Is the governance of Cloud computing better understood by not focusing on the application of State law, but instead considering it as an individual spatiality existing alongside the State?
‘The Cloud is for everyone. The Cloud is a democracy.’
Marc Benioff, CEO – Salesforce.com
Technology is taking an ever-dominant role in enabling the expansion of transnational activities. The role and importance of the virtual world, primarily the Internet, is that it enables communication and commerce to cross large geographical distances at a speed that is otherwise physically impossible. It is the clearest example of the idea of a ‘global village’, where the world has become so interlinked that it feels smaller. From the perspective of international relations, this holds great importance. The development of technology is so rapid and so unpredictable that it provides a constant challenge for existing theory and provides opportunity to explore the idea of a new spatiality. Importantly, the security of technology is an increasing issue and vital, as many of our real world processes utilise and rely on it (Trachtman, 2006, p259).
Cloud computing is a more recent technological development, but one which is becoming part of everyday life. By its very nature, Cloud computing is very much a globalised technology. Its purpose is to make existing global communications laid down by the internet become even more efficient, accessible and flexible. This global nature does create a number of issues for anyone taking an interest in politics, legality and even global order. From an international relations perspective, Cloud computing provides an interesting case, as certain prominent elements of it could be construed as offering a challenge to the current State centric global order. The implications of this are seemingly underexamined, but they are vitally important, not only for the study of International Relations, but for policy makers and lawmakers. In one respect, Cloud computing is nothing new; however, it has also reinvented computing in terms of scalability, price and geographical influence (Oracle, 2009a, p3).
The global influence of Cloud computing has led to a number of legislative issues, arising primarily over governance and/or jurisdiction. Firstly, it is important to clarify what is meant by Cloud computing and why it is important to analyse it further. This is mostly due to the widespread uptake and usage of it on a global scale. Then, by providing a clear understanding of what the State is, this essay will critique why the use of State law on Cloud computing is inappropriate and ineffective. From an international relations perspective, it is imperative to consider the notion that the global order is neither static, nor is it fixed into the current State centric system. As such, it is plausible that new forms of spatiality can form and, consequently, need to be viewed in a completely different way. For this reason, this essay will apply the logic behind Mare Liberum (Freedom of the Seas) to Cloud computing, as, although not comprehensive, it does provide a starting point for viewing virtual environments as having potential to expand into a new form of spatiality that can exist outside of the state.
Cloud Computing: The What, Who, Where and Why?
Cloud computing is like a patchwork of existing technologies intertwined to benefit users (Ahmad, 2011, p372). It is, therefore, very important to give a strict definition of Cloud computing, as there are many different variations of it and even variations on what classes as a Cloud (Wohl, A. 2010a p63). The generally accepted definition is:
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” (NIST, 2011,p2).
Simplified, this means Cloud computing is any type of flexible remote computing or any computing that can be done or accessed through the internet as opposed to a PC or local server (Nelson, 2009, p71). This flexibility can arise from the access people have to it, flexibility over use and in turn cost, or creating a pool of resources so users have complete flexibility over what they create and how it is controlled. Some of this we have today, and although for what we may not have, we may have the capacity for in the future (Oracle, 2009a, p1). As such, it is very important to view Cloud computing as an evolving technology. Even though it is not in its primacy, we are only at the beginning of utilizing its full capability.
The three main types of Cloud computing are Software as a Service (SaaS), Infrastructure as a Service (Iaas) and Platform as a Service (Paas) (NIST, 2011, p2-3). SaaS are complete applications offered as service on demand (Oracle, 2009a, p12). With these, things such as word processing can be completed in an online environment, meaning the user isn’t required to install software. PaaS is the next layer in the Cloud and is effectively an operating system in the Cloud. These systems allow developers to write applications for the web and mobile devices (Economist, 2010). PaaS is where a layer of software is taken to a higher level and then built upon, e.g. Google apps (Oracle, 2009a, p13). IaaS is what is typically recognized as being Cloud computing and offers basic computing services, from processing to data storage, which customers can combine to build highly adaptable computer systems (Economist 2010, Oracle, 2009a, p14).
