Category: cloudcomputing

Unsuitable

<originally a webwereld column in Dutch>, <also on HuffPo UK>

Over nine years ago, I was talking to Kees Vendrik <Dutch MP) about the broken Dutch software market. Not only was it impossible to buy a top brand laptop without buying a Microsoft Windows licence, it was also impossible to visit many websites (municipalities, Dutch railways and many others) without using Internet Explorer. The latter area has greatly improved and I can lead my life using my OS and browser of choice. Only occasionally do I have to just swallow a Windows licence when buying a new laptop. Not much has improved in that area. Our national dependence on products such as MS Office has not really diminished either, despite all the wishes of our Parliament and its related governments policies.

Meanwhile, the technological seismic shift that frightened Bill Gates so much back in ’95 (the web makes the operating system irrelevant) is fast becoming reality. Almost all new developments discussed by IT power players and specialists are web-based or based on open specifications and the most commonly used applications are running quite well as service in a browser.

So while the 15-20 year old problem of software dependency is not yet solved (our government, with its tens of thousands of IT workers, is  still unable to wean itself off the familiar Microsoft technology stack) its impact is becoming less relevant. Meanwhile, new dependencies based on cloud providers are promising to be even more detrimental.

While excessive use of proprietary software creates the risk of foreign manipulation and potential attacks on critical infrastructure (eg Stuxnet). But at least if your systems are attacked in this way, there are some ways to track this. If you are working on the computer that does not belong to you, that is based in a foreign country and is managed in ways you cannot know,  it will be very difficult to have any control over what happens to your data.

The old assumption, that using local servers could be part of the solution, seems unfortunately to be an illusion. All cloud services offered by companies based in the US are subject to US legislation, even if the servers are physically in another country. And US law is now somewhat, shall we say, problematic. With no evidence, but with an allegation of involvement in "terrorism", systems can be closed down or taken over – without any warning, or the possibility of adversarial judicial review. The term ‘terrorism’ has been stretched so far in that anyone who allegedly breaks US law, even if they’re not a US citizen and even if they’re not in the US can still a deemed "terrorist", just on the word of one of the many three-letter services (FBI, CIA, NSA, DIA, DHS, TSA, etc.). The EU is not happy about this but does not want to go so far as reccomending its citizens and other governments to no longer use such services.

The long arm of the US Patriot Act goes even further than merely the servers of US companies on European soil. Thus domains can be "seized" and labelled: "this site was involved in handling child pornography". Try explaining that as a business or non-profit organisation to your clients and (business)partners. Just using one .com, .org or .net extension as your domain name now makes you liable under US law. All Europeans can now be seized from their homes for breaking US law. So a .com domain name makes your server effectively US territory.

We were already aware that proprietary platforms like Windows and Google Docs were not suitable systems for important things such as running public or critical infrastructure. However, now it turns out, that every service delivered through a .com / .org / .net domain places you under de facto foreign control.

Solution? As much as possible, change to open source software on local servers.  Fortunately there quite a few competent hosting companies and businesses in the Netherlands and Europe. Use local country domains like .nl/.de./.fr or, if you really want to be bullet proof, take a .ch domain. These are managed by a Swiss foundation and these people take their independence seriously. Wikileaks today is running on wikileaks.ch after its domains such as .org got a one-way ticket to Guantanamo Bay.

If you still want to use Google Docs, Facebook, Evernote, Mind Meister, Ning.com, Hotmail or Office 365 – please do so with the awareness that you no longer have any expectation of privacy or any other form of civil rights. Good for the administration of the tennis club but completely unsuitable for anything that really matters.


Cloud computing, from the frying pan into the fire

In a recent column (Dutch), Frank Benneker of Amsterdam University explored the consequences of the rapidly growing use of cloud computing. The shift of computer applications from PCs and servers to a single "service" provided through a worldwide network is probably as fundamental a shift as the earlier one from mainframe computing to PCs.

Given the objectives of the Dutch Open standards and interoperability policy plan, cloud computing seems the quick and easy-to-implement solution: I hear Web 2.0 enthusiasts say “put everything on Google Docs and we are all interoperable”. But just as in the case of the "liberation" of PCs from mainframe managers/suppliers, there are problems with cloud computing – potential snakes in the grass.

In December 2004 the Dutch government decided that the dependency on dominant software providers was a problem and had to be addressed. The Dutch action plan from 2007 was the first, tentative step in dealing with this.

The Dutch government wants to use open standards for interoperability, and open source to foster independence, lower costs and strengthen local development (services instead of licences). Open standards are fundamentally essential for interoperability. The Dutch ‘standard’ government desktop plan demonstrates to governments that interoperability can also be achieved with an imposed, top-down mono-culture. Give everyone the same software, and information can be conveniently exchanged.

However, the price of a mono-culture is high, both directly in money and in less quantifiable aspects such as security problems and an extreme dependence on a few foreign private companies. The latter is especially difficult to reconcile with the idea of a sovereign nation and a government that is democratically accountable. Surely our governments would wish to avoid relying on foreign companies to control the connectivity of our information databases in some nebulous “computer cloud”?

The crucial point is that even in this cloud, the hardware does not belong to the government nor is it possibly even on Dutch soil. The hardware can be located anywhere in the world, and therefore subject to multiple legal regimes beyond the Dutch government’s control (or indeed, accountability).

Much of the Web 2.0 knowledge for the Dutch government and discussions about this are held on ning.com servers, and the consensus is that it would be pretty difficult to migrate away from there. Even NOiV, the Dutch open standards and opensource implementation bureau also holds regular discussions on LinkedIn instead of its own XWiki environment. It is only natural that people use what they know. However, bearing in mind not only the objectives of the Policy Document, but also the various Parliamentary Motions on the subject and the earlier decisions of the government itself, cloud computing is a major IT problem. To expect cloud computing to rid us of the issue of  “lock-in” that has been a problem for the last 20 years creates a classic example of ‘out of the frying pan; into the fire ‘.

Our current problems arise from not foreseeing the long-term consequences of our IT choices. We need a separate government IT programme to ensure the freedom of choice that we see as entirely natural in other markets. Unless the cloud computing servers are on Dutch soil and we have access to the code under an open source licence, we shall only go from bad to worse.

The Free Software Foundation has the solution for these problems, a distributed cloud that we can all access. Servers that provide free software designed to guarantee our digital freedom. After all, this is the original intention of the Internet: all equal players in their own cloud.