Event Information

The U.S. government spends billions of dollars each year on computer hardware, software and file servers that may no longer be necessary. Currently, the public sector makes relatively little use of cloud computing, even though studies suggest substantial government savings from a migration to more Internet-based computing with shared resources.

On July 21, the Center for Technology Innovation at Brookings hosted a policy forum on steps to enhance public sector adoption of cloud computing innovations. Brookings Vice President Darrell West moderated a panel of experts, including David McClure of the General Services Administration, Dawn Leaf of the National Institute for Standards and Technology, and Katie Ratte of the Federal Trade Commission. West released a paper detailing the policy changes required to improve the efficiency and effectiveness of federal computing.

Audio

• Moving to the Cloud: How the Public Sector Can Leverage the Power of Cloud Computing

Transcript

• Uncorrected Transcript (.pdf)
• Download Dawn Leaf's PowerPoint Presentation (.pdf)
• Download David McClure's PowerPoint Presentation (.pdf)

Event Materials

• 20100721_cloud_computing
• 0721_cloud_computing_leaf
• 0721_cloud_computing_mcclure

EXECUTIVE SUMMARY

Many web services are examples of cloud computing, from storage and backup sites such as Flickr and Dropbox to online business productivity services such as Google Docs and Salesforce.com. Cloud computing offers a potentially attractive solution to customers keen to acquire computing infrastructure without large up-front investment, particularly in cases where their demand may be variable and unpredictable, as a means of achieving financial savings, productivity improvements and the wider flexibility that accompanies Internet-hosting of data and applications.

The greater flexibility of a cloud computing service as compared with a traditional outsourcing contract may be offset by reduced certainty for the customer in terms of the location of data placed into the cloud and the legal foundations of any contract with the provider. There may be unforeseen costs and risks hidden in the terms and conditions of such services.

This document reports on a detailed survey and analysis of the terms and conditions offered by cloud computing providers.

The survey formed part of the Cloud Legal Project at the Centre for Commercial Law Studies (CCLS), within the School of Law at Queen Mary, University of London, UK. Funded by a donation from Microsoft, but academically independent, the project is examining a wide range of legal and regulatory issues arising from cloud computing. The project's survey of 31 cloud computing contracts from 27 different providers, based on their standard terms of service as offered to customers in the E.U. and U.K., found that many include clauses that could have a significant impact, often negative, on the rights and interests of customers. The ease and convenience with which cloud computing arrangements can be set up may lull customers into overlooking the significant issues that can arise when key data and processes are entrusted to cloud service providers. The main lesson to be drawn from the Cloud Legal Project’s survey is that customers should review the terms and conditions of a cloud service carefully before signing up to it.

The survey found that some contracts, for instance, have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use (potentially important if they are used for occasional backup or disaster recovery purposes), for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all. Furthermore, whilst some providers promise only to hand over customer data if served with a court order, others state that they will do so on much wider grounds, including it simply being in their own business interests to disclose the data. Cloud providers also often exclude liability for loss of data, or strictly limit the damages that can be claimed against them – damages that might otherwise be substantial if a failure brought down an e-commerce web site.

Although in some U.S. states, in E.U. countries and in various other jurisdictions the validity of such terms may be challenged under consumer protection laws, users of cloud services may face practical obstacles to bringing a claim for data loss or privacy breach against a provider that seems local online but is, in fact, based in another continent. Indeed, service providers usually claim that their contracts are subject to the laws of the place where they have their main place of business. In many cases this is a US state, with a stipulation that any dispute must be heard in the provider’s local courts, regardless of the customer’s location.

Perhaps the most disconcerting discovery of the Cloud Legal Project’s survey was that many providers claimed to be able to amend their contracts unilaterally, simply by posting an updated version on the web. In effect, customers are put on notice to download lengthy and complex contracts, on a regular basis, and to compare them against their own copies of earlier versions to look for changes.

The cloud computing market is still developing rapidly, and potential cloud customers should be aware that there may be a mismatch between their expectations and the reality of cloud providers' service terms, and be alive to the possibility of unexpected changes to the terms.

Downloads

• Download the Full Paper

Listen to the chatter from top officials, and you’d think that World War III was about to break out on the Internet. The defense secretary is warning about a digital “Pearl Harbor.” Former director of national intelligence Mike McConnell declares that the United States is “fighting a cyber war, and we’re losing.” Every new hack brings more pronouncements of network doom.

