Cloud Computing (STOA-ETAG)

Cloud Computing and Social Network Sites (SNS) are some of the most controversially discussed IT developments in recent years. Huge expectations exist for Cloud Computing, providing lower costs of computing while increasing employment. However, Cloud Computing as well as the use of SNS may come with a substantial risk of losing data privacy. The project conducted on Cloud Computing Services and Social Network Sites addressed the potential and impacts of these technologies. The project report showed that (1) adequate data security and privacy are critical but difficult to achieve, that (2) more consumer protection is needed and that (3) the market for Cloud Computing is not growing as fast as initially forecast, resulting in a lower than expected increase of employment and lower contribution to GDP growth.

Cloud computing and social network websites (SNS) are part of the same societal transformation prominently exemplifying a paradigm shift stating that “the network is the computer”1. While cloud computing includes a variety of technical concepts, SNS represent a broad scope of services and applications addressing mostly end-users. Interrelations are particularly given as regards privacy and security challenges. This is also a core part of this report as privacy is among the heavily debated concepts of our contemporary societies – highlighted in particular by SNS.

The report is structured in four main parts: The first part (Sections 1-3) gives a broad overview on the evolution of SNS describing the main stages in the development process, the major factors determining the current state-of-the-art including insights into user motivations. Section 3 presents the main driving factors determining the current SNS, their main characteristics as well as core functionality of SNS. Based on these elaborations the second part (Section 4) gives an overview on the spectrum of identified societal impacts, discusses the role of SNS as a form of a (digital) semi-public space, as well as their potential for political participation and knowledge production. Section 5 analyses in more depth the privacy implications of SNS including some technical aspects and privacy-by-design concepts. The final Section 6 summarizes the key findings and draws conclusions referring to possible options to address the challenges identified.

Based on a STOA study by the same title published in January 2014 (epub.oeaw.ac.at/?arp=0x0031bae5)

Cloud Computing and Social Network Sites (SNS) are among the most controversially discussed developments in recent years. The opportunities of using powerful computing resources on demand via the web are considered as a possible driver for the growth of the European economy. However, there are also critics arguing that economic, social and technical risks prevail or even dismiss the potentials of Cloud Computing and SNS. This project sheds light on these aspects and analysed more specifically, the latest technological and economic developments, driving factors and barriers in Europe, the main actors and their respective interests, the impacts on citizens, business and public administrations and, a broad range of technical, economic, cultural, legal, regulatory issues and their impacts. It showed that at the moment, there is a chance to achieve multiple Cloud Computing and SNS related goals simultaneously. There are no contradictions between assuring European citizens, secure, privacy aware, legally certain and fair use of Cloud Computing and SNS and in increasing the competitiveness of European ICT industries. Moreover it is possible to exploit the potential of Cloud Computing and SNS to the benefit of both the European economy and society at large. Based on this a set of options for European policy makers grouped into four themes with in total 16 options was derived.

Make security a commodity
1. Support the development of open and secure software and hardware and encryption methods.
2. Encourage the use of checklists and security certifications.
3. Assess the economic viability of large hardware security modules.
4. Initiate a dialogue on the structure and governance of the Future Internet.

Establish privacy as a location advantage
5. Proceed with the modernization of data protection.
6. Establish the principles of security and privacy by design.
7. Support the creation of a European Data Protection Board.
8. Ensure the extraterritorial application of European data protection law.

Build a trustworthy environment for digital business and living
9. Stipulate the setting of minimum requirements for contracts.
10. Support the standardization of Acceptable Use Policies and Service Level Agreements.
11. Eliminate jurisdictional uncertainty.
12. Support the development of Cloud specific certifications.

Create an inspiring ecosystem for ICT industries
13. Encourage the creation of European market players.
14. Support standardization and interoperability.
15. Empower people across all strata of society.
16. Reconsider current broadband strategies

Cloud Computing and Social Network Sites (SNS) are among the most controversially discussed developments in recent years. They are both part of the same societal transformation referring to a paradigm shift stating that “the network is the computer”. The opportunities of using powerful computing resources on demand via the web are considered as a possible driver for the growth of the European economy. Especially cost savings as well as increased productivity and mobility are seen as key elements by many experts. However, there are also critics arguing that economic, social and technical risks prevail or even dismiss the potentials of Cloud Computing and SNS. This project sheds light on these aspects and analyses the potentials and impacts of these developments. This includes a review of the technological and economic developments Cloud Computing is based on, an identification of driving factors and barriers for Cloud Computing in Europe as well as of main actors and their interests; and an analysis of impacts on citizens, business (including the IT industry itself) and public administration including a broad range of technical, economic, cultural, legal, regulatory issues and the impacts on society and economy as a whole. Cloud Computing not least includes a variety of technical concepts that alter computing infrastructures. SNS represent a prominent phenomenon grounding on Cloud Computing with a wide array of services and applications mainly focussed on end-users. Particular interrelations are given in terms of privacy and security challenges which are main issues addressed by the analysis of SNS related impacts.

-> Nowadays, social network sites (SNS) such as Facebook or Twitter are ubiquitous. They increasingly develop into platforms combining many services.
-> SNS endanger privacy to a large extent as the relationships, contents and interactions displayed there can be matched to individuals.
-> The right of informational self-determination – that is the right to decide oneself about the disclosure and usage of one’s personal data – can hardly be exercised in a world characterised by SNS. In addition, this is aggravated by providers’ terms of use and business models, which favour large-scale linking-up.
-> Not least the recently discovered surveillance scandals underline the pressing need to design SNS in a privacy-enhancing manner. Privacy-by-design is essential when it comes to re-establishing the trust of the users.