The use of these different structures within a virtual environment is what creates the Cloud. The types of Cloud are public Clouds, such as Amazon EC2, private Clouds, designed and tailored to the needs of an individual or most likely a company, and hybrid Clouds, which combine the two (NIST, 2011, p3). Public Clouds are made up of applications from different customers that are provided on various networks (Oracle, 2009a, p9). Essentially, they provide the most challenges in terms of governance, but the private and hybrid models can also be constructed in a way that causes problems. Public Cloud computing is available at large and can be located and accessed anywhere (Ahmad, 2011, p372). Most IaaS that store data in the Cloud are not on physical servers local disks (Oracle, 2009a, p27). Consequently, they are somewhat location-less. Public Clouds are nearly always Internet based, making them multi-locational; however, private Clouds can also be difficult to locate (Oracle, 2009a, p9).
Benefits and Popularity of Cloud Computing
The growth and popularity of Cloud computing is something which cannot be denied, regardless of the definition. However, even with the more restricted definition, whereby it is something in a virtual environment, growth is huge. In 2010, it was thought around 51% of business had adopted some form of Cloud computing (Burke, Siplor 2010, p334). Some estimates suggest that in 5-10 years time, Cloud computing could make up 80-90% of computing and data storage (Nelson, 2009, P71) and be worth around $56 billion by 2020 (Economist, 2010). With the move from Cloud computing being storage based to more App based, this seems even more feasible.
It is this virtualisation of environments that allows Cloud computing to become the next wave in ICT, with its advanced IT, cost effectiveness and economies of scale (Vouk, 2008, p237, SAP, 2009, p4) being the key benefits. Realistically, virtual machines can be used for 80% of infrastructure. Combined with SaaS, this can be even higher (Oracle, 2009a, p3). Cloud computing allows companies, and the individual, to benefit from large scale computing without as much cost (Burke, Ward, Sipior, 2010, p334, NIST, 2011, p2, Armburst, 2009, p3, Oracle, 2009a, p4, SAP, 2009, p4). The benefit of cost reduction, in turn, leads to less risk by the user in terms of capital purchasing. It removes the risk of owning capital, whilst providing the benefits and permitting more short-term usage (Oracle, 2009a,p1, p15).
The final benefit worth mentioning is that of usability. Without ease of use, there is no way Cloud computing could be successful or grow to be more successful. A clear example of how easy it is to use is in how many people don’t realise they are using a Cloud based application, as with, for example, the Skydrive on Hotmail, Youtube, GoogleApps and many other applications used on smart phones. The growth of apps in recent years has been exceptional. Cyber infrastructure makes these apps easier to develop and deploy (Vouk, 2008, p235) and as vendors have adopted platforms to suit user needs, their popularity and usage has increased (Wohl, A. 2010b, p103).
It is this usability and flexibility that creates a seemingly new spatiality. On a more technical scale, the creation of applications, which can access a number of databases in order to draw appropriate data (Oracle, 2009a, p18), means an almost infinite number of sources can be drawn upon in a short amount of time. Moreover, the different layers of programming, creating the virtual environment, seem infinite due to a lack of easily definable spatial dimensions (Armburst, 2009, p10). Although these spatialities do not necessarily exist in a physical sense, what is created by them and within them do. As such, there arises the difficulty over governance, seeing how something using such a variety of sources, built and altered by a variety of individuals (some not linked to organisations), can be so easily slotted into one jurisdiction.
The Negatives of Cloud Computing and Issues this Raises
The idea of usability creating a new idea of spatiality is key to understanding the issues with governance that arise with Cloud computing. There are, however, a few other negatives, but what lies at the core of these is also an issue of governance. The main concern for particularly business users of the Cloud is that of security, with 75% of businesses recognising that there is a trade off between security and cost when it comes to Cloud computing (Burke, Ward, Sipior, 2010, p334). Although security issues can be resolved, to an extent, by usage of a private Cloud, even this isn’t foolproof, as the complex intertwining of public and private networks causes issues (Trachtman, 2006, p265). It is, however, less risky than externally hosting or within a public Cloud. Nevertheless, the solution is not that simple, as many ‘private Clouds’ may be part of a hybrid Cloud, which has origins in a public Cloud. In addition, the use of software applications may not be as secure, but people may still use it unwillingly (Burke, Ward, Sipior, 2010, p334).
Regardless of this, it still remains unclear as to who is responsible for security within a Cloud. Users will expect Cloud providers to offer security, liability, anonymity and access restrictions (Jaegar et al 2008, p272, Ahmad, 2011, p374). Yet, there is a distinct lack of clarity and/or detail in what is actually protected in an IT environment (Oracle, 2009b, p5). From this, another negative of Cloud computing arises, that of liability. Issues over liability can arise in terms of theft, data loss, and release of data, all of which could result in lawsuits (Burke, Ward, Sipior, 2010, p335). This raises many concerns over privacy, security, anonymity, liability and reliability within a Cloud environment (Jaegar et al 2008, p270).
