of the issues that were
raised earlier -- in the virtualized world.
We also had a comment --
>> PATRIK FÄLTSTRÖM: We had a comment from the remote participator.
>> SANDRA HOFERICHTER: Yes, it was again Michael from University of
Georgetown in response to Bertránd's question. He just gives the sort
of comment. That's how we get a cloud of clouds. If we end up
disconnected, separate and national clouds, we will not realise the
full benefit of cloud computing.
And he gives a comment on another topic. Which feeds actually into
the discussion of what cloud actually is.
The grid has been a prototype allowing academics community to develop
and test many technologies being used in the clouds. So he sees
actually the grid as sort of starting point to the cloud development.
>> PATRIK FÄLTSTRÖM: Thank you very much. Do we have anyone else
that would like to comment on this?
Is anything that was still left out that you would like to comment?
Because if not, then we're going to change the topic.
So we change to the second topic here. Although I don't really think
that we really agree on -- or talk much about what cloud is, is there
anyone -- so I must go back to. Because I didn't really hear any real
discussion of what cloud is.
Frank-Charles, you started asking a bit and giving some examples of
what cloud was. Do you think you can expound a little bit on that and
be a little more provocative. Because I think people are probably
reading too much e-mail at the moment.
>> FRANK-CHARLES OSAFO: I'll give an example of actually something
that happened during 9/11 for our company, okay?
Most of you know 9/11 and -- from the U.S., the tragedy that happened
there. The thing is, though, from a business impact point of view,
9/1, which is the World Trade Center, houses a lot of big financial
corporations. And also that was the hub of a lot of connectivity,
telcos, communication and data centres of some of these big companies
or data centres.
Where the World Trade Center was destroyed. Companies came -- their
whole data centre was gone.
The disaster recovery in place trying to recover data. As many some
of them went back to IBD, disaster recovery sites. It was a mess.
Where in short, we went to our -- we just happened to be proactive,
call one of our big customers and told them, hey, we have your data.
Mean while, they have already been frustrated because they couldn't get
to the data. Well, they want their data. So what happened wee told
them, well, as far as -- if you have an Internet connection and you
have a way to get to the Internet, we can give you access to your data.
Well, some of them didn't know -- no barriers. So the question was
do you have our data?
So we send somebody there. Went there, get their connectivity, get
them their user I.D. and lo and behold they connected to our -- and we
used wireless. By the way, if we talk about the infrastructure, we use
Broadband high speed wireless as our primary ingress to our network.
We use the rest of their lines, fiber, as backup. Our Internet, our
access points actually, high speed, 100 meg to 200 meg fixed wireless.
So they were able to connect and get their data.
So guess what?
They have no data centre. Data centre is destroyed but able to get
their data. They were afloat. Today, needless to say, we are well are
the worldwide data company. So in short, that was -- that was cloud.
Big company, data centre destroyed, wake up, they could get to the
data because the cloud provider was around.
>> PATRIK FÄLTSTRÖM: Thank you very much. So we do have a comment
here. Jonathan Zuck?
>> JONATHAN ZUCK: Yes. Jonathan Zuck, association for competitive
It seems like it's worth just being a little provocative and
suggesting defining the cloud is a fool's errand. It may not be
something that's even worth doing because we don't actually know what
it's going to be in the future. We don't know what the connection is
going to be between desktop computers in the cloud or mobile computing
in the cloud. We don't know how much processing is going to happen on
servers versus client applications. We don't know that there's
actually going to be an increased demand for Broadband as a result of
cloud computing because there could be particularly in the mobile space
that distributing processing between client and server applications is
going to be designed specifically to minimize the amount of traffic
that takes place over the wires or the wireless network itself. It's
the pairing of data with processing power on servers that is really the
critical aspect of these discussions. And it's the storage of this
data and the distributed storage of that data that raises nearly all of
the public policy questions surrounding cloud computing.
Cloud computing is a marketing term. But technically speaking the
real issue from a public policy standpoint stands from the storage of
personal and corporate encrypted data.
>> PATRICK FÄLTSTRÖM: Fault Robert?
>> ROBERT PEPPER: Jonathan, I think that we can continuously debate
the term "cloud." I think what -- you're hearing, though, and I think
you agree is that there is a trend that there is more data being stored
and processed in large facilities and data centres because of the need
for large storage. Right?
Super processing power. The efficiencies that are gained. The
ability for individual users and small business to share resources on,
you know, a pay-for-it-as-you-use-it basis. A high startup cost.
There's a whole set of reasons why there's this trend to having large,
shared facilities for computing and storage.
There are business models being developed around this, including for
example in the entertainment industry. To bring movies and other
entertainment contents, sports, et cetera, closer to end users for IPC
types application, with content delivery networks. So that, you know,
the movies are stored in large server farms. Right?
So absolutely that's happening for different business reasons.
The questions then are, you know, I don't think it's as important as
what you label that as recognizing that that's the trend. It's
happening for some very good reasons. There are then the policy
questions that you've raised that flow from that. But I think part of
the discussion is recognizing that not only is this a trend, but it
actually will improve individuals' access to content and processing
that they otherwise would not have.
So in the context of the Internet governance forum, what we're here
for, it's -- again going back to what I said earlier, balancing these
benefits that are huge. And that's the trend. And then as policy
issues arise, let's think about them in a smart way to address them
going forward, not after the fact.
>> PATRIK FÄLTSTRÖM: Thank you. So we have a comment here?
You have to raise your hand. Stand up, please. The people that want
the microphone, can you please stand up so the people running around
with the mic phone see you.
>> SLAHEDDINE GHERISSI: Thank you.
>> PATRIK FÄLTSTRÖM: Please introduce yourself.
(No English translation for scribe.)
