By Rasmus Øjvind Nielsen, the Danish Board of Technology Foundation (November 2014)
The emergence of cloud computing into the market has presented policy-makers with the complex task of weighing opportunities of innovation-driven growth against complex issues of transnational privacy legislation and the security of national information and communication infrastructures. The findings in this case, which focused on the creation of the European cloud strategy (EC 2012), indicate that absent of a systematic yet flexible approach to principled integration of different assessment perspectives, the de facto knowledge integration carried out by civil servants in support of policy formation is subject to agenda capture by industrial interests. In particular, the case study indicates the observations that:
- De-framing of existing assessments is a necessary step in producing a trustworthy knowledge base for policy-making
- Increased transparency about the balancing of knowledge(s) is needed to secure the legitimacy of policy decisions concerning emerging technology
- ‘Soft’ methodology for integrative assessment could positively affect the quality of bureaucratic policy formation processes
- Resources for more systematic inclusion of less powerful actors during policy formation is needed
The case of cloud computing policy at EU level
The European cloud computing strategy was created by the European Commission in a situation in which cloud markets were moving fast, but where market failures led to calls for swift political action to establish ‘trust’ in the markets. The cloud strategy is thus an example of a policy where the mode of ‘integration of non-economic aspects’ is dictated by higher-level policy norms of efficiency; in this case specifically dictated by the Europe 2020 strategy for “smart, sustainable and inclusive growth”. The strategy was put into question when in 2013, with the Snowden revelations it became clear that personal information stored in the platforms of major cloud computing providers was being systematically tapped by the U.S. signal intelligence agency, the NSA (e.g. Greenwald and MacAskill 2013). This lead to public outrage, a furious politicization of debates concerning new European data protection legislation as well as calls for the creation of a strictly ‘European Cloud’ (summarized in Leimbach et. al. 2014) – an idea which the EC had dismissed when it presented the cloud strategy. This controversy took place against a background of persistent promotion of cloud computing as an engine for technology-driven economic growth by private and semi-public actors.
The case is thus one in which differences in the perception of EST impacts through different formal or informal frameworks play a significant role. Furthermore, the policy formulation process itself illustrates the de facto integrative nature of policy preparation efforts by the secretariats of EC DCs in as much as the policy formulation process involved extensive knowledge gathering, commissioning of new knowledge production, and participatory exercises such as stakeholder dialogue and public consultation; all of which was balanced by DG CONNECT. Given these characteristics of the case, our study of it couples the question of quality criteria for integrative assessment in EST policy-making to the question of internal policy process criteria for the DGs and similar institutions and the ability of these processes to steer safely between the opposing poles of technocracy and politicization.
The assessment landscape for cloud computing
The case study was conducted as a qualitative text-based discourse analytical study of 327 documents from a wide range of fields published 2006-12. We have identified seven consecutively emerging “problem perspectives” from which cloud computing has been assessed since its emergence in the market in 2006.
- Individual strategy assessment (in reaction to hype)
2. Co-creative promotion of alternate development paths
3. Assessment of the technology’s ontology, risk and reward
4. Security and privacy in a globalized world
5. Growth in a time of crisis
6. Societal strategy with regard to cloud computing
7. Broadened political responsibility (integrative perspective)
Of these perspectives, the dominant perspectives seem to be 1, 3, 5 and 6 with perspective 4 providing the major counterweight to these. Perspective 2 seems in general to be overlooked, while perspective 7 is still emerging. To be clear, the perspectives should not be seen as phases in a time-line or links in a food-chain, but rather as ever broadening circles of concern, the latter growing out the former in a process of complexification of the terms of debate.
One important example of such emergent relations between problem perspectives is that of “trust” emerging as a term bridging and combining the concerns of security and privacy assessments on the one hand and economic concerns on the other. “Trust” is neither technical, legal nor economic but bridges all of these conceptual areas and provides a target for strategic coordination of perspectives, which might otherwise remain locked in opposition. As something of a dialectical creation, this concept acts therefore as a specific key to conceptual integration at a level we might call “politico-epistemological”, i.e. it provides a simple framing (building trust in the cloud) for the complex of strategic problems facing decision-makers (balancing data security, privacy rights and carbon footprints against the primary and secondary economic benefits, cloud computing seems to entail).
With regard to the integration of different formal and informal frameworks and the question of discursive articulation promoted through hype and through the actions of powerful transnational actors such as the World Economic Forum provides a naturalised de facto integration of business interests into policy all the while purporting to integrate non-economic aspects such as privacy protection and trust as well. Thereby, the question “of an essentially political nature” of trust and who deserves it was indeed “removed from the realm of democratically accountable decision-making and presented as reconcilable by technical and rational methodologies or procedures” (Scrase and Sheate, 2002), e.g. standard formation, best practice dissemination, and public sector demand-side policies. With regard to participation in the policy process, discursive coalition formation thus has the simple but palpable effect of placing the participatory exercises carried out by DG CONNECT one step downstream from the political choice of strategy. This indeed has effects much like ‘normal’ agenda capture in that it removes from the dialogue the fundamental questions whether uptake of cloud computing services is a goal worth pursuing and what role the EC should play in that regard.
The TranSTEP approach and cloud computing
In order to review the findings of cloud case study and to test assumptions about the TranSTEP approach, a group of assessment practitioners and researcher involved in the European cloud computing debate were gathered to make recommendations about how TranSTEP might be applied to in future assessment work. The following tentative conclusions were drawn:
- An integrated assessment process concerning the European Cloud could pave the way for the development of a set of guidelines to defined groups of stakeholders to apply cloud-based solutions for certain sets of services. If such development was undertaken, it should be matched by strategies for the continued development of certification schemes based on open standards.
- Europe’s recent experiences in connection with data protection and privacy and the difficulty of governing these in a digital society have brought attention back to a long standing need to develop strategies and capacities for the adequately flexible development of regulation. An integrated assessment process could explore ways of developing practical capabilities for more responsive forms of ongoing societal regulation of data use.
The EST Frame team’s conclusions are that the TranSTEP approach might serve as a flexible and low-cost way for policy-makers to challenge current framings of technological issues in the early stages of policy preparation and to envision alternative pathways for policy intervention.
Barriers to implementation in the case of cloud computing
‘Soft’ forms of integrative assessment aimed at being implemented in non-formalized for a for policy formulation such as ad hoc expert groups and the internal work of policy organs such as the Commission services comes up against the high-level political directives embedded in the organizational guidelines, routines and cultures of the services. Civil servants are not always in a position to take a step back in order to question the benefits of a given technology in a broader sense. Rather, new policy is formed on the basis of existing ones and the open questioning inherent in TranSTEP style integrated assessment may not fit neatly within political bureaucracies. It may therefore be that venues for integrated assessment are to be sought through high-level interventions in the interaction between different services – but that is a whole other can of worms.
Greenwald and MacAskill (2013): NSA Prism program taps in to user data of Apple, Google and others. The Guardian, 07/07/2013.
EC (2012) Unleashing the potential of cloud computing. COM(2012) 529 final.
Leimbach et. al. (2014) Potentials and Impacts of Cloud Computing Services and Social Network Websites. PE 513.546, Brussels: European Union.
Scrase, J. I., and Sheate, W. R. (2002) ‘Integration and Integrated Approaches to Assessment: What do they mean for the environment?’, J. Environ. Policy Plann. 4: 275-94