Although it is assumed that the Cloud provider is ultimately responsible for things such as data loss and security, it is clear that this is not always the case. The example of CloudFlare is one such case where they removed itself from liability and censorship (CloudFlare, 2012). This was particularly relevant when a leak by LulzSec, the hacking organisation, occurred; they had used CloudFlare hosting; however, CloudFlare argued why they were not liable for the actions of Lulzsec (CloudFlare, 2012). This highlights one of the many flaws in legislating the Cloud. The current obsession is in trying to apply State law and jurisdictions (which cannot be combined, due to loopholes) to something that is truly global and can easily disguise the perpetrator.
The issue over governance of virtual environments like the Cloud is one that has become ever more present, as the growth continues. The main issues are over censorship, cyber crime, copyright, libel, fraud and tax (Burke, Ward, Sipior, 2010, p335). Generally, the logic of applying where the data is stored is the law applied to it; however, providers are on such a large scale, with data centres all over the globe, it is impossible to pinpoint the exact data’s jurisdiction (Burke, Ward, Sipior, 2010, p335). The potential for multi tenancy, huge scalability, elasticity, pay per use nature and variety of resources makes governance incredibly flawed (Oracle, 2009b, p3), as people can simply remove data from one Cloud to another or alter source software slightly. Thus, governance is impeded.
The Conflict and Consequences of the Relationship Between the State and Cloud Computing
Globalised technology has created many issues in governance. Prior to this, it was usually clear what State law and action came under; however, the growth of things such as Cloud computing have created a plethora of issues. The key issue is that the Cloud is inherently global and, as such, requires cross-jurisdictional solutions (Burke, Ward, Sipior, 2010, p336, Kamal, 2005, p203, Baylis, J., Smith, S., 2006, p358). At the core of this is the issue of how hard it is to control and manage data, as it can move so freely in the Cloud (Economist, 2008). This has meant that existing international law has become ineffective because its application is problematic in virtual environments. This is primarily due to international law being between States (Baylis, J., Smith, S., 2006, p358) and is, accordingly, based on the notion that activity occurs in a particular jurisdiction (Kamal 2005, p203). The fast pace of technological change has had significant impact on the State balance of power (Strange, 1998, p25), and this has been mainly due to the lack of jurisdiction somewhat undermining State law. It is, therefore, vital to not only identify what the impact of Cloud computing is on the State, but also what State law is, why it is inappropriate in a virtual environment, and the impact this has on the current State centric global order.
The first problem that arises with trying to apply State law to Cloud computing is that there is no unifying idea of what State law is and involves (Baylis, J., Smith, S., 2006, p428). Therefore, in terms of legality, the small differences between State laws create huge loopholes in legislating technology on a global scale, making it ineffective (Burke, Ward, Sipior, 2010, p335, Kohl, 2007, p8, Trachtman, 2006, p260). Moreover, certain legal loopholes may mean that some States can remove themselves from having responsibility (Trachtman, 2006, p273), which could conflict with States trying to do the opposite.
In terms of legality, most countries have almost universal control over their nationals, but international law is, first and foremost, law between nations and cannot be applied effectively on an individual (Kamal 2005, p197). In international law, the current situation is that something falls under a jurisdiction and the appropriate country deals with it; however, there are exceptions to this. The exceptiong, though, have to be crimes bad enough to cause universal concern, namely crimes against humanity (Kamal 2005, p198). Many of the questionable online activities do not fall under the same category as genocide, sex trafficking etc. Consequently, they cannot feasibly come under this exception. As such, applying the logic of crimes against humanity to the majority of Internet activities seems inappropriate.
As a result, the Internet has increased the level of trans-border disputes (Kamal 2005, p197). In particular, there have been issues over what can and cannot be shown in one country, property rights, copyright law and patents. Obviously, trans-border disputes are not abnormal, or limited to the internet, but the nature of the Internet leaves it so that State power becomes limited in comparison to non-virtual situations, since it is difficult to pinpoint an individual’s involvement (Kamal 2005, p197). On a larger scale, TNC’s that provide these virtual environments are often based globally. This can be in order to avoid certain regulations, but results in making jurisdiction less easy to define. Furthermore, this shift of control of trade and finance has undermined sovereignties strength (Baylis, J., Smith, S., 2006, p430) and, in turn, the influence of the State.
