Friday, April 16, 2010

Breaking the International Log Jam: Cloud Computing and Open Source

Possibly the biggest challenge to the continued maturation of the open source and cloud technology industries is inconsistency in the treatment of legal and other issues across international borders. Great progress has been made on this front in the open source context both through community efforts, and by greater legal certainty from court decisions, legislation and government policies. While the cloud will benefit from the growing international consensus on open source, it differs in ways that create important limitations. We need a new international legal consensus for these technologies to continue their rapid evolution.

A. Open Source

Examples of the emerging international consensus on the validity of open source principles are becoming more common. Till Jaeger, a German attorney affiliated with the gpl-violations.org project, recently published an article on Groklaw entitled, "Enforcement of the GNU GPL in Germany and Europe." What I found most striking is that both the types of issues arising in Germany, and the manner in which they are adjudicated and resolved in Germany have direct parallels with the United States. In fact, I recommend this article as an excellent educational tool or refresher on the specific aspects of GPL most likely to lead to compliance issues whether you are in the U.S., Europe or elsewhere.

The consensus is also evident in that governments are increasingly accepting, or even adding preferences for, open source as part of their procurement policies.  For example, in 2009, the United States State Department and President Obama's Administration made headlines in the IT world for making open source prominent parts of their IT objectives. Roberto Galoppini also recently reported on a ruling by the Italian Constitutional Court finding that an Italian state law preferring open source is acceptable under Italian law.  All these factors show that open source is becoming mainstream with remarkable consistency in treatment across international boundaries.

B. Cloud

At first glance, the growing international consensus on the legalities of open source and the tight link between the open source and cloud technologies would seem to indicate that the cloud will achieve similar consensus. Take the Affero GPL as an example: the license is both nearly identical to the familiar GPL, and is specifically targeted for the proliferation of technology in a cloud and networking context. Unfortunately, minor differences between the Affero GPL and the standard GPL require a significant rethinking of how terms like "conveyance," "distribution," "derivative work," "corresponding source code" and other should apply in a cloud context.

The cloud also lacks international consistency in other ways too. Summarizing a 451 Group analysis, Charles Babcock at InformationWeek notes that U.S. investors appear to invest more money in cloud computing than their European counterparts, and the technology infrastructure for the foundational elements of cloud computing are not as mature in Europe as in the U.S. These impose practical challenges to the growth of the cloud computing infrastructure in Europe.

Differences in the U.S. and Europe legal environments potentially present an even bigger barrier. The 451 Group analysis also notes that the U.S. and Europe fundamentally differ in how they regulate data protection. As but one example: the U.S. Patriot Act, emphasizes the government's ability to access information under certain circumstances; whereas, the European Union Data Protection Directive emphasizes the rights of individuals to privacy and protection of their personal information. While these purposes do not necessarily conflict, they clearly are not aligned enough to claim any kind of consensus on how to handle data in a cloud environment.

C. Possible Solutions

We are nearing the time when cloud computing will become so fundamental to our use of technology that we need a set of legal principles, not just technical standards, that ensure broad access to data across international boundaries while also ensuring protection of intellectual property in a manner that promotes innovation and investment regardless of jurisdiction. Possibly the best model from which to start is the Berne Convention for the Protection of Literary and Artistic Works. Though the scope of adoption of the many clauses of the Convention has varied over the more than 100 years since its inception, the Berne Convention represents a broad consensus and acceptance of a core set of basic principles in copyright protection, which are largely consistent between the more than 160 signatory countries.

The same type of international discussion should focus on principles of validity and enforcement of open source agreements like the Affero GPL, as well as address appropriate measures for data portability while preserving data protection standards. The U.S., Europe and other jurisdictions should strive to reach at least a basic consensus on these issues in much less time than the 100+ years for the Berne Convention to reach its current level of maturity. The pace of change in cloud technology and our reliance on the cloud will face meaningful limits sooner rather than later. The growing international consensus on how to apply basic legal principles to open source in a consistent manner should serve as a model for achieving consensus over cloud issues.