>> SLAHEDDINE GHERISSI: ...for cloud e- administration. And --
there's not a day that goes by without an announcement on clouds as
this is a strategic revolution and technology. There are new use, new
innovative services, enormous investments. And so forth.
My question therefore is this: What standard for clouds, for -- the
e-business project is used for e- administration?
What e -- what do -- administrations needs for clouds, and likewise
for SMEs? What do they need from clouds?
>> PATRIK FÄLTSTRÖM: Thank you very much. I think that was more a
question. But I know we have a comment to the previous question.
>> SUSANA SARGENTO: I have a comment to the previous question. So
it is very, very quick comment.
Which was on the uncertainty of the future and what we will need from
The only thing I would like to say is that what we can see is what is
happening today, which actually was not predicted before. So when we
see all these interactions ON social networking and this massive --
this massive localization of users. This is something that was not
And so what we can think about is what exists today and what trends
can be. For sure we have different ideas -- one or two years, but we
know that at this stage from what we see now we have cloud as a major
importance to come up with the requirements from today's society.
>> PATRIK FÄLTSTRÖM: Thank you very much. I think with that that
gives us a good bridge over to the second part of 3, which has to do
with the -- with the cloud infrastructure and some environmental
issues. I would like to start that by having a question from the --
from remote participant.
>> SANDRA HOFERICHTER: Yes. Unfortunately I can't tell you where
the participant is from. It is Paul M. His question goes to a
technician panelists. Are there architectural standards for cloud
computing? And how will several distinct clouds incorporate?
>> PATRIK FÄLTSTRÖM: Luis, please.
>> LUIS MAGALHÃES: As a matter of fact, this question has been
addressed not only by a little bit by some of the panelists before but
also in the workshops. The question of the standards, the technical
standard for cloud computing is ongoing question that has to be still
redeemed. And quite a lot actually by industry lead I think.
>> PATRIK FÄLTSTRÖM: Anyone else want to -- Susana?
>> SUSANA SARGENTO: I could add -- yes, there are at least from my
knowledge, there are already architectures and standards are being now
defined. And yes, I thought also refer in my first -- in my first --
in my statement, in my first intervention, we have now several
stakeholders that would like to enter in the world of cloud computing
and that are trying to enter the world of cloud computing. Which means
that these incorporations of new stakeholders for different parts and
requirements from the cloud is something that is being studied nowadays
and is something that is being researched.
And the standards for interaction between these different
stakeholders, I don't have an answer for it now at this stage, because
it's something that is really being thought on this -- at these times.
>> PATRIK FÄLTSTRÖM: Thank you. Frank-Charles?
>> FRANK-CHARLES OSAFO: We need to be very clear when we're talking about cloud infrastructures, topologies and stuff. We need to again separate the consumers from the producers. The requirements for consumers of cloud is very, very simple. You need a broadband access to the Internet, and you need a device that has the client software in most cases a browser that's accessible to the application. When we talk about the bulk of the toplogical and architectural designs, that false under the realm of the producers falls under the realm of the producers. The producers have to build these data centres, they have to build the virtualization system, they have to create the constructs of delivering the service so in my mind when we're asking these questions it has to be addressed simply. Are we talking about the requirements of the consumer? The person who needs to consume and use the cloud resources? Or the producer, the creator who needs to create the services?
>> PATRIK FÄLTSTRÖM: That's a good question. Kristina, please.
>> KRISTINA IRION: To the ongoing standardization efforts I did important work. Obviously we have to from a nontechnical perspective pay attention they're meeting the minimum criteria of interoperability and also openness. We know that standards can be and architecture of the clouds can have an important impact how it relate to function and it can also be used to lock in consumers and can be used to strengthen a dominant position or fend off market interest of newcomers. Therefore this standardization issues are not just about technology, it's also about policy and it's important that Governments and other stakeholders are taking part in such efforts and ensure that in the long run we're creating standards that will be keep the markets open and competitive. Thank you.
>> PATRIK FÄLTSTRÖM: Thank you very much. There is something we have to remember until the last phase of this discussion which I think would be interesting because a lot of people are all the time coming back to that it's very much is connected to the regulation and the use and responsibilities by the different players both the end user whoever is handling the connection between the end user and where the data centres and clouds are and then the clouds themselves.
So if we go back to what Frank Charles said about the needs and the requirements and connected to a very specific question about SMEs. Does cloud create any special need for SMEs compared to other players? Or are there other players who have specific needs regarding the infrastructure and more green environmental issues. Is there anyone that would like to continue on the question we got on that?
>> FRANK-CHARLES OSAFO: Is the SME a consumer of cloud services? If he is a consumer of cloud services what are his constraints? He has special needs, he has no special needs, then even big corporations would need access to the cloud again being on the ground my thing is I'm always bringing this down to the basics. We can go on and talk about SMEs and stuff but the SME is he a consumer again or is he a producer? That's what I need someone to address. Luis?
>> LUIS MAGALHÃES: I'd just like to add to the needs of access SMEs should have and the points that are raised. Now the use of the cloud by SMEs or any other users but especially SMEs would require developing competencies in these companies for the procurement process and for monitoring quality of service so they can actually deal with the suppliers. That is a different sort of competency that somehow they spare on the I.T. technologists to manage the infrastructure but they require somewhat higher level in terms of acquisition and monitoring the service.
>> PATRIK FÄLTSTRÖM: So what you're saying is that part of the skills and the needs that you talk about, Frank Charles, have to do with the actual needs that need to be expressed in a very clear way during the procurement process, and maybe the introduction of clouds is actually most visible in that by new things or do the procurement differently than nowadays before we had clouds.