As has been highlighted, the attempts of States to apply their law to virtual environments have thus far been problematic. The increasing popularity of Cloud computing has complicated this even further. The main issue with governing the Cloud is similar to the general issues with the Internet. The current attitude towards cyber legislation is to act upon it when it becomes an issue. This is a relatively slapdash approach and inappropriate for the technical detail required to fully understand the workings of technological advances. The Cloud is, in its nature, global. The whole purpose is having the ability to access and alter data whenever and wherever. Thus, trying to create patched up legislation, which is State centric, will eventually become less effective (Baylis, J., Smith, S., 2006, p636) and greatly effect the success of Cloud computing (Nelson, 2009, P76, Jaegar, 2009, p12). Anti-piracy laws could hinder the development of the Cloud if it forces Cloud owners to monitor actions of users, as this impinges on data privacy (Nelson, 2009, P75) and lessens the flexible nature of the Cloud.
One idea would be the creation of a global standard for legislating technology; however, there has been no successful construction of a sustainable regime for maintaining regulations in ever changing global networks (Baylis, J., Smith, S., 2006, p637). This is primarily due to conflicting ideologies between States. As jurisdiction within the Cloud is so unclear, a better option would be to come to a mutual agreement between provider and user (Ahmad, 2011, p378), although the effectiveness of this in a legal sense is questionable. The most likely result is that States will continue to try and legislate a globalised virtual environment and Cloud computing companies will expand and seek ways to avoid this legislation and maximise growth (Jaegar, 2009, p12).
Jurisdiction and Power
As mentioned, the current status quo for legislating activities in virtual environments is to attempt to establish a jurisdiction. The basis of jurisdiction is determined by a required number of elements. It requires the following three kinds of power: the power to prescribe (establish law), the power to adjudicate (courts) and the power to enforce (application of compliance) (Kamal 2005, p197). In the current global order, these types of power have only been considered to have been achieved by the State; however the virtual environments, particularly the Cloud, are undermining this, to an extent.
Firstly, laws have been established, but not enforced, as there are issues with what the State can control. This is because various sources and formats can be combined making origins difficult to establish (SAP, 2009, p6). For example, if a Cloud user creates something in the UK, using a Cloud that is “physically” based in the US, using an application developed in Germany, which is also hosted on the Cloud, then it is only the action of creating which occurs in the UK, not the production of the final product. Secondly, if this cannot be pinpointed, then adjudication also becomes impossible, as it would be deemed unfair. Moreover, in trans-border cases (as most are) it is difficult to see where cases will be adjudicated, to what extent governments can be involved, and the costs (Jaegar, 2009, p10). Thirdly, compliance becomes impossible, as users actions are difficult to trace, and in issues with where data is stored arise, as previously mentioned, it is not clear-cut as to where data is actually stored.
Existing jurisdiction has caused issues with free speech, tax cheating, and retailer entrapment (Kamal 2005, p199). The US is particularly renowned for its attempts to police the Internet. In previous cases of trying to legislate activities that have occurred in virtual environments, a type of jurisdiction called long arm jurisdiction has been used. This is based on four key tenets:
- Purposefully direct or consummate an activity in a State with a resident
- Claim must arise from the activity
- Jurisdiction must comply with fair play and substantive justice
- Must be reasonable (n.b. as in the claim of long arm jurisdiction must be reasonable). (Kamal 2005, pp201-202).
The idea is that through the use of this, most activities are covered, but the rules over prescriptive jurisdiction are unclear (Trachtman, 2006, p276). Theoretically, they should be; however, for Cloud computing, it is not as clear-cut as, say, with someone downloading a song to their laptop. It states the activity must occur within the State, which it may not do if using Cloud based software and storing on a Cloud (something which is commonplace), since the actual data never becomes stored in its completion on the physical device.
Furthermore, in the case of the US, this minimum contact jurisdiction conflicts with other US laws, particularly law that suggests State laws cannot interfere with interstate activities for competitive reasons (Burke, Ward, Sipior, 2010, p336). Examples like these exemplify the loopholes present, even within single State legislation, highlighting the increasingly globalized issues faced in attempting to legislate technology.
The US is home to a lot of data centres. These data centres are very large in size and, when connected ,can be accessed globally (Jaegar et al 2008, p270). However, some argue it will only remain home to data centres if policy becomes usable and up to date (Jaegar, 2009, p13). Without this, the US will lose control and, as such, the ability to legislate. Most successful and available Clouds (and therefore most used and most likely to expand) are those owned by companies who collect terabytes of personal data that are stored across the globe and accessible globally (Nelson, 2009, P74). Accordingly, it is clear to see why the governance issue is one of great importance and why many are concerned by the US’s attempts to control this data by using its own laws.
