This article was downloaded by: [82.39.140.39]On: 29 June 2014, At: 13:12Publisher: RoutledgeInforma Ltd Registered in England and Wales Registered Number: 1072954 Registered office: MortimerHouse, 37-41 Mortimer Street, London W1T 3JH, UK

Journal of Information Technology & PoliticsPublication details, including instructions for authors and subscription information:http://www.tandfonline.com/loi/witp20

Cloud Computing and Information Policy: Computingin a Policy Cloud?Paul T. Jaeger a b , Jimmy Lin c & Justin M. Grimes c da College of Information Studies ,b Center for Information Policy and Electronic Government , University of Maryland ,c College of Information Studies , University of Maryland ,d Center for Information Policy and E-Government ,Published online: 12 Dec 2008.

To cite this article: Paul T. Jaeger , Jimmy Lin & Justin M. Grimes (2008) Cloud Computing and InformationPolicy: Computing in a Policy Cloud?, Journal of Information Technology & Politics, 5:3, 269-283, DOI:10.1080/19331680802425479

To link to this article: http://dx.doi.org/10.1080/19331680802425479

PLEASE SCROLL DOWN FOR ARTICLE

Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) containedin the publications on our platform. However, Taylor & Francis, our agents, and our licensors make norepresentations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose ofthe Content. Any opinions and views expressed in this publication are the opinions and views of the authors,and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be reliedupon and should be independently verified with primary sources of information. Taylor and Francis shallnot be liable for any losses, actions, claims, proceedings, demands, costs, expenses, damages, and otherliabilities whatsoever or howsoever caused arising directly or indirectly in connection with, in relation to orarising out of the use of the Content.

This article may be used for research, teaching, and private study purposes. Any substantial or systematicreproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in anyform to anyone is expressly forbidden. Terms & Conditions of access and use can be found at http://www.tandfonline.com/page/terms-and-conditions

Journal of Information Technology & Politics, Vol. 5(3) 2008Available online at http://www.haworthpress.com© 2008 by The Haworth Press. All rights reserved.

doi:10.1080/19331680802425479 269

WITP

POLICY VIEWPOINT

Cloud Computing and Information Policy: Computing in a Policy Cloud?

Jaeger, Lin, and Grimes Paul T. JaegerJimmy Lin

Justin M. Grimes

ABSTRACT. Cloud computing is a computing platform that resides in a large data center and isable to dynamically provide servers with the ability to address a wide range of needs, from scientificresearch to e-commerce. The provision of computing resources as if it were a utility such as electricity,while potentially revolutionary as a computing service, presents many major problems of informationpolicy, including issues of privacy, security, reliability, access, and regulation. This article exploresthe nature and potential of cloud computing, the policy issues raised, and research questions related tocloud computing and policy. Ultimately, the policy issues raised by cloud computing are examined asa part of larger issues of public policy attempting to respond to rapid technological evolution.

KEYWORDS. Cloud computing, information policy, technology policy, grid computing, security,privacy, reliability

Cloud computing refers to a computing plat-form that is able to dynamically provide, con-figure, and reconfigure servers to address awide range of needs, ranging from scientificresearch to e-commerce. While cloud comput-ing is expanding rapidly as a service used by a

great many individuals and organizations inter-nationally, policy issues related to cloud com-puting are not being widely discussed orconsidered. As this article will demonstrate,there are a wide range of policy issues related tocloud computing that merit considerable attention

Paul T. Jaeger, Ph.D., J.D., is an Assistant Professor in the College of Information Studies and is theDirector of the Center for Information Policy and Electronic Government at the University of Maryland. Hisresearch focuses on the ways in which law and public policy shape access to and use of information. Dr. Jaegeris the author of more than 60 journal articles and book chapters, along with four books.

Jimmy Lin, Ph.D., is an Assistant Professor in the College of Information Studies at the University ofMaryland. His research lies at the intersection of natural language processing and information retrieval.Dr. Lin leads the Google/IBM Academic Cloud Computing Initiative at the University of Maryland.