>> ROBERT PEPPER: I want to go back to your question about the environmental impact as it relates for example to small medium enterprise and try to be very practical which is I actually think of the small medium enterprise as the user not a producer here. In fact what they are consciously trying to do is get out of the producer business. When they have to buy computers, they have to have their own I.T. people. They have to put these systems in place. If something crashes they have to figure out how to reboot it, they have to do the software upgrades, they have to worry about security on each device, they're producers. Unless they're in the computer business or the I.T. business that's not their comparative advantage or their business or where they want to spend their time and money so they want to become a user of computing power process. They do then they can actually shift and move to and focus on what they're really in business for. There are however the environmental benefits to them doing this, but I do not believe that that is the driver of why most of them will do it.
What would be those benefits? If they have fewer electronics, they don't have to have their own servers. They don't need as much back office or power supplies. For example, the electronic, the e waste is dramatically reduced for them. Their power consumption on site is dramatically reduced for them. So there are potentially significant energy reduction, environmental benefits, from this shift that's not, though, I don't think going to be top of mind why they do it. They do it because they want to get out of the business of being in the I.T. business and actually do the business they're in and therefore become a consumer of I.T. computer processing and those services. And that's what cloud actually and shared services give them.
>> PATRIK FÄLTSTRÖM: Thank you. I think we have a comment from remotely, as well?
>> SANDRA HOFERICHTER: Yes, again Michael R. Nelson from Georgetown University is following the discussion very intense. He likes to sort out that in Silicon Valley today many startup companies are running the whole business on cloud laptops, cell phones and maybe a coffee cup and give it to their employees and that's all they own but this assumes that all employees and customers are reliable to connect to the cloud wherever they may be.
So his question in this regard is: If only 50% of the citizens cannot connect in the cloud, will companies be able to build their company on cloud? Is 90% enough?
And another question: How much connectivity is necessary if companies are going to migrate the cloud? And last question: Can ISP be so high that they negate the cost of benefit of cloud computing.
>> PATRIK FÄLTSTRÖM: Is there anyone in the room that would like to address that? Anyone on the panel? Please, Susana.
>> SUSANA SARGENTO: These were many questions. I was trying to follow most of them. But the question, so there is the question of the access and if we have 50%, or 90%, so what is sufficiently provided to be able to access the cloud and be able to provide service on the cloud.
Actually, this is really a problem, and I think we had this discussion in one of these workshops, which means that the access is mostly everything, right? So if there is no access to the clouds, and we consider that any user company can have similar rights to access, but if there is no access to the cloud there is nothing that can be done, so I cannot have an answer on what's the percentage of requirement on access to have this system working.
>> PATRIK FÄLTSTRÖM: Thank you. Anyone else?
>> FRANK-CHARLES OSAFO: I think we have a gentleman here from Microsoft, and I would like to pose in answering some of these questions, to pose a question to him, and then I'll come back to why I did that.
And I forgot your name, please, but I know who you are. If Microsoft were to be developing the Microsoft Office Suites, Word, Excel, PowerPoint, et cetera, today, if today, Microsoft has these plans to launch that product, I believe that product would not be shrink wrapped, it wouldn't be on the desktop but it would be on Azure. Can you answer that to me?
>> BERTRAND DE LA CHAPELLE: I think you're right, and actually today already, we offer as Web apps the Office applications online. But everything has to do also with the performance of the platform so there is a kind of limited set for the online applications as they are now freely on the Web. But for Office users there will be complete parallelism for what you have as licenses on your desk and what you will have as services over the network. Not only for Office, that's for Exchange online, SharePoint online, all these things will have complete symmetry between what you have on premises and what you have services in the cloud.
>> FRANK-CHARLES OSAFO: Ladies and gentlemen, welcome to the world of the cloud. In the future, you'll have no choice because the cloud, like application development, is in the hands of the application developers. If the application is one of a kind and is only developed, delivered through cloud environment, if the only way you can use that service, you will have to find a way to connect to the cloud. So the application developers, ladies and gentlemen, will be the drivers of what goes to the cloud because if you don't have access to this service you have two choices: You either don't use it. If you want the application, you have to get access to it.
>> PATRIK FÄLTSTRÖM: Thank you. Robert, do you have a quick comment on that?
>> ROBERT PEPPER: Yeah, very quick. By the way, hello to Mike Nelson who has become obviously a virtual member of our panel. And I know he wished to have been here. Mike's point about this which is reinforced by these last two comments. This is why we need ubiquitous broadband because without that you won't have access, if you're small business or individuals or schools, to the services, the applications, the software that are going to be available over the Internet from data centres in what we're calling cloud service. It's the reason we absolutely need ubiquitous broadband, because without that you're not going to be able to participate.
>> PATRIK FÄLTSTRÖM: We have another question from the floor from Felix Samakande from DiploFoundation. Where are you? It's related to cloud computing and hidden costs. Maybe that's what you talked about different wording, please.
>> FELIX SAMAKANDE: On one hand I'm a student. On the other I'm a diplomat from a developing country. And put those two together you get a generalist on steroids.
My question is concerning the costs of cloud computing. After following the cloud computing debates and coming from a developing country perspective, my first concern is cost. The long term costs which include recurring costs, emerging costs, and especially hidden costs. Developing countries are often caught off guard by such costs, resulting in white elephants instead of projects.
Can I please get comments from the panel on what they perceive to be factors that will cause spikes in the future cost metrics of cloud computing. The factors that seem to have this potential include the cost of greening the cloud, the cost of security given the global security threat matrix, the cost of transmission given the private ownership of broadband undersea cables, and nanotechnology given the potential it has to make some new technologies today redundant tomorrow.
The second part of the question is on nanotechnology. Nanotechnology has been labeled the key technology of the century. Even the Pope expressed anxiety over some of its biotechnology applications. On the global scene, facing nanotechnology taking place that's been compared to the Oklahoma land rush of the 1800s. It's an indication of the heavy activity surrounding nanotechnology today. In the ITC environment nanotechnology has the way to change the way we manufacture, the way we process, store or transmit on the Web.
