icloud

Catching the Cloud

When it comes to contracting for a computer service, there is little choice but hoping for the best. Small or mid-size companies, especially those located outside the United States, are betting they’ll never have to go to court – usually one located 11,000km and thousands of dollars in legal fees away. Let’s face it: contracting with a large American company is a jump into the unknown. Agreements are written in an obscure form of English, often presented in PDF format, transparently implying modifications are out of question. Should you consider litigating, be prepared to make your case before a judge located on the West Coast of the United States. The not-so-subliminal reading of such contracts: ‘Sue me…’, with a grin.

The Cloud’s rise to prominence makes things worse. A growing number of companies and individuals handle their data to a remote infrastructure offering little hope of any legal leverage. The Cloud is the ultimate form of the outsourcing cascade. A US-based company rents capacity wherever electric power is cheap, connections reliable, and climate friendly to server farms cooling towers. As world connectivity expands, so do eligible regions. (While doing research for this column, I found Greenland was for served by a 960 Gbps (Gigabit per second) undersea cable linked to Iceland. In turn, the volcano island is linked to the rest of the world via a the huge 5 Tbps “Danice” cable). Datacenters are sprinkled over a number of countries and workload moves from one server farm to another as capacity management dictates. At this point, no company knows for sure where its data reside. This raises further legal hurdles as Cloud operators might be tempted to deploy datacenters in less stable but cheaper countries with even looser contractual protections.

European lawyers are beginning to look at better ways to protect their clients’ interests. A couple of weeks ago, I discussed the legal implications of Cloud Computing with Guillaume Seligmann, the lead tech attorney at the law firm Cotty Vivant Marchisio & Lauzeral. (He is also an associate professor at l’Ecole Centrale a prominent French engineering school). ‘When it comes to Cloud Computing, the relationship between the service provider and the customer is by nature asymmetrical’, he says. ‘The former has thousands if not millions of customers and limited liability; in case of litigation, it will have entire control over elements of proof. As for the customer, he bears the risk of having his service interrupted, his data lost or corrupted — when not retained by the supplier, or accessed by third parties and government agencies)’.
In theory, the contract is the first line of defense. ‘It is, except there is usually little room for negotiation on contracts engineered by expert American attorneys, based on US legislation and destined to be handled by US judges. Our conclusion is that solely relying on contracts is largely insufficient because it may not offer efficient means of sanctioning breaches in the agreement’.

The CVML partner then laid out six critical elements to be implemented in European legislation. These would legally supersede US contractual terms and, as a result, better protect European customers.

1 / Transparency. Guillaume Seligmann suggests a set of standard indicators pertaining to service availability, backup arrangements and pricing – like in the banking industry for instance. In Europe, a bank must provide a borrower with the full extent of his commitments when underwriting a loan. (Some economists say this disposition played a significant role at containing the credit bubble that devastated the US economy).

2 / Incident notifications. Today, unless he is directly affected, the customer learns about outages from specialized medias, rarely though a detailed notification from the service provider. Again, says Seligmann, the Cloud operator should have the obligation to report in greater details all incidents as well as steps taken to contain damage. This would allow the customer to take all measures required to protect his business operations.

3 / Data restitution. On this crucial matter, most contracts remain vague. In many instances, the customer wanting to terminate his contract and to get back his precious data, will get a large dump of raw data, sometimes in the provider’s proprietary format. ‘That’s unacceptable’, says the attorney. ‘The customer should have the absolute guarantee that, at any moment of his choosing, he we have the right to get the latest backed-up version of his data, presented in a standard format immediately useable by another provider. By no means can data be held hostage in the event of a lawsuit’.

4 / Control and certification. Foreign-headquartered companies, themselves renting facilities in other countries, create a chain fraught with serious hazards. The only way to mitigate risks is to give customers the ability to monitor at all times the facility hosting their data. Probably not the easiest to implement for confidentiality and security reasons. At least, says Guillaume Seligmann, any Cloud provider should be certified by a third party entity in the same way many industries (energy, transportation, banking) get certifications and ratings from specialized agencies – think about how critical such provisions are for airlines or nuclear power plants.