There are a lot of scholarly works on the topic of jurisdiction in the Cloud. Sadly, hardly any fall within the arena of international relations and are, instead, law-based, limiting the scope and perspective of the studies. Generally, it is made clear that as Cloud computing crosses borders, jurisdiction becomes unclear and it is unable to face court action (Burke, Ward, Sipior, 2010, p334, Kamal 2005, p197, Ahmad, 2011, p378). Moreover, recent technological developments imply that larger providers can let you choose where your data is physically stored (Armburst, 2009, p18).
‘There are technological fixes to this problem, too. Customers of Amazon’s storage service, for instance, can have their data kept either in an American or a European data centre. In future, Cloud providers will offer many more options for where data are kept and how they are protected.’ (Economist 2008).
Although this seems to conflict with the idea that data can’t be traced to a particular location, the reality is that with the huge scale that Cloud computing works on, most data can’t be traced or tracked, unless given specific permission by the user, who will determine the actual location. It, therefore, still removes all power from the State and, in fact, makes State legislation further impractical. It also means that data can be location based or not (Jaegar, 2009, p5). Technically, as the Cloud can be accessed anywhere, it is, as mentioned, location-less (Jaegar, 2009, p6); however, given the options the user can place it within a jurisdiction, this is the user’s choice, as has been made clear, not a legal requirement.
In the perceived Realist State, the aim is that international politics and the State structure are all forms of domination (Baylis, J., Smith, S., 2006, p359). Technology, though, has begun to undermine this power, as it can act in a way that can supersede the State. Strange describes power as ‘simply the ability of a person or group of persons to affect outcomes’ (Strange, 1998, p35) and deriving from mass willingness (Strange, 1998, p54). With this notion in mind, it is clear to see why virtual environments could become a power unto themselves. It also shows how State control over everything not set in stone. The overemphasis on the State centric global order makes it difficult to see past this (Strange, 1998, p50); however, in a virtual environment, this State centricism can be overcome through the power struggle being put in the favour of the individual.
It is also interesting to examine State power struggles in economic terms. States no longer have dominance over production (Strange, 1998, p72) and trade (Kohl, 2007, p5). They are, as such, limited in controlling that aspect, even in physical form. Instead, modern State dominance exists through the dominance in a legal sense. Consequently, States will want jurisdiction over things that enable them to gain control and power (Trachtman, 2006, p274), such as with the Internet and Clouds. International jurisdiction is something that has stemmed from sovereignty of States (Kohl, 2007, p9), and if it cannot be effectively applied to a Cloud computing environment, it does work, someway, as undermining State control with this particular spatiality.
In a Cloud computing environment where jurisdiction is so unclear, it is difficult to see how economic power can be gained. It is through this economic power that the largest powers in the world have gained their influence. If this economic power is removed and things shifted to being produced in a virtual environment, The State will be further undermined. In the current global order, TNC’s have a lot of influence, some being a lot larger than countries (Baylis, J., Smith, S., 2006, p428). In technologym this is even more so, as governments are typically behind in terms of technology. Also, the world’s largest companies are primarily technology producers, and most of these larger companies have Cloud computing as a product (Apple, Microsoft, Google to name a few). With this in mind, if companies are larger than a lot of State economies, what is to stop them from acting in a way similar to a State and weakening the power of the State?
The work of Carl Schmitt suggests that the idea of a State centric global order is not fixed and compliments the notion of State centricism being undermined by virtual environments such as Cloud computing. In his works ‘The Nomos of the Earth’, he goes through the historic evolution of global order and, through this, presents the argument that the global order is something constantly changing. Through his logic, it is clear that the State centric model has the potential to be superseded. His work is in line with the philosophies of Grotius and Locke (although throughout Nomos he critiques Grotius’ approach to land appropriation). He agrees that land appropriation is the foundation of law (Schmitt, 2003, p46) and, as such, that the Freedom of the Seas is appropriate for that which cannot be appropriated, making the Sea the antithesis to the land. As will be expanded upon later, Cloud computing environments cannot truly be appropriated and should be viewed separately from normal property. In the same way that Schmitt argues that air space reshaped spatiality (Schmitt, 2003, p80), Cloud computing and other virtual environments could have a similar effect.