>> PATRIK FÄLTSTRÖM: Yes, thank you very much. I saw that Robert Pepper that you wanted to say something about this, was it? Or did I misunderstand?
>> ROBERT PEPPER: No, no, no. I think you went actually through those. You said what are the costs and what may be the hidden costs? You then gave us a very good list. Now, we're not going to have the numbers specifically but, this goes back to my earlier point about everybody wanting to be a host for cloud for data centre. The question is if you make those investments what are the things you need to think about? We tend to think of these costs largely as being I.T. costs, computers and processing. But when you're putting these together you have to worry about things like the energy cost, the air conditioning, the security, the civil engineering costs, the maintenance costs, the broadband connectivity costs in the long term and there's the potential obsolescence. There's a significant cost curve reduction in the technology, in processors that are more powerful and require less energy, which means they require less cooling so that new data centres are much more environmentally efficient than old data centres.
We now have data centre technologies that for example for air conditioning purposes are operating at over 90% efficiency on air conditioning, when the servers are loaded at 60%. That's a significant improvement of past efficiencies for air conditioning. It's a moving target and I think you do have to be concerned that if you make investments today, it's not stopped or locked in time. You can't look at a single point in time, because the technologies are improving, and the costs are shifting dramatically, and rapidly, and they're all in the favor of better you know, energy use, environmental being more environmentally friendly, higher powered, et cetera, but it also means that there are going to be increasingly economies of scale, so that if you make investments in small data centres you may not be as efficient and it will be more difficult to compete.
>> PATRIK FÄLTSTRÖM: Thank you. Another question that might move us into the last part about regulation and responsibilities from Cynthia Waddell. Please.
>> CYNTHIA WADDELL: Thank you, Mr. Chairman. My name is Cynthia Waddell from the International Centre for Disability Resources on the Internet. I have a quick comment about the future and benefits of cloud computing. One, we're active in the IGF Dynamic Coalition on Accessibility and Disability, and our members are very excited about the possibilities that cloud computing can bring to persons with disabilities, both in a developing world and the developed world. It is in this context cloud computing can enable user preferences of persons with disabilities and profile to be stored and then respond directly to the use of the benefits with the functionality for persons with disability to access and use ICT. So that is a point at this point that I wanted to mention. We want to ensure that interoperability continues so that we can sustain capacity building, and enable our the demographics of the aging population, of older adults and persons with disabilities to benefit from what cloud computing can bring. Thank you.
>> PATRIK FÄLTSTRÖM: Thank you. Anyone want to say something about that?
Before we really move into the third part we got a late question from Arthur, and can you please go to the microphone, get a microphone?
>> ARTHUR MICHOLEIT: Thanks. Arthur Mickoleit from the OECD. Just to get back to the hidden costs and especially the hidden environmental costs that were mentioned by the person from Diplo, which is great, and I just wanted to ask maybe one or two panelists and whoever would like to answer that, is how can incentives be created to be able to combine the long term trend of, well, data centres in developing countries? Because the cloud we're talking about, cloud computing, is not only provided by cloud computing operators in the more developed world, but we're talking about also long term trends of connectivity and data centres and so on and so forth in developing countries.
And how can this then be combined with the global challenge that is out there, which is climate change? And we talked about, of course, increasing efficiency of service and data centres but we also need to keep in mind that the absolute amounts are growing still, and how can out of the box thinking for cloud computing operators, data centres providers and maybe also for Governments be created incentives to make these data centre operations in the long term more sustainable? Thanks.
>> FRANK-CHARLES OSAFO: This is a very, very good question and good comments. In my opinion, one of the benefits actually of the cloud, because today, there are many data centres. I mean, if you count the data centres that exist in corporations, Governments, individuals, all over, I'm saying physically. If you go to at least in the U.S., if you go to most corporations and companies, they have data centres that will blow you away in the U.S. alone. And if you go even to places like Africa, where there are issues about cloud computing, one thing they don't like is today's design of data centres where they have servers using a lot of power and all kinds of stuff. In my mind, if the cloud is to really be realised, then the actuality of having very, very large data centres, so because remember, somebody said on our panel that the cloud is disruptive. The disruption lies in the fact it will change the way of current I.T. infrastructures. So through the cloud if we can eliminate a lot of the little data centres all over the world so that let's say for instance, that's one cloud provider, an assumption, one cloud provider for say West Africa for instance. Of course we need redundancies and stuff but that would be possible, that eliminates all the other little data centres, and of course, the design of the cloud data centre being a producer of course, will use virtualization and that kind of stuff and minimize power so I think the cloud actually in the long run when we actualize the dream or the hype, will actually help in reducing the proliferation of data centres today.
>> PATRIK FÄLTSTRÖM: Two more comments before we go to the third section. Let's start with a comment on cloud connection with cloud and disabilities.
>> MOHAMED JEMNI: Thank you again. Mohamed Jemni from association of human technology and human resources in Tunisia. I want to come back to the question of Cynthia about what cloud computing can bring to disabled people. I think this is a very interesting and I think cloud computing can bring many things to disabled people, and especially to allow communities to make service, new service, available for disabled people, but also, and mainly, to allow people to share efforts and to share platforms to contribute in a global way to make service available for the community. For example, to improve sign language, a platform of communication with sign languages, services for blind. And this is many tools and many applications that needs global and shared efforts, and cloud computing can do a lot for disabled people. Thank you very much.
>> PATRIK FÄLTSTRÖM: Thank you. Kristina, you had a comment as well, not on this topic but a different one.
