Are we heading towards a situation where Internet top-level domains will replace nations as jurisdiction? Will it in the future be more relevant to ask yourself whether you trust Google, Telia or Amazon as legal companies rather than Sweden, Germany or Syria as a nations?
Questions like these might be subject for discussion at the upcoming 2012 European Dialogue on Internet Governance (EuroDIG) in Stockholm 14-15 June, where the overall tagline for the conference is ‘Who sets the rules for the Internet?’.
We believe it is important to assure that legislations and regulations follows hand in hand with future internet technologies being developed in EU-funded projects like SAIL. It is important that the legislation address the way these technologies will be used.
Network of Information (NetInf) is a set of mechanisms from SAIL where named “information objects”, eg the latest episode of your favorite TV-show, are the central concept as opposed to a physical computer, or “node” as in today’s Internet.
Assume that NetInf (or similar technologies) gain attraction and start to replace the current internet backbone, does Internet regulation then have to change? That is one of the questions that we will bring to the table in the EuroDIG plenary dedicated to “Business innovation, future technologies and services: Opportunities and challenges for businesses, users and regulators”.
While NetInf is a future technology whose success is yet to be proved, storage of data in the cloud is already an everyday occurrence, not only by private persons (e.g. Gmail, Flickr, Facebook), but also by enterprises and municipalities. It is evident that current regulation often is blunt and not always well adopted for the cloud use-case. A couple of examples:
- If a Swedish municipality would like to use cloud services like Google Apps for storing e.g. records of their salary payments, they have to be 100% sure that the supplier of the cloud service, or any of its subcontractors, are handling the information in accordance with the Personal Data Act (“personuppgiftslagen”, PUL), else they are breaking the law (in Swedish, view the Google Translate version here). In this case the users regulation impose a barrier for the use of cloud services.
- There are also cases where it is the receiver’s regulation that imposes the barrier. The recent so called “manga case” drew a lot of attention. It could be seen as an example where what is legal in country A, in fact is illegal according to the legislation in country B. In such a case, how could you as user of a cloud service appearing as serving under country A, be sure that the cloud service provider do not use e.g. distributed cloud resources from country B for storing your content?
When cloud computing was at its infancy, and the cloud was limited to one big data center at one clear location, the above issues where perhaps not that tricky.
However, already today cloud providers want to optimize the quality of their services by deploying data centers as close to the actual users as possible, across a multitude of national borders, still though within the one and same internet domain for you as a user.
For you as a user of the service, it should be more relevant to ask ‘who is storing my data?’ rather than ‘in what country the data is being stored’. National borders tends, in my view, to get less and less relevant, while the importance of under what internet domain your service provider is running their business increases. Time for a fundamental change of perspective perhaps? Should national laws and regulations change to regulations based on domains and top domains on Internet instead? And in such a case, what would be the impact when commercial enterprises start to buy the new gTLDs (top level domains)?
In EU funded research projects we are developing techniques that will make above scenarios possible, and we are aware of possible regulatory impacts they might have. But we are not legislators. We therefore urge the discussion to take place in foras like EuroDIG – and we are happy to take part!
Disclosure and disclaimer: I am engaged in SAIL, an ICT project about the Future Internet, on behalf of Ericsson. However the opinions expressed in this post are my personal, and not those of the SAIL project or my employer.