Freedom of the Cloud – The New Mare Liberum?
It is now clear what Cloud computing is, what it provides, and what issues it causes for current policy makers and legislators. The main issue is that of the jurisdiction of Cloud computing, as it is through this that Cloud computing is currently legislated. There are many flaws with this approach and it could be suggested that the philosophy of international waters may be better applied when trying to legislate and understand this new spatiality. What is vital to clarify is that the application of Mare Liberum to Cloud computing is obviously not all encompassing and is, in fact, a very simplistic approach. However, it does create a starting point for further study, and, as the antithesis of firm land and free sea were the basis of international law in the 16th century (Schmitt, 2003, p172), it makes sense to consider that if the logic behind firm land doesn’t work, the opposite may well do. Current legislation is focused on determining geographical jurisdiction in order to bring justice and control, but, in an ever expanding virtual spatiality, this application is, arguably, dated and over reliant on the State as acting as the main structure for the global order.
It is common knowledge that the initial notion of the free seas arose in the work of Hugo Grotius. His ‘Mare Liberum’ defines the reason why the expansive nature of the sea separates it from the normal laws seen on land. By examining these key tenets, which enabled understanding of the sea, it is hoped that Cloud computing can be viewed in this vane, instead of simply being viewed as an extension of existing imperialist structures.
One key tenet of Freedom of the Seas is the idea that the sea is so vast in size that it is almost impossible to contain. According to Grotius, in the state of nature, all land was common and the need for its ownership was due to it being limited and depreciable (Grotius 2000 p22). The sea is the opposite of this. Cloud computing is very similar. In terms of limitation, obviously, data capacity is not infinite; however, as seen in recent times, large amounts of data can easily be stored in a very small way. In the same way, as the sea is ‘limitless’, to the point it cannot be defined, so is Cloud computing. More important is the issue of depreciation. The reason why there is ownership over land is that once it has been used be it for agriculture or used to build on, the land is depreciated in some way following this usage. Cloud computing is, on the other hand, different.
As seen in the discussion about Cloud computing, one of its main benefits is flexible use, and once data is removed from a Cloud, that data is once again a blank canvas able to be fully utilised without any depreciation. As Grotius mentions, ‘Own implies a thing belonging to a person in a way that it cannot belong to another’ (Grotius 2000 p22). Due to the large scale of Cloud computing, although usage does imply a temporary form of ownership, it is something that can be taken away and, moreover, is on such a large scale that ownership doesn’t stop others from usage. Also, as the Cloud can be accessed anywhere and is, conseqeuently, location-less (Jaegar, 2009, p6), it cannot truly fall under complete ownership.
As explained, the notion of Cloud computing is similar to that of commons, in the same way that the sea is. Grotius’ discussion of common property and its complications for sovereignty, therefore, provide an interesting insight into how Cloud computing could be affected in a similar way. Grotius uses the example of fishing, as you cannot stop fishing from being done in the commons. He says, ‘The first gift of justice is the use of common property for common benefit’ (Grotius 2000 p25). You can only legislate it when those goods become private property (Grotius 2000 p29), as with State territory. Thus, common property has never come under sovereignty and, as such, cannot be seen as private (Grotius 2000 p24). In terms of how this relates to Cloud computing, a similar logic can be applied, which is that something remains to be in the commons until it is held within the State. If say, for example, a document is created using SaaS and stored on IaaS, then it never enters the control of the State and has been created in an environment separate to that of the land.
Having established that the Cloud environment is something that cannot be depreciated and, by definition, isn’t truly owned, Grotius’ argument can be applied further. Firstly ‘no thing is by nature private property’ (Grotius 2000 p21). Until that which is created in the virtual environment becomes an entity stored in a physical environment, it cannot be truly ‘owned’ and, in turn, governed. By this logic, something created in a virtual environment using SaaS, and stored on IaaS, does not come under any form of ownership by the State. In the same way that the ocean is navigable in every direction and provides a right of access to all people (Grotius 2000 p12) and should remain free, Cloud computing allows access to the kind of infrastructure that cannot be gained in a physical sense and can be created and manipulated in a way which allows for infinite opportunity. As Grotius argues, in commons, it is cruelty, not jealousy, to withhold something from someone, which, when you don’t possess it, provides no more loss than before (Grotius 2000 p31). Accordinglu, the State trying to control something that should be freely accessible, along with being unfeasible, is also difficult to justify.