>> KRISTINA IRION: Yes, I would like to switch back to the question how we can create incentives that such facilities will be also constructed in around the world and also in developing countries, for example. And thinking about this brings me back that apart from the usual economic incentives we have to understand that certain advantages of countries with for example low wages will not be very fruitful in this context because this is not a labor intensive server farms are not labor intensive so it's other factors where companies will invest and set up such facilities.
And since this is my topic I get back to the favor favorable conditions that a regulatory framework can create for countries to set up server farms. Here I even believe there are some factors playing an important role we have not thought about before. Because since it's a security sensitive area, such server farms will require stable political conditions in such country, and you need positive regulatory competition in comparison to other countries.
What the company would probably look for is not just the least regulatory burden but something that gives also confidence to their customers. So a regulatory level that is stable, reliable, and places a burden on, or an appropriate burden, on the service provider on the cloud service provider in terms of security, in terms of, for example, how the security will be ensured, such things can play a role here. And countries that are doing good might have a competitive advantage in the end. Thank you.
>> PATRIK FÄLTSTRÖM: Thank you. Just because we have to change the subject, with very good comments from Kristina but two panelists would like to say something. Even though the counter starts at 2 minutes I want you to stop at 1:30. Pepper, you first.
>> ROBERT PEPPER: I'll try to be very brief. Arthur, the questions about incentives for incentives for more environmentally friendly data centre. First, in the discussion at our workshop, it may have been misinterpreted by people. It was not that the costs of locating data centres with renewable energy were too high. It was the cost relative to shutting down and rebuilding existing data centres and moving them to someplace where there is renewal energy, that was where the cost was too high. Smart location of data centres where there is renewable energy going forward for new data centres makes huge sense, right? And those are the I think the incentives we want to talk about so they're two separate things. We want to not confuse them.
Secondly, if there are places that have renewable energy in one country that in a region could provide that, we don't want to have regulation about transborder data flow that could be counter productive that could prevent the sharing of data centre, because it's in one country with another, because of the fear of transborder data flow that could actually increase the environmental cost, because we do want to have shared facilities and services where there are renewable energies, energy sources. So this is a discussion for maybe the next session.
>> PATRIK FÄLTSTRÖM: Thank you, Susana you have the last word here.
>> SUSANA SARGENTO: I'll try to be very quick. I just wanted to make a point here also on incentive part. How can incentives be created to make data centres more sustainable? Business models they need to be in place but one important thing that can help is the existence of these different stakeholders, the interactions between these stakeholders, and the to make sure that these different stakeholders are really from different from different sources. For example, the application providers and the example from the Telecoms so the interaction from the different stakeholders can greatly help on the sustainability in the long term.
>> PATRIK FÄLTSTRÖM: Thank you very much. So let's move over to the more regulation, privacy, integrity questions. The questions and issues and topics and subjects we've got some notes on have to do with basically three different things. The ability to reach the cloud, the accountability of the cloud service provider itself, but also more general jurisdiction, which you already started to talk about, where the cloud service actually exists.
So let's start with the last of these, Bertrand? You talked here, can you please stand up so people see the ones with the microphone see where you are. You wanted to talk a little bit. Let's talk a little bit about the jurisdiction where the cloud service is accessed.
>> BERTRAND DE LA CHAPELLE: Very quickly, what I was surprised with earlier was the similarity between the problems that were raised in the first part of the discussion with what we had in the workshop on social media. And in particular, I want to just quote the work that the Electronic Frontier Foundation has done regarding the rights related to private data and they mention without getting into detail, the right to enlighten decisions like having transparent terms of service, the right to control your data, and also to have a control on what people you give access to your data can do with it, and the right to leave I.E. portability and things like that. It's surprising it is exactly the same kind of issues, and it's not a surprise.
The question of jurisdiction, I don't want to go in to too much detail and nail down one very important notion that I see emerging and that goes to what Bob Pepper said is virtualization. What I do sense here is the emergence of the notion of virtual territories. What is happening is that if you are a cloud service provider, you actually have data centres in very different places, and what I just want to explore is if we try to address the problem of transported data flows from the territorial base, we have a problem. If we go at it the other way around and start with the operator of the cloud operator then it becomes a virtual territory and you define the framework in this way. I could go along and I will stop but I just wanted to pick on the last comment that was made, and the notion that a good and intense but balanced regulatory framework regarding privacy, security and so on, is actually a competitive advantage is a remarkable comment. And a great relief.
>> PATRIK FÄLTSTRÖM: Thank you. We actually have an addition to what or expansion of what Bertrand just said from Mike Nelson remotely.
>> SANDRA HOFERICHTER: Hello? Okay, it's working. Yes, Michael R. Nelson is stating, we could probably spend all day talking about policy issues related to cloud computing and barely touch all the challenges. However, there's a fundamental unsolved issue that needs to be addressed soon. When I store my data on a hard drive in my home I know the policy must have such a warrant to access it. If I store my data on the same in the cloud, I don't know who can access it and what permissions they need.
So the question he's raising in this issue is: If my data is replicated in two data centres in two different countries, can organisations like FBI and NSA and the police in five different countries wiretap all my data, first? Second, how can we assure cloud users that their private data will be properly protected? And third, can we trust the global cloud? If we fail to address this question will many people and companies be unwilling to migrate to the cloud?
>> PATRIK FÄLTSTRÖM: Anyone that would like to say something about this? Frank Charles?
See, they're not going to be interested for you to say, well if the U.S. Government if you're storing data for financial information, they don't come to you and say, where is the data stored and all that stuff. All they want to make sure, when they ask for data, the data can be provided. So your security construct for the provider has to meet all the requirements that your client wants across boundaries and across states. And you have to protect the data no matter what.
>> PATRIK FÄLTSTRÖM: Thank you. We have a comment, Andrea, please. Introduce yourself.
