During the summer, the European Commission held an open public consultation on cloud computing issues. They use a user-friendly database-driven website to take in comments. The EC's Digital Agenda team plans to review and analyse the survey data, and work it into their strategy for European cloud computing, planned for release in early 2012.

At OASIS, we're often asked to provide opinions about government standards initiatives. Our full reply to the survey, submitted in August, is attached below. Our own conference on cloud computing, in the UK this October, will explore many of the same issues.

These structured surveys can be formalistic and stilted in places: not every question gets answered, and some of the topics are mundane or limited. Still, the survey posed some interesting questions about how cloud computing, e-government and open standards fit together. (As usual, we advise readers that we don't necessarily represent the many diverse views of our members, but only observations from OASIS professional staff.)

Summaries / excerpts from our comments:

What should governments do about cloud computing?
Government's most important role may be to lead by example. Governments often are large buyers of cloud services: These projects can, by open and well-designed procurement practices, provide best practice models, criteria and measurement methods for purchasers and users to follow, in order to obtain desired levels of service quality, reliability and interoperability.
Governments also, both as regulators and as key societal data collectors and sources, must model the use of stable open standards to support sound and safe practices, vendor-neutrality, and the broadest possible access by citizens and enterprises to the public good that is open data.

Is cross-border liability in cloud computing clear?
Not often. Usually there's a definitive answer to which law governs -- but to find it, you must navigate and analyze long, opaque terms and conditions that may not be obvious, conspicuous or easy to understand.
Also, the economics of cloud computing may not always adapt well to traditional legal resolutions. In contrast to high-value tangible commercial contracts, cloud computing services often are offered in small units, on an inexpensive or even free basis. Traditional, expensive litigation, license & contract enforcement methods may not be a good economic model for resolving large numbers of small-value disputes about data transactions.

What can be done about cross-border cloud liability issues?
As differences of cloud law and regulation among jurisdictions become more clear, user preferences may respond to them, creating a “market” for the more favorable legal frameworks. That's probably a good thing, and a natural evolution. Governments may wish to consider how to better cooperate, in applying laws to multinational entities who serve global customer bases from a given set of locations.

Do current laws get in the way of users of cloud computing?
In some cases, probably so. We noted that the requirements for enforceable e-signatures vary widely across nations & regions. In order to have global systems that create and support real economic transactions, there have to be methods for signature that broadly work across borders. Some national and regional laws today are too focused on one or another specific technology, or even may set requirements that no technology can meet..

Would model forms of service level agreements and user licenses for cloud computing services help?
Yes, but we're skeptical about mandated forms. Examples of clear terms that help set expectations of clarity would be helpful. But cloud service offerings are evolving, and the legal and price terms for them will need to evolve too. What governments usually best add to that market process is fair-trade and anti-fraud regulation, good dispute mechanisms that operate fairly across borders, and guidance on the degrees of clarity and privacy that are required in binding contracts generally.

Where is more development or research needed?
We mentioned a number of needs and tasks that are necessary in order to feed a growing global cloud-computing and open-data ecology, including:

• security models that take the special risks of cloud networks, and highly-distributed, loosely-coupled transactional systems, into account;
• data registries, directories and repositories;
• federated identity provisioning and management;
• automatable representations of policy and rule constrains on data access, so that a large share of data exchanges can self-negotiate;
• shared vocabulary, identifier, metadata and semantic tools, making clear shared communication possible across widely diverse systems;
• data transformation, modeling & mapping methods for greater interoperability and data portability; and
• conformance and interoperability tests and tools.