The key issue for legislating the ever expanding virtual environment of Cloud computing is that of jurisdiction. Grotius provides some insight into jurisdiction. At its most basic, jurisdiction, he defines, is something being ‘seized with the eyes and take real possession’ (Grotius 2000 pp14-15). Jurisdiction is ‘to find and to occupy’ (Grotius 2000 p15). In a virtual environment, as mentioned, the State never takes full occupation or possession of the item, assuming it has been created and stored in a virtual environment. Currently, this may only involve things such as documents; however, as Cloud computing becomes more commonplace and more things are created in a Cloud, there becomes more issues over possession. This could have particular consequences for things like intellectual rights and copyrights, seeing that if something isn’t held within a jurisdiction, it cannot easily be criminalised.
A Cloud in the Sea?
One interesting development has been the actions of some Cloud providers in trying to escape State control, like with how certain actions by large providers beginning to supersede the State (Trachtman, 2006, p269). The two main cases have been the Google Navy and the Pirate Bay Drones. These, as the names may suggest, utilise the Sea and the Air as a territory. With this comes the legislative benefits of not being land based. In the current global order, this is the closest we will come to a virtual environment becoming a different spatiality, apart from being considered an extension of State activities. However, it does also show that the State structure isn’t completely impenetrable.
The logic behind Google’s Navy is similar to the idea of applying the logic of Freedom of the Seas to the legislation of Cloud computing. The Google Navy would mean that they would reduce costs through using hydropower and utilising the sea to cool servers (Ahmed, 2008). But, more importantly, US Law could not be applied to them (Jaegar, 2009, p11, Ahmed, 2008). Google has submitted patents for these water-based data centres (Jaegar, 2009, p8, Ahmed, 2008) and, as such, is obviously keen on having access to a territory free data centre. Moreover, if successful, it will, as mentioned, mean that Google would not be tied to any jurisdiction. It is this kind of progress in IT that undermines State law and, consequently, needs to be viewed in a way that is beyond the current State centric approach, as it is simply no longer applicable.
As data storage becomes even smaller, these ideas become more feasible. Pirate Bay has discussed how they intend to use drones and micro computing, such as the raspberry pi, to create offshore data centres using GPS controlled drones to avoid State jurisdiction (piratebay.org, 2012). Computers like raspberry pi are so small that they can be stored and transported with ease, while still have programming capabilities. With this in mind, it is clear to see why a reassessment of virtual environments as a new spatiality is essential.
Those who study international relations are often taught to look beyond the current global order of State centricism. Sometimes this is challenging, as it has been dominant for so long, and it is difficult to find a potential replacement. However, virtual environments certainly show to be a step away from a State centric approach to international relations. By examining the current state of Cloud computing, the potential for growth, and the positives and negatives of it, this essay has sought to clarify why it is vital that scholars outside of law and computer science investigate virtual environments. It is particularly relevant with regards to International relations, as a discipline, since the application of State law to a virtual environment has proven to be ineffective, and a more globalised user focused approach is required.
Obviously, this isn’t a truly comprehensive study of whether State law is inappropriate in a virtual environment where jurisdiction is difficult to apply; it is, however, more of a suggestion for further investigation. This essay has attempted to provide the foundations for an argument as to why State law is inappropriate and, also, for why it shouldn’t be assumed that State law must be applied. Ascholarly examination from an international relations perspective is necessary, as many other subjects are very much focused and dictated by the State centric global order; whereas, IR students are asked to question this and not assume that order is set in stone.
It is for this reason the application of the philosophy behind the Freedom of the Seas seems appropriate, as it is something that is understood in the setting of a State based world, but also co-exists alongside it. In the current situation, this seems the most appropriate, since one cannot realistically imagine the State being overthrown by a virtual environment. It does, however, have the potential, in a similar way to the sea, to exist parallel to the State. It is this process that is important, as this co-existence is eventually what begins to undermine the State. The State is built on the philosophy of dominance and power, and, as such, if something undermines this, the very basis of the State structure also becomes undermined.
Although Mare Liberum is over 400 years old, its application remains appropriate. The existing international laws are built upon philosophies found in the state of Nature. Accordingly, if State law is ineffective in legislating, it is only common sense to consider the original notions of law and shape them to suit a new, evolving, and not fully understood spatiality. Hopefully, by doing this, policy can be shaped to fit the environment itself, instead of trying to make it fit into existing State structures, or conceptualizations of it. It not only allows greater freedom within the Cloud, which will lead to greater prosperity and creativity, but also allows a level of protection within a virtual environment.