-> Soziale Netzwerkseiten (SNS) wie z.B. Facebook oder Twitter sind heute allgegenwärtig. Sie entwickeln sich zunehmend zu Plattformen, die viele Dienste miteinander verknüpfen.
-> SNS berühren in hohem Maße die Privatsphäre, da die darin abgebildeten Beziehungen, Inhalte und Interaktionen Individuen zugeordnet werden können.
-> Das Recht auf informationelle Selbstbestimmung – also das Recht, selbst über die Preisgabe und Verwendung seiner personenbezogenen Daten zu bestimmen – ist in einer durch SNS geprägten Welt schwer durchsetzbar. Zusätzlich erschweren das die auf breite Vernetzung ausgelegten Nutzungsbedingungen und Geschäftsmodelle der Anbieter.
-> Dies, sowie die jüngst bekannt gewordenen Überwachungsskandale, machen den dringenden Bedarf nach einer die Privatsphäre fördernden Gestaltung von SNS („Privacy-by-Design“) deutlich. Privacy-by-Design ist entscheidend, um das Vertrauen der NutzerInnen wiederherzustellen.

This document represents the report for Phase 5 of the STOA project “Potential and Impacts of Cloud Computing and Social Network Sites”, presenting the key findings of this phase. Cloud computing and social network sites (SNS) are part of the same societal transformation prominently exemplifying a paradigm shift stating that “the network is the computer”1. While cloud computing includes a variety of technical concepts, SNS represent a broad scope of services and applications addressing mostly end-users. Interrelations are particularly given as regards privacy and security challenges. This is also a core part of this report as privacy is among the heavily debated concepts of our contemporary societies – highlighted in particular by SNS.
The report is structured in four main parts: The first part (Sections 1-3) gives a broad overview on the evolution of SNS describing the main stages in the development process, the major factors determining the current state-of-the-art including insights into user motivations. Section 3 presents the main driving factors determining the current SNS, their main characteristics as well as core functionality of SNS. Based on these elaborations the second part (Section 4) gives an overview on the spectrum of identified societal impacts, discusses the role of SNS as a form of a (digital) semi-public space, as well as their potential for political participation and knowledge production. Section 5 analyses in more depth the privacy implications of SNS including some technical aspects and privacy-by- design concepts. The final Section 6 summarizes the key findings and draws conclusions referring to possible options to address the challenges identified.

This report focuses on the impacts of Cloud Computing and the resulting challenges. It is based on an evaluation of the available scientific and industry literature, as well as on expert interviews. It should be mentioned that statements regarding Cloud Computing in reports and media on this are often contradictory. One reason for this is that various definitions are used. Some authors apply “cloud washing” and rename traditional outsourcing or web services. Based on the previous deliverable we focus on common used definitions such as the one from NIST. A second issue is that statements often are based on experts estimation due to lack of reliable time series of data. This explains the great bandwidth of results, which have to be taken with care.

The take-up of Cloud Computing is one of the most controversial developments within the Information and Communication Technologies (ICT) in the last years. While its proponents argue with cost, security and technological advances that will result in more innovation and growth, its opponents argue the opposite way. Therefore the aim of this report is to lay the foundations for the overall project examing the challenges, impacts and benefits of Cloud Computing. This includes:
...to analyse the basic concepts (incl. definitions, characteristics etc.) as well as the evolution of the concept (incl. predecessors and related concepts) and the underlying technologies; to review the market situation (incl. on overview of offered services and existing providers) and to analyse the adoption and usage patterns of Cloud Computing;
...to identify driving factors and barriers based on existing literature as well as an initial assessment of indentified factors.

This document is the result of the consultation phase of the STOA-project “Potential and Impacts of Cloud Computing Services and Social Network Sites”. It addresses in the first place cloud computing and furthermore social network sites. While Cloud computing (CC) has broad implications for all areas of society and business applications are perhaps crucial for its sustained breakthrough, social network sites (SNS) have their main impact on relationships between private citizens or private citizens and businesses. Beside the impact on the IT industry itself, the development of both is also seen as pivotal for the overall competitiveness of the European economy and society. However, both also pose a number of challenges for enterprises as well as for private citizens. There could be increasing virtualisation of the processing of personal and other sensitive data that is transmitted and stored by commercial providers on servers situated in a location unknown to the costumer. Given these challenges, it is not clear whether both and in particular cloud computing will meet its potential and the high expectations connected to it. Therefore the goal of the project is to analyse this blurry situation and to assess potentials as well as positive and negative impacts for citizens, business and public authorities from a European perspective.

This interim report summarises the results of the first project phase, which lasted from April 15th to June 15th 2012. The main objective of this first project phase was the development of a detailed plan for the next four phases of the project. A preparatory meeting, held in May 2012, and several telephone conferences during the consultation phase with the project partners were very instrumental in discussing and prioritising research themes and issues.

The report itself consists of two parts. The main part presents an introductory overview of the debates on Cloud Computing Services and Social Network Sites and their potentials and impacts for the European society as a whole. Against this background, the main research perspectives of the project are discussed in detail. Finally, the project’s research questions are presented. The annex describes the project plan, gives an overview of the project schedule and the deliverables.

An important element of the whole project is the involvement of those MEPs who are particularly interested in the issue of Cloud Computing and Social Network Sites. We are convinced that taking the perspective of these representatives into account will help to generate recommendations that are considered useful by European decision-makers and practitioners.