>> ANDREA SAKS: Thank you very much, Patrik. I want to just talk about persons with disabilities' profiles. As we now know, we can take our own mobile phones with us when we move to another provider. The same thing I think must also apply I'm not worried about you making it accessible. If I'm around, it will become so. But the thing is, once we get there, and we have users who have their profiles and settings saved, and they want to move, they should be able to own that, take it with them, and be able to use it in other areas or other providers. Thank you very much.
>> PATRIK FÄLTSTRÖM: Kristina?
>> KRISTINA IRION: I think this is a very relevant intervention from the remote participant, and at the moment, this is also a clear concern because in a number of jurisdictions as I already highlight in my initial statement, there are different thresholds of protection depending on where the data is stored. If the data is stored here on my laptop the police would need a warrant to access it. If it is in the cloud they could do it without a warrant. For example in the U.S. but also in a number of European countries.
And if the trend is that consumers and businesses will use the cloud extensively to store their data, then we need of course the same level of protection because we cannot make a step back, the original purpose is to ensure due process against search and seizure by Governmental agencies, and this due process requires that there is a judicial review which legitimizes this kind of interference with my personal rights. That is one issue.
The other issue is that we will probably get back to a discussion we had already in the past that is under the heading of key escrow where local authorities will try to have an easier access to such stored information by having a chance to get to the key, to the encryption key, by having a general key that would allow them to decrypt such data, and of course, also this discussion will float back due to the internationality of cloud computing. If the data is stored in another jurisdiction, then what can law enforcement do? They can either try to collaborate by a formal means with these jurisdictions or they have a way to have access to the key and access the data as if they were the user basically, remotely.
And both of these are unresolved and at the moment if the Governments are not willing to give in, then we end up in a lower protection rather than we had before with the data on our hard drive. Thank you.
>> PATRIK FÄLTSTRÖM: Thank you very much. We have followup question here from Karmen Turk from the University of Tartu.
>> KARMEN TURK: Good morning, everybody. My question concerns the
accountability of the Claude service providers. Well, today the ISP
liability issues, especially for the intermediaries who host or provide
access to the content or user generated content is not so clear and
there is no one answer vis-a-vis liability rests, nonliability of the
What would be the position for the cloud operators and their
liability for illegal material in the cloud?
Would they be obliged to remove it or disable access to it in case of
knowledge of its existence through the -- for example from the notice
of -- or from the court order.
>> PATRIK FÄLTSTRÖM: Anyone want to say anything?
>> ROBERT PEPPER: On a number of these issues, on the liability, on
the regime for protection, this is one of the issues about the tension
between sovereignty and interoperability and conformity. So it
actually becomes even more complicated when you realise that within a
government, a single government, there may be competing and conflicting
requirements. So for example there's some governments in Europe that
require data retention for certain amount of time for purposes for law
enforcement, for lawful intercept or for, you know, a proper -- you
know, lawful reasons. While at the same time for privacy purposes they
are not permitted to retain the date at that for that amount of time.
So you even have within some countries internally inconsistent
requirements, well intentioned for separate purposes.
And what we need to be doing is thinking about how do we have sort of
more coordination and uniformity across -- even within countries and
across for interoperability not just technical interoperability but
legal interoperability. Today for example there are regimes where if
there is information on a laptop or on a computer, and another country
wants access tore that for criminal investigation, there are treaties.
The countries have to go to one another under the treaty. And under
those treaties sometimes they have access and sometimes they don't
based upon national laws.
So there's an existing framework that does not necessarily map to a
world where things are on line. That's the challenge. Right.
But there's a framework and a process to do that. And it may not be
that we need something radically new, but we just need to be aware of
where the differences are and then try to make these more consistent.
>> PATRIK FÄLTSTRÖM: Thank you very much.
Regarding conflicts of legislation, I'm looking around in the room to
see if Mr. Patrik Hiselius from Telia Sonera is here. Even if he is,
he might not like that I put him on the responsibility.
I would just like to say that there is a court case in Sweden that
has just decided to be brought up in the European court of justice
where exactly this dispute between two different legislations in Sweden
and the highest court in Sweden decided that it would actually be
brought up in the European court of justice which had to do with an ISP
given to law enforcement agencies information about who was actually
holding an IPI address.
>> KRISTINA IRION: I would like to also stress another situation we
have to be in mind when we are talking about privacy, integrity and
confidence. And that is that a cloud service provider will essentially
come something whether a we have already adopted already as an Internet
intermediary. Somebody that has services for others -- from the
Internet. As we no from an interesting workshop yesterday Internet in
the medias are usually benefiting from some sort of a safe hasher so
they are not responsible for content by others, but at the same time
there is now an increasing amount of regulation. They have to face in
order to pursue important public policy objectives like the protection
of children or the prevention of criminal activities.
Now, imagine the cloud service provider with all this nice data. Of
course there will be some sort of incentive for governments and law
enforcement agencies to find ways to use this cloud service provider as
a vehicle to do either preventive measures or to use it for
Sometimes without having a clear case but simply as a preemptive
measure to look whether there are information on child pornographic
content, whether there are information on missing children, whether
there are information about terrorist activities. That will all come.
The same questions we have already today with other hosting services
will roll on this topic as well.
>> PATRIK FÄLTSTRÖM: Thank you very much. To continue on this
topic, we have a question from Obed Bapela, member of the Parliament in
>> OBED BAPELA: Thank you, moderator. I think some questions were
answered, but just this one: Where I didn't hear any response from the
In relation to the contractual obligations in terms of if I'm no
longer hit with an X service provider and I want to move to another,
will I be able to move?
And then obvious, what will be the contractual obligations in that
Second one is the issues of liability in the context of should I have
an information that I store, that cloud computing and it so happens
that it leads to my competitor -- in a very competitive market and they
start utilizing my information; will I be able to sue the service
provider and what are the issues there?