The scare talk, however, is misplaced. Yes, we’re facing enormous cybersecurity problems — just look at the high-profile penetrations of such companies as Sony and Lockheed or the millions of Americans whose personal information has been stolen online.

But these aren’t signs of some impending cataclysmic showdown as I explain in my new cybersecurity paper for The Brookings Institution. They’re markers of a rising tide of online crime that, in its own way, could be more dangerous than a cyberwar. According to the British government, online thieves, scammers and industrial spies cost U.K. businesses an estimated $43.5 billion in the past year alone. Crooks-for-hire will infect a thousand computers for $7 — that’s how simple it’s become. Sixty thousand new malicious software variants are detected every day. Forget “Pearl Harbor”; if we’re not careful, the Internet could be in danger of looking like the South Bronx circa 1989 – a place where crooks hold such sway that honest people find it hard to live or work there.

Could there be some online conflict in the future? Maybe. But crooks are draining billions from the legitimate global economy right now. Even the Pentagon’s specialists are worried, noting in their new cybersecurity strategy that “the tools and techniques developed by cyber criminals are increasing in sophistication at an incredible rate.”

Those tools also are becoming easier to use. The latest crimeware makes stealing passwords about as simple as setting up Web pages. One gang, recently arrested, used it to drain $9.5 million in just three months.

Read the full article at washingtonpost.com >>

The appointment of new federal chief information officer Steven VanRoekel comes at a challenging time for President Barack Obama. The national economy continues to be weak. Congress plans to cut trillions from the federal budget. And in the time leading up to the 2012 election, American voters remain cynical about the ability of the government to address important policy problems in an effective manner.

In an era of deficit reduction and public cynicism, the tasks facing federal officials are to determine how to do more with less and persuade voters the government can become smarter and more effective. There are going to be fewer dollars for virtually every federal program so it is important to figure how ways to innovate and perform more efficiently.

Former CIO Vivek Kundra sought to do this through encouraging agencies to move software applications to the cloud, consolidating federal data centers, improving transparency, and improving the information technology procurement process. It is important to continue this progress even as agencies are forced to downsize their operations.

As shown in the private sector, government administrators should use technology to cut costs, improve worker productivity, and streamline operations. This is not just a matter of using technology in more innovative ways, but changing the operations and culture of the public sector. Public officials must improve its data mining activities to identify fraud and abuse in Medicare, Medicaid, the Defense Department, and other domestic programs.

New software gives managers better tools to evaluate how money is being spent and whether it is fulfilling intended goals. If it is not, programs need to be modified or eliminated. The most important weapon in Mr. VanRoekel’s arsenal may be the scalpel as he goes through the federal government’s $80 billion IT budget.

Event Information

In his new book The Mobile Wave: How Mobile Intelligence Will Change Everything (Vanguard Press, 2012), CEO of MicroStrategy Michael Saylor examines the transformative possibilities of mobile computing on business, society, economies and everyday life. Saylor argues that mobile technologies such as smartphones and tablet computers – “the fifth wave of computer technology” – will be indispensible tools for modern life and completely alter how we live.

On October 5, the Center for Technology Innovation at Brookings hosted a forum on mobile computing and its monumental impact on our future. Moderated by Vice President Darrell West, Michael Saylor discussed key highlights from his book and offered insights as to what sort of change we can expect from the macro level down to the most mundane of everyday humans tasks.

Audio

• Riding the Mobile Wave: The Future of Mobile Computing

Transcript

• Transcript (.pdf)

Event Materials

• 20121005_mobile_wave

“Missed connections” is the personals ads category for people whose encounters are too fleeting to form any union – a lost-and-found for relationships.  I gave that title to my paper on the conversation between the United States and for Europe on data, privacy, and surveillance because I thought it provides an apt metaphor for the hopes and frustrations on both sides of that conversation.

The United States and Europe are linked by common values and overlapping heritage, an enduring security alliance, and the world’s largest trading relationship.  Europe has become the largest crossroad of the Internet and the transatlantic backbone is the global Internet’s highest capacity route.