5 / Governing laws. The idea is to avoid the usual clause: “For any dispute, the parties consent to personal jurisdiction in, and the exclusive venue of, the courts of Santa Clara County, California”. To many European companies, this sounds like preemptive surrender. According to Seligmann’s proposal, the end-user should have the option to take his case before his own national court and the local judge should have the power to order really effective remedies. This is the only way to make the prospect of litigation a realistic one.

6 / Enforceability. The credibility of the points stated above depends on their ability to supersede and to render ineffective conflicting contractual terms imposed by the service provider. In that respect, the European Union is well armed to impose such constraints, as it already did on personal data protection. In the US, imposing the same rules might be a different story.

The overall issue of regulating the cloud is far from anecdotal. Within a few years, we can bet the bulk of our hard drives – individual as well as collective ones – will be in other people’s large hands: Amazon S3 storage service now stores 339 billion objects – twice last year’s volume.
We’ll gain in terms of convenience and efficiency. We should also gain in security.

—  frederic.filloux@mondaynote.com

iCloud: How vs. What

Once a year in San Francisco, Apple summons its third-party application engineers to the World Wide Developers Conference. Since Steve Jobs’ return to the company the event has grown in attendance and importance. One turning point was the 2002 introduction of OS X, a genuinely modern Mac OS, built on a Unix foundation. Then there was the 2008 WWDC featuring iPhone native apps and the epoch-making iOS App Store. (Yes, “epoch-making” sounds a bit grand, but it really was the birth of a new era.)

This year’s program was more loaded than usual, offering three main topics: A major OS X release, dubbed Lion, slated for this Summer; a new version of the iPhone/iPad/iPod Touch for the fall (iOS5); and iCloud.

The two-hour keynote is worth your while. Always entertaining, Steve and his co-presenters convey the massive effort that went into moving Apple’s engineering armies on these three fronts — with a mere 2% of revenue in R&D expenses.

But let’s focus on iCloud.

Apple has often been involved in feature-list schoolyard squabbles of the Mine-Is-Longer-Than-Yours type. Two years ago, Steve Ballmer, our favorite rhetorician, scoffed that the MacBook is an Intel laptop with an Apple logo slapped on the lid. He might as well have noted that all cars have wheels — round and black, mostly — and then gone on to sneer at brands commanding higher prices than your basic Chevrolet. (I’ve owned half a dozen of the latter.) In the world of cars, the value of the How is well understood: All cubic inches aren’t born equal.

For computers, we’re getting there. The PC market is in the doldrums: Shipments are stagnant, Apple claims a 1% drop in Q2 2011 vs Q2 2010 while, during the same time period, Mac shipments grew 28%. It can’t be the Intel processors, it is How they are driven.

Unsurprisingly, Apple’s iCloud announcement has been met with the same type of misunderstanding: ‘OK, after all these years, Apple finally makes the plunge into the Cloud. The Cloud is the Cloud. Or, rather, Google is the Cloud. What’s the BFD?’

A strong dose of skepticism is warranted. Even Steve calls MobileMe, his company’s previous effort, ‘Not our finest hour’. Both What and How fell frustratingly short of the standards of polish, simplicity and agility Apple is known and financially rewarded for. MobileMe’s 2008 vintage was plonk. This led to apologies, subscription extensions, and management changes. Improvements followed, including the well-regarded Find My iPhone service.

But both What and How remained deficient.

The feature list barely differentiated MobileMe from other services. Mail, Calendar, Address Book, Photo Galleries, Web Hosting, File Storage are offered elsewhere on the Web by a long list of companies: Google, Yahoo!, Microsoft, DropBox, Flickr… Google, followed by Microsoft and others, also offer Web Apps, Google Docs being the best known example, an “Office Suite” in the Cloud, accessible anywhere, from any computer with a Net connection and a decent browser. This led many, yours truly included, to wonder: Does Dear Leader “grok the Cloud”? Does Apple have it in its DNA to do be a serious participant in the Cloud Computing revolution.

