ComEd or Dan Ryan?

Nicholas Carr’s story is about the transformation of technologies—like computing and electricity—from something marvelous and awe-inspiring to ubiquitous, invisible features of everyday life. He also presses the ironic corollary: a technology is not truly revolutionary until no one sees as revolutionary any more. Electricity didn’t change society when it was worshipped in the White City, but when no one gave it a second thought. Market forces, in Carr’s view, make this transformation inevitable—economies of scale favor the centralized distribution of computing services, just like power, water, sewer and natural gas—and competition will thus force companies to adopt the cheaper utility model of computing, just as consumers will favor cheaper and more hassle-free utility computing for their personal use.  I want to expand here on issues of data security raised in other posts to question Carr’s analogy between IT and electricity and to ask whether Carr’s market-driven “technological imperative” will necessarily lead to widespread adoption of computing as a utility or whether other factors will lead to a less radical outcome.

Carr describes information technology and electricity as “general purpose technologies” (GPTs), which “are best thought of not as discrete tools but as platforms on which many different tools, or applications, can be constructed.” (15) People use data processing and storage to accomplish a wide range of tasks, just as electricity can be used to power many different tools. The question, though, is to what extent important differences are masked by this shared GPT label.

In the first place, electrical utilities send something of value to the user, for which the user pays, but computing utilities while similarly providing a valuable service are also something like data bailees. As Carr and several previous posts have noted, the computing utility company is entrusted with both trivial and extremely valuable and sensitive information. This two-way flow of valuable assets and the entrusting relationship between consumer and utility is an important distinction between utility computing and other utilities.

Second, the computing-electricity analogy may be obscuring something valuable as it seeks to displace the venerable internet-as-highway metaphor. A highway is a kind of general purpose technology, a platform adaptable to many vehicles, starting points and destinations; however, unlike a subway or light rail, users provide their own vehicles. At the risk of opening a topic beyond the scope of this post, let me just posit the conventional wisdom that many people around the world prefer driving their own cars, even when arguably more cost-efficient alternatives exist. See, for example, the Chinese appetite for cars, despite increasingly horrific traffic and air pollution in major cities. It is often said that individual ownership of cars provides a sense (though not always the reality) of freedom, autonomy, self-reliance, flexibility, privacy and safety—as compared to reliance on shared or public transportation alternatives.

I would argue that distributed (non-utility) computing provides many of these same attributes. A stand-alone computer offers the assurance of physical possession of data and of processing capacity. Of course, it seems probable that a computing utility will be able to use its economies of scale to develop superior hacker protection and more reliable redundant power sources and data backup. Perhaps data will in fact be more secure in such a facility. But many people who know that public transit is statistically safer still feel more secure while driving their own vehicles. Also, as others have observed, concentrated data facilities are a richer target for hacking, government surveillance and terrorist attacks on physical infrastructure.  The point is that the “technological imperative” does not seem, in the realm of personal transportation, to have necessarily resulted in the adoption of the least cost alternative. It is at least possible that the same will prove true for IT.

Carr opens his book with a Le Carrésque description of visiting VeriCenter’s Boston facility—an anonymous building in a run-down area, no sign on the door, a deserted entry with black handset, a heavy steel door; and then the high-tech wonders inside. I thought the cloak-and-dagger clichés made for a corny, if effective, set-up, and it occurred to me that just because an asset is extravagantly protected doesn’t necessarily mean it is valuable. But on further reflection, I think the anecdote drives home an important point: people are willing to pay a big premium to have their data secure. As noted above, computing utilities will have the scale to provide better security in some respects: hire the best IT people, invest more in hacker and virus protection, as well as power supply and data backup infrastructure. Their scale will give them an advantage over individuals and separate corporate IT departments. On the downside is the attractiveness of a computing utility to hacking, surveillance and physical attack.  Scale provides security advantages as well as downsides. I don’t have the expertise to assess which way the security balance will tip, or to guess whether, for irrational reasons, individuals and corporations will still prefer to drive their own computing vehicles. 

The other interesting aspect of the VeriCenter security story was the way in which the prosaic security measures of a spy novel protected an extraordinary facility. It represents a more complicated version of Carr’s story of technology. New technology may start as marvelous and utopian, and by becoming ordinary produce extraordinary social and economic changes, but at the same time, the new may coexist with, and be dependent upon, the old.  I think security concerns will most likely stymie a revolution in utility computing, producing instead a hybrid of utility and distributed computing, a mixture of extraordinary and prosaic solutions. This blending of new and old technology to ensure data security is illustrated by the following (prosaic) anecdote: a partner at my summer law firm advised me that notwithstanding metadata scrubbers, just to be certain, he still prints documents before sending them to opposing counsel and either uses fax or scans the printed pages and emails pdfs. Security concerns forced a hybrid of new and old technology, and this is my best guess as to how the contest between utility and distributed computing will play out.

Comments

I think the security point you bring up is extremely important. Ed and others mention this issue in their posts, but I think Carr fails to appropriately discuss one of the issues Jeanneney raised in his book. That is, there is something unsettling about one large company controlling the way data is accessed because even Google is not invincible. Similarly, if Google, or even Google and Microsoft, are responsible for most utility services, what happens if one or both of those companies collapse? It would not have to be something as malicious as a Live Free or Die Hard fire sale or a Battlestar Galactica cylon virus, although I would think that any company that gains a foothold in the utility industry would immediately become a prime target for hackers of the world.

I admittedly do not have a great understanding of how utility services would work, but it seems that something or someone could easily corrupt a large server. There has been a lot of press over the past few years any time a virus spreads through email; businesses are shut down and individuals are warned through numerous news stories and forwarded emails to be wary of unidentified attachments. Hackers seem to enjoy the challenge of disrupting the daily business of millions of people. I have to believe that this impulse would extend to any large utility service. Of course, this is not necessarily a reason to stop the march towards utility servers, but it is worth considering whether businesses will be willing to take the risk that Google/Microsoft can prevent hacking. Given the seemingly constant problems with Windows security, it is likely that more businesses than we think would be unwilling to change their current practices.

Posted by: Anglee Agarwal | April 09, 2008 at 12:24 AM