[I]

But differences in approaches to the regulation of the privacy of personal information threaten to disrupt the vast flow of information between Europe and the U.S.  These differences have been exacerbated by the Edward Snowden disclosures, especially stories about the PRISM program and eavesdropping on Chancellor Angela Merkel’s cell phone.  The reaction has been profound enough to give momentum to calls for suspension of the “Safe Harbor” agreement that facilitates transfers of data between the U.S. Europe; and Chancellor Merkel, the European Parliament, and other EU leaders who have called for some form of European Internet that would keep data on European citizens inside EU borders.  So it can seem like the U.S. and EU are gazing at each other from trains headed in opposite directions.

My paper went to press before last week’s European Court of Justice ruling that Google must block search results showing that a Spanish citizen had property attached for debt several years ago.  What is most startling about the decision is this information was accurate and had been published in a Spanish newspaper by government mandate but – for these reasons – the newspaper was not obligated to remove the information from its website; nevertheless, Google could be required to remove links to that website from search results in Spain. That is quite different from the way the right to privacy has been applied in America.  The decision’s discussion of search as “profiling” bears out what the paper says about European attitudes toward Google and U.S. Internet companies.  So the decision heightens the differences between the U.S. and Europe.

Nonetheless, it does not have to be so desperate.  In my paper, I look at the issues that have divided the United States and Europe when it comes to data and the things they have in common, the issues currently in play, and some ways the United States can help to steer the conversation in the right direction.

[I] "Europe Emerges as Global Internet Hub," Telegeography, September 18, 2013.

The United States exports digital goods worth hundreds of billions of dollars across the Atlantic each year.  And both Silicon Valley and Hollywood do big business with Europe every year.  Differences in approaches to privacy have always made this relationship unsteady but the Snowden disclosures greatly complicated the prospects of a Transatlantic Trade and Investment Partnership.  In this paper Cameron Kerry examines that politics of transatlantic trade and the critical role that U.S. privacy policy plays in these conversations.

Kerry relies on his experience as the U.S.’s chief international negotiator for privacy and data regulation to provide an overview of key proposals related to privacy and data in Europe.  He addresses the possible development of a European Internet and the current regulatory regime known as Safe Harbor. Kerry argues that America and Europe have different approaches to protecting privacy both which have strengths and weaknesses.

To promote transatlantic trade the United states should:

• Not be defensive about its protection of privacy
• Provide clear information to the worldwide community about American law enforcement surveillance
• Strengthen its own privacy protection
• Focus on the importance of trade to the American and European economies

Downloads

• Download the paper

Cloud computing is becoming omnipresent in the private sector as companies latch on to this innovation as a way to manage scalability, improve flexibility, and reduce cost. Analysts at IDC predict that, over the next six years, nearly 90 percent of new spending on Internet and communications technology will be on cloud-based platforms. Apple, Google, Amazon, Microsoft, and hundreds of smaller companies are positioning themselves to dominate the estimated $5 trillion worldwide market. While few companies will provide numbers, it is estimated that Amazon and Google may run as many as 10 million servers while Microsoft runs close to one million. In short, it is an innovation that makes a mockery out of Moore’s law.

But, like all innovations, cloud computing has potential pitfalls. Public sector organizations in particular have had difficulty taking advantage of new technologies. The Heritage Foundation keeps a list over 50 examples of government ineptitude including $34 billion in fraudulent Homeland Security contracts, National Institutes of Health renting a lab that it neither needs nor can use for $1.3 million per month, and the Department of Agriculture wasting $2.5 billion in stimulus money on broadband internet. Technological ineptitude received special attention with the failed launch of the Healthcare.gov, the release of classified data from Edward Snowden, and the costly FBI virtual case file debacle.

Cloud computing is far more than just a simple technology change and requires a close examination of governance, sourcing, and security. We sought to understand how well state government is prepared to address the challenges of cloud computing.

The Approach

We have gathered and started to do a content analysis of the IT strategic plans for each state. For each plan, we performed a content analysis, which is looking for certain phrases or text within the IT strategic plan in order to have a structured way to understand the data. Details for our approach can be seen in our previous blog post.

How States Are Implementing the Cloud

We were not surprised to see a number of states preparing to study or embark on cloud computing.

While some states don’t mention it (e.g. Alabama), most states are eagerly exploring it. For example, North Dakota’s plan talks about cloud computing as an integral part of the future and seven of its thirteen major IT initiatives are centered on preparation for transitioning to the cloud “where and when it makes sense”.

