Big Shift underway
I normally hate the soothsaying genre. Some predictions are made perennially, and they really don’t impress me.
Machine intelligence, eh? Quantum computers? In my opinion, no one knows but the Great Programmer.
That said, the trends highlighted by Nicholas Carr in the first section of The Big Switch are already underway. It’s one thing to idly claim that bandwidth could be used to deliver utility applications, but it’s another thing to point out that serious players are already profiting from it.
Server computing seems ludicrously retro, but Carr makes some good points. While it’s true that Google can’t buy storage space for much less than I can, centralized servers are in a much better position to actually use it.
Most of the world’s scattered processing and storage is wasted. The laptop I compose this from is only on perhaps eight hours a day, and the processor is rarely taxed during those hours. The hard drive will probably crash before it fills up, yet it was the smallest size available. Storage space is cheap, but it’s even cheaper for those who can put it to good use.
Economies for scale are even more obvious in organizations. Why should local IT guys keep dozens of little boxes running? Business computers are bundled with software that most people can’t even user properly. If Google could provide applications on an as-needed basis, it could probably do so for less than the IT guys cost. The storage capacity for an organization would be especially small because many of the users would need access to precisely the same files, along with email and databases, which are server-stored anyway. All of the computers and IT guys in an office could be moved to Google’s Oregon server farm, effectively using a fraction of the storage space, and managed by a fraction of the IT workers.
The case for economic efficiency seems compelling to me, and I think the analogy to factory-specific electrical generators is a good one. Ordinary offices don’t have unusual requirements—they need to let their employees schedule things, compose email, write documents, and present slide shows. They need to have a working web server protected against attacks.
Because everyone wants basically the same product, I think that IT is a commodity. Perhaps less so than electricity, but if you asked a manager how she likes her office computing, she'd probably reply “uh… working.” (Cf. the consumer preference for electricity, which is “uh… continuous.”)
So I basically agree with Carr, but there are a few potential issues that should be discussed further.
Privacy
I doubt privacy concerns are a lethal, but I wish they were addressed more in the book.
People don’t like trusting strangers with their valuable
proprietary information. Exposed secrets
could destroy reputations and gut businesses. I think this is more of a trust problem than a
technological one. If clients use encrypted
connections to of servers, one should really only have to worry about the
trustworthiness of the server.* Servers have
to build their reputations, and there's no obvious reason that they're not up to the challenge.
Some clients wouldn't be able to migrate. Many industries are burdened with highly-specific privacy and application requirements. For example I doubt that the medical profession could replace their sensitive legacy systems. The aircraft controllers will also still need IT guys.
But I suspect most companies will make the jump once the water’s tested. After all, unevenly maintained local networks are not exactly paragons of security. In some ways, servers are more secure than PCs. Disgruntled terminal employees could not burn CDs of proprietary information before quiting, for example. Nor could an IT worker install logic bombs or do other nasty things to a company's network. I suspect that firms would be initially wary about trusting, say, credit card information and R&D files to third parties, but they could ease into it over time.
As for individual privacy, it seems to me that most people care much less about privacy than they claim. Some of the most-trafficked sites on the internet are social networking sites where users voluntarily post masses of content about themselves. People are apparently willing to waive their privacy interests—and let internet companies profit off of their work—for the incremental utility they find in being better connected to their friends. Another example is email. Online mail is extremely popular, but users are apparently not alarmed by targeted ads in their gmail. Email itself is typically delivered in plain text, which allows tons of people to hypothetically monitor it in transit. Individuals don’t seem to care.
In retrospect I doubt this shift will seem as surprising as it does now. Companies already outsource functions that were once considered essential. Payroll is probably the best example—businesses are comfortable giving their cash and employee information to third parties, so why not their word processing?
Risk of government intrusion
Even if the servers are perfectly trustworthy, they still must obey the rule of law. Google is a Yankee company (as we were repeatedly reminded by last week's reading). If you're a Middle Eastern businessman, you don’t have to be Osama bin Laden to worry that your files with Google might be tapped by the spooks. Google, after all, has been criticized for cooperating with China. I imagine they’d be even more permissive if Uncle Sam ever quietly knocks—assuming they haven't already. Even if servers were completely faithful to their client’s privacy, they’re an obvious target for governments worldwide. It’s hard to imagine defense contractors using utility computing.
This is different from existing online surveillance. Servers are an insanely juicy target, with data neatly organized for every organization. There's also a plausible slippery slope. Imagine that law enforcement wanted to obtain a captured pedophile's utility computer files. If files are saved on servers, they would have to continually present these servers with warrants. Now imagine a day when the government wants to conduct a broad search of every file Google possesses—looking for keywords allegedly related to terrorism. How could Google respond? “Sorry, we’re not good at searching”?
If one worries about government police authority, the switch to utility computing should seem frightening.
Network neutrality
Utility computing is attractive because processing can be transmitted at virtually no cost. If network neutrality ends, this might cease to be true.
I suspect, however, that organizations would still find it profitable use servers. The additional cost should only make a marginal difference to fence-sitting early adopters.
