Two important global events are garnering much attention: the upcoming Winter Olympics and December’s global forum on climate change in Copenhagen.
A lesser known but nonetheless crucial gathering was held in Egypt in November. The latest round of the Internet Governance Forum took place in an effort to update rules and frameworks of understanding for how we govern ourselves in an increasingly virtual universe. If you missed the mainstream media coverage, you are not alone – there wasn’t any.
Does this matter? Cybersecurity experts are united in the view that security breaches are on the rise. In November the American news program, 60 Minutes, aired a dramatic piece on the perils of cyber-terrorism, and just how vulnerable countries are to attack. (Perhaps responding to the same messaging within his Administration, it should be noted that President Obama gave a speech around the same time, acknowledging such risks and promising greater action).
In Canada during that same month, many folks in B.C. were victims of a widespread debit card scam, while an audit by the federal privacy commissioner warned of the potential for innocent people to be inappropriately tagged as persons of interest through the integrated efforts of federal agencies to mine vast quantities of financial transaction data.
All this as context for the advent of so-called cloud computing, recently defined in an exhaustive and very readable report by American academic David Wyld as “computing services delivered over the Internet, on demand, and from a remote location” (as opposed to traditionally being housed within your own computer).
As Wyld points out, the concept has its promoters and detractors, and he too covers all bases with ten predictions for the future of cloud computing: one warns of multiple, “massive security breaches” annually; another promises the democratization of technology that will spur innovation and yield more widely shared benefits for all.
It is entirely possible that both predictions may come to pass. The cloud is an unavoidable extension of the Internet and all that it encompasses, and the potential for sharing costs, risks and capacities is significant. The parallel advent of open source systems means that unlike previously proprietary models of third-party service providers, the cloud resembles a giant and much more open system, something akin to, well, a cloud.
But has anyone ever successfully governed a cloud (that can be fluffy and inspiring one day, dark and ominous the next)? And much as the sky is filled with clouds, are we really talking about one such creation or a multitude of shapes and sizes? Indeed, in recent months governments in the U.S., U.K. and Japan have announced plans to create national clouds for their own operations.
The challenge faced by the world as a whole is to find governance mechanisms capable of doing what some would argue is impossible – coordinating the formation and functioning of clouds. For now, this is being done far too slowly and incrementally by governments focused to varying degrees on their own national interests but generally with little public pressure to act.
In the 60 Minutes piece, one security expert asks, what if the point of a cyber attack is not to steal money but rather to systemically destroy it? Our entire financial world (with the notable exception of the ever more valuable gold bars hidden under your mattress) is underpinned by digital records and trust in this digital system.
Optimists counter that here lies precisely the importance of the cloud – a more open and resilient system capable of responding to such crises, ideally before they take place. An imperfect analogy is that of Wikipedia, which contains errors but performs better than the now-defunct, proprietary versions of yesteryears that did the best they could in more insulated environments with limited access to knowledge and proofing.
The reality is that going it alone is no option at all. The cloud is really an updated debate around the merits of outsourcing, albeit outsourcing to a wider mosaic of organizations both specialized and interdependent with one another. A recent cybersecurity survey by Telus and the University of Toronto’s Rotman School makes the point that organizations that outsource security functions are more confident in their capacities than those not doing so.
And probably with good reason. But the same report also reveals that the area where organizations express the least amount of confidence is in preventing data leakages. And therein lies the Achilles’ heel of the cloud for the individual – the safety and security of the cloud’s particles, namely our own data flows and our own ability to track and safeguard them.
Ontario’s privacy commissioner issued a thoughtful report last year on this point, arguing that governments must create transparent and integrated identity management systems that empower users to control their data and provide as much consent as required in terms of its usage. However, large segments of the population, especially the young – and paradoxically the most web-savvy – seem largely indifferent to eroding privacy and widening information mishaps and breaches happening around us (most, in fairness, unseen and unreported).
It may instead be that controlling one’s data and identity is tantamount to grabbing hold of a cloud. Think of the cloud, then, as a proxy for the overall functionality and adaptability of the world’s digital architectures. The question remains as to whether the still infantile debate will resemble that of climate change (slow, methodical; frustratingly so for some) or that of air travel and terrorism in the aftermath of 9/11 where the direct and visual consequences of a single event galvanize (for better and for worse) political action both nationally and globally. Proactive political engagement would be welcome.
Jeffrey Roy is Associate Professor in the School of Public Administration at Dalhousie University (email@example.com).