If those issues could also be responded to.
Thank you very much.
>> PATRIK FÄLTSTRÖM: Anyone that would like to say anything maybe I
actually have a follow-up question that we might also see whether it's
We have -- I'm sorry, I have a hard trouble pronouncing this. Mwende
Njiraini, from the communications commission of Kenya.
Can you stand up, please?
There you are.
>> MWENDE NJIRAINI: Okay.
>> PATRIK FÄLTSTRÖM: Please say your name so I learn myself how to
pronounce it. What it sound like.
>> MWENDE NJIRAINI: It sounds-like Mwende Njiraini.
My question is with regards to developing countries, listening to the
panelists I have discovered that possibly developing countries do have
an opportunity with regards to cloud computing. So the developing
countries have limited finances and technical skills to run cloud
computing services, developing countries have an excellent opportunity
to have cloud computing used for development. They could possibly
offer residents for cloud computing providers. As they have large
access to renewable energy as well as large tracts of land where
there's limited provision of physical locations.
So I in my perspective is that there's need to strengthen policy and
regulatory as well as legislative provisions in privacy and data
protection, with regards to providing a residence for cloud computing
providers in developing countries.
>> PATRIK FÄLTSTRÖM: Thank you. Anyone on the panel that would like
to say anything about this?
>> FRANK-CHARLES OSAFO: Personally coming from Africa I have a deep
interest in what we do there. One of the things that has hampered our
movement into technology of cloud computing -- cloud computing is
something we should be embracing. Unfortunately as was just said by
Robert and a few here, the driver for cloud is really Broadband. Think
about it, we're trying to put some applications that heretofore have
been put on land-based networks that are very close to on premise. On
premise application delivery systems.
To have the same type of response would require Broadband.
So if governments would spend the efforts, use the amounts of power
to make sure that they build those infrastructures in terms of fiber
connectivity and high speed connection to our international alliance,
then all these things become almost a no-brainer. Because again, we
obviously will tend to be more of consumers than producers.
But that doesn't mean that we have to be not embracing the cloud. If
we are the Broadband, the companies in Africa -- and one of the things
that we need to do is be aware of what other people are doing across
For instance, I have been involved through Vericloud of providing
cloud applications to some of the companies in Ghana. And they're
providing as we speak some serious services on their systems. Where
obviously they are kind of concentrating just in Ghana. So it would be
good eventually for you guys who are here to make sure you make contact
with the rest of the community. So you guys can compare notes.
>>LUIS MAGALHÃES: On improvements of connectivity, concentrated IT
thrives on improvement of CPU power. And these things change along
time. And in a certain extent they are not absolutely predictable in
terms of future.
So now we see an opportunity with cloud computing because we have
seen far improvements in connectivity that bring that possibility.
In terms of competitive opportunity to enter that sort of service and
market, it is extremely important of course to be able to compete on
connectivity as well. And that's not just to have Broadband. It's a
bit more than that. And as a matter -- as a matter of fact, the
situation regarding the opportunity that developing countries -- you'll
have to participate either as users or suppliers on these type of
computing. Has a lot to do with the capability that can be achieved in
terms of available high speed Broadband, low cost, and constantly ready
And low cost is of course extremely important as well here.
So I think these factors are very important to consider.
>> PATRIK FÄLTSTRÖM: Thank you. So the next question -- next we --
we unfortunately cannot receive any more questions. So we have two
more issues to bring up before we close the session. The first of
these two from Omar Monieb, from Egypt, where are you?
>> OMAR MONIEB: Thank you. Thank you for the opportunity. I'm
Omar from the Egyptian ministry of foreign affairs. I would like to
raise the question of clouds from the law enforcement point of view. I
mean, as consumers, we are all concerned about our privacy. I
personally wouldn't want to put data on the cloud and then know that
someone is checking the data whether the government or someone else.
But from a law enforcement point of view, I mean, we -- I know the
question was raised before, but how do you make sure that data or
information stored on the cloud is not used in illegal activities and
by criminal groups or terrorist organizations or even for child porn or
you know some of these issues?
Another thing that was raised in one of the workshops yesterday is
that how governments could use the cloud actually to store critical
information like medical records so if you are storing for example
medical records in the cloud and the cloud is attacked or -- who is
responsible for providing security for that?
Is it the government that is storing this critical information on the
cloud? Is it the cloud provider?
If this information or if this data is attacked or violated in a way,
what, do you sue the service provider after the damage is done?
I mean, I think that's a question that needs to be considered. Thank
>> PATRIK FÄLTSTRÖM: Thank you very much. And anyone would like to
>> KRISTINA IRION: On a -- problem mat particular, what kind of
governments would be willing to store on the cloud. So your question
hits the core of the problem. But we had already discussed yesterday
in the workshop that probably governments will have to classify their
files according to whether government records can be stored in a sort
of public cloud or have to be put in a private cloud because they are
confidential or highly sensitive. And need to also stay within the
boundaries of a given country. It's certainly not likely that many
governments of the world would be happy and agree that sensitive data
of the government activities and also of their citizens are stored
abroad. That is obviously a little bit in contradiction with the whole
notion of a global cloud. But security concerns and the concerns about
how you can later hold a cloud service provider accountable and how you
can ensure that certain standards are adhered to might lead to a
situation where sensitive government records will not go abroad.
>> PATRIK FÄLTSTRÖM: Susana?
>> SUSANA SARGENTO: I'd just like to answer these and some other
questions from the technology point of view. There are several
questions on privacy. So what happens if my data is accessed by the
criminal organizations. But what happens if my data is accessed by
someone that I would -- I don't like to have. Someone -- a point from
Kristina on the private and public clouds.
