Clueless on the Charles: Zittrain's Cloud Missive Got it Wrong

CIO.com's Bernard Golden says Harvard professor Jonathan Zittrain got almost everything wrong in his recent New York Times diatribe on the perils of cloud computing. Here's Golden's rebuttal of Zittrain's points on lock-in, data security and innovation.

On July 19, the New York Times published an anti-cloud computing op-ed jeremiad, titled "Lost in the Cloud," as remarkable for its shrill tone as for its technical obtuseness. Its author, Jonathan Zittrain (a law professor at Harvard University), whose perspective on information technology functionality appears to have been fixed in about 1987, attacks cloud computing and contrasts it with the bygone, halcyon days of PC-based computing. He vividly describes cloud computing perils and warns that it presents enormous threats to society.

However, his argument is so rambling and muddled that it serves more as a guide to his confusion about the topic than as an accurate description of cloud computing, not to mention its shortcomings. He conflates different online services with cloud computing, raises a range of unrelated issues, and fails to comprehend the difference between PC-oriented software and its online variants.

[For timely cloud computing news and expert analysis, see CIO.com's Cloud Computing Drilldown section. ]

His arguments can be boiled down to three items he describes as cloud drawbacks:

Lock-in and control. The cloud, he claims, limits the freedom one has with data. Some services, he asserts, capture user data and treat it as their own, providing no way to remove it or even access it independent of the service. He cites Facebook as a prime example of a service that controls what applications may be deployed: "Facebook allows outsiders to add functionality to the site but reserves the right to change that policy at any time, to charge a fee for applications, or to de-emphasize or eliminate apps that court controversy or that they simply don't like." He then makes the same complaint about Apple and concludes "The company has used this power in ways that Bill Gates never dreamed of when he was the king of Windows."

I've got news for Mr. Zittrain. The software world under Microsoft's domination was no picnic, and it's shocking that he doesn't recognize that fact. The Federal government moved against Microsoft on antitrust grounds because it cut restrictive deals with computer manufacturers to keep other company's operating systems off of all the computers that manufacturer made. And when it came to applications, Microsoft played hardball as well. It is well-known that it used Windows APIs to favor its own apps to the detriment of those from competitors.

Turning to data control, Mr. Zittrain is propping up a straw man for the purpose of pummeling him. Nearly all cloud computing services offer a way to access data via APIs so that an individual (or corporate customer) can download it or remove it. It's no accident that Facebook, the company he most has it in for with respect to these practices, is run by someone in his mid-twenties and least likely to understand the importance of an application's data being available to users. In my view, these social sites are a transitional phenomenon, anyway.

Soon the whole paradigm will be turned inside out: Social media will be all about making connections between my data no matter where it is, and it will all be under my control. Social connectivity will be an add-on that helps me live my life, not a destination site with stranded (not captive) data. My data inside of Facebook is only useful on Facebook; I want my data somewhere where any social media functionality can get at it and add value to me. See this blog posting by TechDirt for more discussion about data finding me, rather than me finding data.

And by the way, standalone PCs were no exemplar in this regard either. Much, much data on private hard-disk drives is inaccessible, not because of who controls it, but because the software to access it is long-since obsolete or lost. And Microsoft (the name comes up again) is well-known for changing file formats, making files created by older versions of products inaccessible by new products. Believe me, the location of data is only loosely associated with access.

Data security and privacy: He points out that the security of data in the cloud can be at issue. He notes the recent case of someone guessing a Twitter employee's Google password:

"A hacker recently guessed the password to the personal e-mail account of a Twitter employee, and was thus able to extract the employee's Google password. That in turn compromised a trove of Twitter's corporate documents stored too conveniently in the cloud. Before, the bad guys usually needed to get their hands on people's computers to see their secrets; in today's cloud all you need is a password."

Actually, he's wrong on the lesson this teaches. The shortcoming was an insecure password, which is a security breach that has nothing to do with cloud computing. And password breaches that lead to data loss are not limited to cloud environments. People hack into corporate compute environments (i.e., inside the corporate firewall) and run password attacks to find too-simple passwords all the time. This issue is present for all networked computers; the only way to prevent it is to ensure that the computers are standalone devices, which most people and companies are unwilling to do.

He goes on to note that the cloud has data security issues even overseas. Skype, he observes, allowed the mainland Chinese government to access user text chat. While this is certainly an issue, it's not a cloud issue. Skype is only in a very limited sense a cloud app, and in most circumstances it communicates in a peer-to-peer architecture without passing through a central server. And by the way, this issue is present with PCs as well. PC manufacturers were falling all over themselves to comply with the Chinese government mandate of placing the Green Dam content filtering software on their machines.

One might have an argument on the more general issue of computer security, and whether cloud environments are sufficiently secure. Unfortunately, the record of non-cloud environments is nothing to write home about. His beloved PCs routinely contain malware, spybots and more. I would take my chances with the security of a cloud provider versus my next door neighbor's PC any day of the week.