Bibliography
Ahmed, M. (2008) ‘Google Search finds seafaring solution’ Times Online http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article4753389.ece (accessed May 2012)
Ahmad, R ‘Governance Life Cycle framework for Managing Security in Public Cloud: From User Perspective’ IEEE 4th international conference on Cloud Computing http://www.computer.org/portal/web/csdl/doi/10.1109/CLOUD.2011.117 (Accessed March 2012)
Armburst et al (2009) ‘Above the Clouds: A Berkeley View of Cloud Computing’ www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf (Accessed February 2012)
Baylis, J., Smith S., (2001) ‘The Globalization of World Politics’ (Oxford).
Burke, T. Ward, J. Sipior (2010), ‘The Internet Jurisdiction Risk of Cloud Computing.’ IS Management 27(4): 334-339.
CloudFlare (2011) ‘On LulzSec, Censorship & CloudFlare’ http://blog.cloudflare.com/58611873 (accessed March 2012).
Economist (2008) ‘Computers without borders’ http://www.economist.com/node/12411854?story_id=12411854 (accessed March 2012)
Economist (2010) ‘Tanks in the Cloud’ http://www.economist.com/node/17797794 (accessed April 2012)
Grotius, H. (2000) ‘Mare Liberum:Freedom of the Seas’ http://www.questia.com/PM.qst?a=o&d=84301776 (accessed March 2012)
Jaeger,P. Lin,J, Grimes J (2008) ‘Cloud Computing and Information Policy:
Computing in a Policy Cloud?’ Journal of Information Technology & Politics, 5:3, pp269-283
Jaeger,P. (2009) ‘Where is the cloud? Geography, economics, environment, and jurisdiction in cloud computing,” First Monday, vol. 14
Kamal, A. (2005) ‘The Law of Cyber Space’ (UN) http://www.un.int/kamal/thelawofcyberspace/The%20Law%20of%20Cyber-Space.pdf (accessed March 2012)
Kohl U, (2007) ‘Jurisdiction and the Internet: A study of regulatory competence over online activity’ (Cambridge)
Nelson, M. (2009) ‘The Cloud, The Crowd and Public Policy’. Issues in Science and Technology.
NIST (2011) ‘Definition of Cloud Computing’ http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf (accessed March 2012)
Oracle (2009a) ‘Introduction to Cloud Computing architecture’ http://www.oracle.com/us/solutions/cloud/overview/index.html (accessed March 2012)
Oracle (2009b) ‘Building customer trust in cloud computing with transparent security’ http://www.oracle.com/us/solutions/cloud/overview/index.html (accessed March 2012)
Pirate Bay Blog ‘The Galaxies most resilient bit torrent site’ http://thepiratebay.se/blog/210 (accessed march 2012)
SAP White paper ‘Towards a European Strategy for the future internet’ http://cordis.europa.eu/fp7/ict/ssai/docs/sap-positionpaper-eu-softwarestrategy-0908.pdf (accessed May 2012)
Schmitt, C. (2003) ‘The Nomos of the Earth; In the international law of Jus Publicuum Europaeum’ (New York).
Strange, S (1998). ‘Retreat of the State: The diffusion of power in the world economy’ (Cambridge).
Trachtman, J. (2006) ‘Global Cyberterrorism, Jurisdiction and International Organization’ in Grady, M. ‘The Law and Economics of Cybersecurity’(Cambridge).
Vouk, M. (2008) ‘Cloud Computing – Issues, Research and Implementations’ Journal of Computing and Information Technology – 16:4, pp235–246
Wohl, A (2010a) ‘Cloud Computing’ in Simon, P. ‘The Next Waves of Technology: Opportunities from Chaos’ (New Jersey)
Wohl, A (2010b) ‘Software as a Service’ in Simon, P. ‘The Next Waves of Technology: Opportunities from Chaos’ (New Jersey)
—
Written by: Giverny Dannatt
Written at: University of Salford
Written for: Peter Bratsis
Date written: May 2012
Further Reading on E-International Relations
- International Law on Cyber Security in the Age of Digital Sovereignty
- How the Islamic State Weaponizes Imitation in Its Propaganda
- State Failure or State Formation? Neopatrimonialism and Its Limitations in Africa
- Is There a Right to Secession in International Law?
- Human Rights Law as a Control on the Exercise of Power in the UK
- Nuclear Non-Proliferation and Imperialist Dynamics in International Law