*As a reply to Ed, encryption is basically impenetrable
without quantum computing—and especially in an online world with so much
low-hanging fruit. If quantum computing is
developed, it doesn’t really matter how your managers in
Frank,
I absolutely agree with your comment regarding quantum computing. My point is simply that, given the rapid pace of technological change and the unpredictable results thereof, we (businesses, attorneys, etc.) should be hesitant either to embrace third-party data processing or to create "target rich" environments for the next generation of hackers, no matter how compelling the economic arguments may look in the current fiscal year. I hope this clarifies my comments further.
Posted by: Ed Cottrell | April 08, 2008 at 06:57 PM
Oh, no problem. I liked that you brought it up; it never occurred to me in the book, but it's a really interesting point.
It's such a whimsically weird idea that a mathematician might someday find an elegant method for factoring, and thereby cause more damage than a terrorist. But if that happens, I don't think cloud computing will be much worse off than desktops. If anything, currently-secured transactions are much more valuable to crack than some employee's streaming terminal. I think encrypted terminals might paradoxically be more secure because of the amount of encrypted noise in introduces. A quantum hacker would have to sort through a lot of employees who do nothing more interesting than play solitaire.
Incidentally, Dan Jones said that we could accommodate for quantum computing by increasing the key length. As I understand it, that's true for straight-up block cipher encryption, but quantum computers would be exponentially better at solving primes because of Shor's algorithm. Public-key encryption would probably go out the window forever. However, it might still be possible to secure servers and clients by hand-delivering strong keys. As I understand it, this is what the military used to do before public key encryption was invented.
Posted by: Frank_B | April 08, 2008 at 08:25 PM
Don't think I said that. But I still like the discussion.
Posted by: Dan Jones | April 08, 2008 at 10:54 PM
Right, you're right. I had read it a few hours earlier and should have double-checked. You wrote about quantum cryptography. I'm sorry.
At any rate, there will be some point in time when only one quantum computer exists. Then a handful. From that point until everyone has them (if everyone ever gets them--they might turn out to be very expensive natural monopolies) we won't have anything like public-key encryption.
Posted by: Frank_B | April 09, 2008 at 09:24 AM
Frank, I think you overlook one powerful force in protecting user privacy in a world of software/storage-as-a-service computing: Competition.
Customers will only want to use remote computing services and storage if they trust that such data will be well protected. For many, this means protection from not only criminals and competitors, but from government intrusion as well. While the 4th Amendment might not technically apply for data stored by a third party, there are many market-induced reasons for a company storing another's data not to turn over information without some sort of warrant/subpoena. Competition for remote computing can assure that businesses get the sort of privacy protections they want/desire. For example, the government wanted search records from Google regarding searches for child porn, Google refused the request (eventually turned over unidentifiable information). Other companies like Yahoo and Microsoft have more easily cooperated with Government requests. Privacy conscious people can thus choose Google over others. Facebook also recently faced a lot of user backlash with one of it's privacy snafus.
Also, as to the idea that people don't expect a lot of privacy on the individual level (ie cleartext e-mail); I'm pretty sure most people don't KNOW how insecure most of their communications are, and that they do in fact have expectations of privacy (albeit unrealistic ones). There's also the notion of Privacy via anonymity... sure I send e-mail in cleartext... but really what are the chances anyone's going to get them and use them to exploit my actions? [[Please don't sniff them out of the open wireless network and use them to exploit me now!!!]]
Posted by: Ruben Rodrigues | April 09, 2008 at 02:39 PM
I think more than ignorance is driving our behavior. Like a million people signed up for one of the Facebook backlash communities. They're aware of the problem, but talk is cheap. When users are faced with a well-articulated choice between maintaining privacy and maintaining a facebook account, the vast majority of our peers choose the latter.
I don't think it's an entirely irrational choice though. I hope that we talk about this more next week.
As for competition: you're right. That will surely soften the blow for those that care. I remember privacy advocates praising Qwest for being the only major U.S. telecom not to turn over call records to the NSA. (As a former telecom employee and Qwest customer, I cynically think it might have had more to do with their incompetence than their devotion to the constitution, but I digress.) People who care will certainly be able to find companies who are less callous about their private information, and perhaps they'll even use servers in countries that develop a reputation for iron-clad privacy.
Posted by: Frank_B | April 09, 2008 at 03:34 PM
Heh, while incompetence might have played a role for Qwest... maybe one of their lawyers actually noticed the huge liability risk if the program was ever unearthed.
Posted by: Ruben Rodrigues | April 09, 2008 at 04:24 PM
Yeah, they explicitly said they weren't going to supply call records because of their legal concerns. That's more than any of the others did, so I think it's admirable.
It just struck me as strange because Qwest was considered perhaps the worst RBOC for customer service. (Customers *loved* Bell South--J.D. Power and customer satisfaction surveys always ranked them number one, and they were the only LEC that I regularly heard customers praise; SBC really had it's act together; and although the GTE-Bell Atlantic merger took a while to iron out, Verizon was a generally competent company.) As a former Qwest customer, I guess it's just too damn amusing to imagine an executive meeting like this:
CEO: "No Such Agency says we should give them all of our customer call records."
IT Officer: "Gee, they want ALL the records? That's really hard. I'll send a guy to look at it on Tuesday."
[officers laugh]
CEO: "But seriously, how long will it take to comply?"
General Counsel: "Y'know, what they're asking might be illegal."
IT Officer: "Really? That's super."
CEO: "Sounds good to me. Meeting adjourned."
Posted by: Frank_B | April 10, 2008 at 10:02 AM