MobileMe’s reliability remained subpar, often showing evidence of “silos”, of poorly interconnected modules, a Cloud Computing cardinal sin, as recounted in the What I Want for my Mac Monday Note.

Against this tattered backdrop, iCloud walks on stage. The most striking difference with MobileMe and other Web-based offerings already mentioned, is the shift away from the browser. I’ll use a word-processor document to illustrate. In both cases we’ll assume you’ve already stated your credentials, login and password for Google, Apple ID, and password for iCloud. With Google Docs, you fire up your browser, enter the URL for your service, compose or edit a document, file it in a folder in Google’s Cloud, and it’s ready for you from any computer anywhere.

With iCloud, you fire up your word processor, Pages for the time being, and compose. No saving, no URL for a Web service. You get up and leave. In the queue at the airport you remember something, you fire up Pages on your iPhone and add the brilliant idea that just came to you. But how do you access the Pages document from your Mac at the office? You don’t have to “access” it, it’s already there on your iPhone, your iPad or, sitting at the gate after security, on your MacBook. Your document was automagically saved and pushed to your device. No hands, the system does it for you — and propagates the edits you just made.

(This is why, the week before the WWDC, Apple published “universal” — meaning iPhone + iPad + iPod Touch — versions of Pages, Numbers, and Keynote. I’m not sure I would want to write this Monday Note on an iPhone but, in a pinch, I can fix a mistake using the small device.)

This is the BFD, this is the How. Such behavior is available or will be extended to all applications and content.

The Google model sees everything through a browser. Apple’s iCloud model uses local apps transparently interconnected through the Cloud. Browsers Everywhere vs. Apps Everywhere.

Another important feature is the demotion of the PC as the media hub or, if you prefer, the untethering of our iDevices from the personal computer. From now on, content and apps are purchased, downloaded, updated wirelessly, PC-Free. And seamlessly propagated to all devices with the same Apple ID.

The demos look good, the iCloud technical sessions at the WWDC went well. But the full-scale implementation remains to be field-tested. For the document editing example, Apple used an iPad to iPhone and back example, and merely mentioned the Mac as a participant later in the presentation. Annoying details such as iWork file format incompatibilities between Macs and iDevices need closer inspection as they might make reality a little less pristine than the theory.

For developers, the new APIs just released will enable more applications to offer the seamless multi-device updates just demonstrated.

If iCloud works as represented, it will be very competitive — and the price is right: free for the first 5Gb of documents. (Content such as music or video and apps don’t count in those 5Gb.)

The “free” iCloud reminds us of Apple’s real business model. They want to sell lots of devices, everything else supports this goal. It seems iCloud’s easy, executive-proof How will sell a lot nicely interconnected Apple hardware. For competitors, weaving together a Brand X laptop, a Brand Y smartphone and a Brand Z tablet won’t be as easy or inexpensive.

To be continued as competitors takes Apple’s theory apart and as both developers and the company move the iCloud story into reality.

JLG@mondaynote.com

For further perspective, a few links:
- A prescient (April 15th, 2011) “Cutting That Cord” piece by John Gruber.
- A 10,000 feet overview by Philip Ellmer-Dewitt, in Fortune’s Apple 2.0.
Pascal-Emmanuel Gobry thinks iCloud annoys Google and humiliates Microsoft.
- John Paczkowski’s take in All Things D: iCloud: The Mother of All Halos.
- Business Insider thinks Microsoft had a service “just like iCloud” for Windows Mobile.
Walt Mossberg’s iCloud take, interviewed by Charlie Rose.
- Steve Jobs’ “It Just Works”, as seen by MG Siegler on TechCrunch.