Zittrain then goes on to discuss a related issue: data privacy. He notes that the PATRIOT Act allows the U.S. Federal government to "demand some details of your online activities from service providers—and not to tell you about it. There have been thousands of such requests lodged since the law was passed, and the F.B.I.'s own audits have shown that there can be plenty of overreach—perhaps wholly inadvertent—in requests like these." He describes this kind of privacy breach as a serious issue.

Finally, something we can agree upon. The issue of data privacy is a key—perhaps the key issue—affecting cloud computing and making it a concern. The fact that government access varies according to the physical location of where the data is stored—whether within a private facility or an external hosting provider like a cloud computing service—needs to be addressed and made consistent. The future of computing is that data will be located everywhere, and it has to be treated with the proper privacy conditions no matter where it is, instead of varying according to where it happens to be located. This is a cloud issue that deserves much, much more attention. I predict it will become the cloud issue in the future.

Innovation: Zittrain's final issue regarding cloud computing is innovation. He asserts that PCs inspire and enable individual experimentation by "tinkerers and hackers," offering the opportunity for unimagined applications to be created, whereas the control asserted by cloud providers stifles innovation.

This is so laughable as to make one wonder if, like Rip Van Winkle, Zittrain's been on a twenty-year snooze. In 1989, the PC was, indeed, a fount of innovation. But these days, innovation is all happening in networked, data-rich, shared environments. Just to take one example, the iPhone (which Zittrain, predictably, dislikes because Apple controls what is placed in the iPhone app store) supports AroundMe, a very cool app that uses GPS (networked location identification) to locate the phone's location, and to share information about nearby businesses and attractions—it even lets me Twitter about the nearby places. This is tinkering at its best—offering some useful application based on the functionality of a new platform.

To offer another example, this week's brouhaha about Google Voice on the iPhone crystallizes nearly every aspect of how cloud computing is enabling innovation. To those who have somehow missed this dustup, Google Voice (GV) is a cloud-based telephony application. GV offers you a phone number to be used as your main contact number, no matter what telephony device you happen to be using at any given moment; in other words, its number encapsulates all your other phone numbers; a call to the GV number can ring your office phone, home phone and mobile phone, allowing you to answer whichever is most convenient. You can set different rules to be executed when calls are received—e.g., calls from a spouse ring the phone immediately, while calls from business partners go to GV voice mail, etc. There are a host of other features as well. All of this makes telephony more useful, i.e., it's innovation in a long-established category.

Apple has decided to reject GV for the iPhone App Store. Some people have blamed Apple; others blame the iPhone network operator, AT&T. Whoever is responsible, it's clear that GV threatens the role of the network operator; it disintermediates it, which is to say, it makes it less important. With GV, suddenly the company that provides the physical connectivity is in a subordinate role; even its customer identifier (i.e., the phone number) is reduced to a place for GV calls to be forwarded to. Guess what: GV is innovation that will transform telephony, and as I wrote last week, transformations are chaotic reconstructions of markets, destructive to the incumbents. So it's not surprising that GV innovation is not being welcomed with open arms into the App Store.

Innovation always move to the platform that offers new, never-been-done before capability. The PC has remained mired in lethargy, with little new stuff released over the past decade. Cloud computing, by contrast, is fermenting with innovation and new applications are bubbling forth.

In a way, Zittrain's lament reflects the challenge for a non-technologist in comprehending new technology developments and their potential effects. I'm reminded of the essay, published 50 years ago by C.P. Snow, titled "The Two Cultures." In it, he bemoans the fact that the sciences and the humanities do not fully understand one another's domain, and particularly identifies members of the humanities as failing to make the effort to understand the domain of science. To be fair, this challenge is particularly difficult when it comes to computing, where, thanks to Moore's Law, advances are so rapid that it's nearly impossible to keep up in comprehending their ramifications. The human mind is not set up to understand the power of exponential growth that doubles capacity and power every couple of years.

To illustrate the incomprehensibility of exponential growth, let me offer an example. When I was a young boy, I was transfixed by a story I read in Ripley's Believe It or Not, about the challenge of a chess game between a king and Lord Krishna (in the guise of a commoner). If the king lost, he would place one grain of rice on the first square of the checkerboard, two on the second, and continue doubling until he reached the last square. The sting in the tale was that the exponential growth meant that fulfilling the bet would require 461 billion tons of rice; even by the 40th square, one trillion grains of rice are required.

Understanding the implications of Moore's Law, and its effects on how computing is being applied in our society and economy, is enormously challenging. But the task is not helped by applying misapprehended lessons from what is, in computing terms, the dark ages. Instead of nostalgically looking back to the good old days of PC computing, when things were exciting and innovative (but were, in fact, like all mistily-remembered "good old days," much better upon reflection than they were at the time), Professor Zittrain's time would be much better applied if he examined the legal implications of cloud data privacy and developed proposals about how to solve the issue, rather than launching a bunch of half-baked accusations about cloud computing.

Professor, I have a proposal: I won't do any lawyering if you won't attempt to be a technologist.

Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of "Virtualization for Dummies," the best-selling book on virtualization to date.

Follow everything from CIO.com on Twitter @CIOonline

Copyright © 2009 IDG Communications, Inc.

Get the best of CIO ... delivered. Sign up for our FREE email newsletters!