The aptly-named Hugh Macleod, maker of the Gaping Void cartoons, makes a rather chilling point about clouds:
…nobody seems to be talking about Power Laws. Nobody’s saying that one day a single company may possibly emerge to dominate The Cloud, the way Google came to dominate Search, the way Microsoft came to dominate Software.
“Monopoly issues aside, could you imagine such a company? We wouldn’t be talking about a multi-billion dollar business like today’s Microsoft or Google. We’re talking about something that could feasibly dwarf them. We’re potentially talking about a multi-trillion dollar company. Possibly the largest company to have ever existed.
This underscores the importance of the Franklin Street Statement:
Service providers are encouraged to…
- Make data and works of authorship available to their service’s users under legal terms and in formats that enable the users to move and use their data outside of the service.
Without the power to grab our data and walk away, we are at the mercy of our providers. And unless we have that power, they have little incentive to be merciful.
August 1st, 2008 at 5:40 pm
The Franklin Street statement is good as far as it goes. Certainly, it would be foolish to use a service which doesn’t allow you to recover your data. If you’re using it for some business-critical role, you should always have a copy of critical data. Even if your provider is perfectly happy to let you have a complete copy of your data, it doesn’t help if they accidentally destroy it before you get the chance…
But the big issue is the underlying legal environment. My understanding is that if you use someone to host your app, then they can be subpoenaed to produce *your* data, and you won’t necessarily know about it. Common-carrier status applies to telcos, and safe-harbor applies to ISPs, but does an ASP count as an ISP or telco? Or something else?
And how does a client of an ASP implement a data-retention policy? If the company only needs to keep a small amount of directly usable sensitive data available to the app (for security or liability reasons), but the infrastructure ends up retaining that data for much longer, what then? It’s still a potential target for hackers or legal action.
It seems like a big risk for a company to give up that much autonomy. ASPs must have legal protection so that any legal action against one of their customers must go to their customer. In exchange for that protection, they need to meet various standards which basically come down to letting customers have full control over their data.
August 4th, 2008 at 2:16 pm
[…] while I agree with Tim that this is an important post, and with the 451 Group’s Rachel Chalmers that it’s potentially chilling, and I respect Hugh quite a bit, I can’t agree. […]