I just read that the U.S. State Department now has an embassy in Second Life. That's an inflection point if I ever saw one.So who's the ambassador to Second Life? And where does he -- his physical self, not his avatar -- reside? Those questions become less fanciful when applied to the realm of enterprise cloud computing, where sensitive corporate data (often personal information on customers who may or may not have authorized its transference and use) can reside far away from the actual storefront doing business with an actual human being.
"One of the thorniest issues" raised by the rise of cloud computing, writes Nicholas Carr, author of The Big Switch, a recent book about the shift of most common computing tasks and applications to the Internet, "involves the variations in national laws governing the storage and use of personal and other information."
Consider the spread of "user-centric ID" systems such as OpenID, the universal online-identity standard backed by major tech companies like IBM, Google, Microsoft, VeriSign, and Yahoo. When you use an OpenID you divulge your personal identifying information to an OpenID provider, who could be a big Web company like Google, or your university, or your own corporation. That information is then stored in a data center ... somewhere. Maybe in Amazon's Elastic Compute Cloud. Maybe in Iceland. It's all in the cloud, so who cares?
Actually, the question of where data resides could become more critical, not less, as cloud computing becomes the norm. Just as the Internet revolution sparked a re-thinking of entire fields of law that is still ongoing today, the spread of the cloud will require new ways of thinking about jurisdiction, local laws, and the concept of residency. Think about it: what if a company stores sensitive information in a data center located in, say, the Philippines, which has much laxer laws and regulations about privacy protection than the United States. Whose laws apply?
Or, say a blogger is based in the U.K., which has notoriously stringent libel laws, but her data is stored in a data center in Hong Kong, where libel is exceedingly difficult to prove (and which has its own hybrid system of law due to its unique status within the People's Republic of China). You get the idea.
Cloud computing and the Web 2.0 technologies it enables also have the potential to revolutionize the relationship between governments and their citizens. Waxing somewhat over-enthusiastic, Internet and broadband pundit Bill St. Arnaud writes on Internet Evolution, "Not since the days of John Locke, Thomas Hobbes, and Jean-Jacques Rousseau have we had such opportunity and the tools to address many shortcomings of democratic society, especially the domination of special interests and lobbyists."
Well, maybe. But certainly the explosion of data and the increased need for efficiency, transparency, and accessibility in government repositories will cause big government agencies like the IRS to rethink how they store and manage data. I'll bet some IT bureaucrat at the Pentagon is at this moment thinking, "Boy, it sure would be nice if I could use Amazon or Google to store this data ..."
Meanwhile, U.S. intelligence agencies are hesitantly harnessing the power of the cloud to better promote national security. "Intellipedia lets 37,000 officials at the CIA, FBI, NSA, and other U.S. intelligence agencies share information and even rate one another for accuracy in password-protected wikis, some 'top secret,' " reports Gordon Crovitz in The Wall Street Journal.
A "top-secret Wiki." Isn't that a contradiction in terms?
None of this should take away from the huge promise of cloud computing to better our lives and to make both corporations and governments more efficient and more transparent to customers and citizens. But it raises flags that IT pros and Internet users need to start thinking about.
And by the way, does that Second Life embassy issue U.S. visas?