We can also have different levels of encryptions if we consider
technological point of view. So the data -- respecting to which data
we are talking about and how sensitive the data is. So these different
level encryptions can be applied.
What needs to be thought also is what is the compromise between the
complexity of doing this and the actual level of sensitivity of the
So this is just to make sure that you are aware that these solutions
exist. It is just a matter of how complex they are and which kind of
solutions should exist for the different kinds of data.
>> PATRIK FÄLTSTRÖM: Robert Pepper?
>> ROBERT PEPPER: Not only do these solutions exist, they're being
used. Today for example the healthcare example I think is a very good
one. Governments today have electronic records that they are storing
on data centres that they can share with other -- for example, the
Veterans Administration in the United States. They have hospitals
across the country. They have one of the most advanced medical records
They are already storing medical records in data centres in what we
could call a cloud. It's a private cloud. It can be accessed by any
doctor, any nurse who is authorized in any of the hospitals. Right?
They're doing it today. They are doing it with levels of security.
These are not new questions. The questions become more complicated
when we're talking about resources that are shared publicly. It
becomes more complicated when the resource, the data centre, through
virtualization has some private clouds, private space and then
partition for more public spaces. And that becomes more complicated to
make sure that the configuration, that the technology, that the way it
is implemented maintains the security at the level that is set and
And there's some information that is intended to be completely public
access and transparent. So it's the various levels. And this is not
new, it is happening.
In terms of the questions that you also asked about, you know,
potential bad content. Again, this is not new. There already are
existing law enforcement mechanisms to require, for example, access to
information in a country that is illegal information. The more
complicated questions or the one we were talking about several minutes
ago is with the trans jurisdictional. What happens if there is content
that is being sent to Egypt that's illegal in Egypt but it's residing
from a data centre in another country?
That also is not something that's entirely new. We already have
So there are precedents. It just becomes more complex.
>> PATRIK FÄLTSTRÖM: Thank you. I would like to give -- before we
hand back over to the share, I would like to give the last word to
Katitza Rodriguez, our co-moderator.
>> KATITZA RODRIGUEZ: There is one comment from remote moderator.
He wants to make the comment, the digital process coalition in the
United States, a multi state holder coalition composed by -- leading by
the centre for democracy but also conformed by other civil societies
like the electronic frontier foundation, the ACLU, and the business
sector. For instance Microsoft, Google, AT&T. And they are trying to
reform in the United States the electronic communication privacy act in
order to bring back to the 20th century this law. What is trying to
give is that data that this is stored in the cloud have the same level
of -- in the cloud has the same level of protection that the data that
is stored in your home, in your office. Which means that they need a
court-approved order and a reasonable grounds to access to that data.
This is to give the rights check and balance and avoid abuse of power
from law enforcement agencies. Thank you.
>> PATRIK FÄLTSTRÖM: Thank you. And with that I would like to hand
back the floor to our chairman.
>> ALGIMANTAS JUOZAPAVICIUS: Thank you. So just closing remarks. I
would like just to say just a few ones, what I saw and what I listened
And I follow the discussion very carefully. And it follows from the
discussion that cloud computing is really an important issue. So this
is of course a trivial sentence.
Many ways we are set on clouds. And it looks like more words will be
said on cloud in the future. Effective actions for customers, for
companies and for countries.
And we discussed here what is cloud, and some action in this way is
identified. And I like mentioning like efficiency and independent
auditing systems for clouds, transparent access to clouds from --
especially from viable terminals which will give the power to clouds
computing and to clouds here.
Also some risk we have identified, like danger for domination clouds
by big companies; and also its social issue, increasing digital divide.
Procedures needed. It looks like in some cases we need -- clouds
need killer applications, and in many cases it needs business models
Also policy, public policy. So I see that many benefits is to
degrees for SMEs and also enabling and also for entering to the market.
So really this is a social issue, and I hope it will work, maybe.
As for infrastructure -- having an environment so they will set
architecture standards for cloud computing, is needs, interoperability
standards, and cloud computing and services which do not depend on
underlying infrastructure. And also connectivity to migrate to clouds.
So other includes also SLAs, service level agreements, in
communication; and what is also good feature is that it looks like cost
for cloud computing, they are shifting dramatically.
And for privacy issues, I would like to mention here that -- as
always -- security problems were raised, and attention to security is
getting even higher.
And efforts to secure our data and computing procedures, it looks
like, are getting more complicated.
So this is impression which was made to me.
From social point of view also I see that there are some governments
which are moving quite rapidly to cloud infrastructure, and some
So -- and the value for our discussion, I see that participants of
this forum will answer this process for more rapid development of
clouds, especially for academy, for public sector, for businesses. And
here also was mentioned connection to -- of clouds to grids and to
Internet of things.
In grids really there is a lot of experience accumulated and to know
about it and to use it. And for Internet of things, I -- this is my
opinion, private opinion, that maybe Internet of things will be the
emerging issue in forums to come.
And in the last word, it has been a pleasure to chair this morning's
session, and I would like to thank very much, Sandra, Katitza and
Patrik for having done an excellent job in keeping the session moving
so smoothly. And also I would like to thank panelists for also these
are very good discussion and very good answers and very good
observations. Thank you.
>> PATRIK FÄLTSTRÖM: We had some thing from Sandra on how many
people participate remotely, I think.
>> SANDRA HOFERICHTER: I want to point out the session was a great
progress in terms of remote participation. We had seven hubs
participating all over the world, beginning in Toulouse, Jakarta,
Philippines, West Africa, Cameroon, and up to five participants in
their personal respective -- I think the participation over there was
not even in terms of questions coming in very active, but also I could
find out on the chat room here that they were following the discussion
and had their own active discussion in their respective countries about
their respective topic. So I think this was a quite progress for the
remote participation itself.
* * *