Vermont puts itself squarely in the studying period. The plan describes that, “While the risks of enterprise-wide and cloud-based IT must be carefully managed, trends continue to just larger-scale operations.” Wisconsin also clearly lays out its view on cloud computing, writing that, “Flexibility and responsiveness (also) guide Wisconsin’s approach toward adoption of cloud services” and suggests that its version of a private cloud “…offers advanced security and service availability tailored for business needs.” West Virginia provides an equally balanced approach by requiring that only services with an acceptably low risk and cost-effective footprint will be moved to the cloud.

In short, all of the states that are considering cloud computing are taking a thoughtful and balanced approach.

The Good

One of the most critical aspects of cloud computing is security and, without question, states understand the importance of good security. A good example of this is Colorado who designates security as one of its four “wildly important goals” and sets the target of “10 percent reduction in information security risk for Colorado agencies by close of FY15”.

South Carolina echoed the same theme by asserting that security and confidentiality are “overriding priorities at every stage of development and deployment.” Connecticut’s plans explain the need to “continuously improve the security and safeguards over agency data and information technology assets”.

The Bad

Despite the interest in cloud computing, we were only able to find a single state (Georgia) that explicitly links governance to security and, to us, by extension to cloud computing. In Georgia’s plan, they start with the idea that “strong security programs start with strong governance” and then explicitly describe necessary changes in governance to improve security.

We were, however, impressed with the seriousness that New York, North Carolina and Massachusetts took governance but it was difficult to find many other states that did.

The Ugly

Unfortunately the results on sourcing were dismal. While a few states (e.g. Kansas, Ohio, and Massachusetts) specifically discuss partnerships, most states seemed to ignore the sourcing aspect of cloud computing. The most ominous note comes from Alabama where they make a statement that innovation in the state is being stifled by a lack of strong personnel.

While we have great enthusiasm for government to address cloud computing, some of the non-technical issues are lagging in the discussion. Good government requires that these items be addressed in order to realize the promise of cloud computing.

Introduction: Despite the launch of indirect, “proximity” talks between Palestinians and Israelis, Palestinian President Mahmoud Abbas continues to resist a resumption of direct negotiations with Israel absent a full settlement freeze. As chairman of the Palestine Liberation Organization (PLO) and president of the Palestinian Authority (PA), Abbas also insists that any new negotiations pick up where previous talks left off in December 2008 and that the parties spell out ahead of time a clear “endgame,” including a timetable for concluding negotiations. While these may seem like unreasonable preconditions, Palestinian reluctance to dive headfirst into yet another round of negotiations is rooted in some genuine, hard-learned lessons drawn from nearly two decades of repeated failures both at the negotiating table and on the ground.

Not only have negotiations failed to bring Palestinians closer to their national aspirations but the peace process itself has presided over (and in some ways facilitated) a deepening of Israel’s occupation and an unprecedented schism within the Palestinian polity. Such failures have cost the Palestinian leadership dearly in terms of both its domestic legitimacy and its international credibility. While it remains committed to a negotiated settlement with Israel based on a two-state solution, the PLO/PA leadership has been forced to rethink previous approaches to the peace process and to negotiations, as much for its own survival as out of a desire for peace.

Haunted by past failures, Palestinian negotiators are now guided, to varying degrees, by six overlapping and sometimes conflicting lessons:

1. Realities on the ground must move in parallel with negotiations at the table.

2. Don’t engage in negotiations for their own sake.

3. Agreements are meaningless without implementation.

4. Incrementalism does not work.

5. Avoid being blamed at all costs.

6. Don’t go it alone.

Downloads

• Download Full Paper - English

Last winter, Salafi parties in Egypt proved themselves a formidable political force, winning a quarter of the vote in the country’s first elections in the post-Mubarak era. For many in Washington, the unexpected strength of Egypt’s conservative religious groups raised unsettling questions about the future of U.S.-Egyptian relations and America’s security interests in the region.

Will the political success of Salafis turn Egypt into an anti-American power and strengthen jihadist groups like al-Qa’ida that are bent on using violence against the United States and its allies?

In the Saban Center Middle East Memo, William McCants, a Middle East specialist at CNA and adjunct faculty at Johns Hopkins University, examines the implications of the Salafis’ turn to, and success in, electoral politics. McCants argues that while political participation may not moderate Salafis’ positions on social issues, it will likely erode the strength of their most extreme and violent affiliates. For this reason, America’s interests may be best served when Salafis play a role in post-revolution politics.

Downloads

• The Lesser of Two Evils: The Salafi Turn to Party Politics in Egypt