Justin M. Grimes is a doctoral student in the College of Information Studies at the University of Maryland and aResearch Associate at the Center for Information Policy and E-Government. His research interests include informa-tion policy, e-government, intellectual property, and issues of technology and policy in virtual world communities.

Address correspondence to: Paul T. Jaeger, 4105 Hornbake Building, College of Information Studies,University of Maryland, College Park, MD 20742-4343 (E-mail: pjaeger@umd.edu).

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

270 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS

as cloud computing develops into a widely usedcommercial enterprise; yet there has thus farbeen a lack of policy-making or court casesrelated to cloud computing. The objective ofthis article is to introduce the policy concerns,research areas, and potential solutions related tocloud computing that will likely be the focus ofdiscussion and deliberation in coming years. Ifthese problems are considered during the devel-opmental stages of cloud computing, perhapsthey can be addressed before the consequencesof nonaction are too significant.

Typically, the cloud computing infrastruc-ture resides in a large data center and is man-aged by a third party, who provides computingresources as if it were a utility such as electric-ity—accessible by anyone, anywhere with anInternet connection. For the “cloud provider,”this consolidation of computing resourcesyields many benefits deriving from centralizedmanagement and economies of scale; for the“cloud user,”1 the ability to gain rapid access tocomputing capacity not only reduces overallcost, but also lowers the barrier to entry formany processing-intensive activities, since iteliminates the need for up-front capital invest-ment and the necessity of maintaining dedi-cated infrastructure. Through cloud computing,users transfer the burden of system manage-ment and data protection (e.g., in event of sys-tem crash or physical theft) over to the cloudprovider. In addition, cloud computing providesa potential avenue by which users of handhelddevices could have access to computing ser-vices. In essence, users of cloud computing“outsource” their data processing needs to athird-party. These ideas are certainly not new,as cloud computing evolved out of earlier tech-nologies for distributed processing, such as“grid computing.”

Far more than a theoretical construct, cloudcomputing technology has reached the com-mercialization phase of development. A rangeof cloud providers already offer a variety of ser-vices, with users employing clouds for massivedatabase management, data mining, and thedeployment of Web services, among otheractivities (Baker, 2007). Potential specific usesof cloud computing range from using clouds toprocess huge amounts of data to solve incredibly

complicated scientific problems to using cloudsto manage and provide access to medicalrecords (Hand, 2007). Commercial and individualcloud computing services are already availablefrom Amazon, Yahoo!, Salesforce, desktopTwo, Zimdesk, and Sun Secure Global Desktop,while Google’s efforts in cloud computing haveattracted a great deal of interest (Delaney &Vara, 2007; Gilder, 2007; Lohr, 2007; Ma, 2007;Naone, 2007). Another major effort is an aca-demic–industrial collaboration spearheaded byGoogle and IBM, in conjunction with six majorresearch universities in the United States,whereby the companies are providing facultyand students with access to clouds for researchand education (see: http://googleblog.blogspot.com/2007/10/let-thousand-servers-bloom.html andhttp://www-03.ibm.com/press/us/en/pressrelease/22414. wss).

In spite of its promise and potential, cloudcomputing sits at the difficult intersection ofnew computing concepts and information policy.Not only does cloud computing raise majorissues regarding privacy, security, anonymity,telecommunications capacity, liability, reliability,and government surveillance, relevant existinglaws do not appear to be applicable to this newidea. This situation is indicative of a growingproblem in which technology so far outpacesinformation policy that the developers andusers of an important new technology create,implement, and use it, hoping that the law willultimately catch up to their activities. WhilePrinceton University’s Center for InformationTechnology Policy held a two-day workshopentitled “Computing in the Cloud” (http://citp.princeton.edu/cloud-workshop) in January2008 to discuss some broad policy issuesrelated to cloud computing, this is an area thatmerits considerable attention.

This article focuses on a range of policyaspects of cloud computing—specific issuesraised by gaps in current laws and regulations.In the case of cloud computing, technologicalinnovation, commercial interest, and consumerinterest are all fast outpacing current informa-tion policy. The primary goal of this article is toraise awareness of these issues at the intersec-tion of computing and policy—although wepropose solutions to the extent possible, ultimate

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

Jaeger, Lin, and Grimes 271

resolution of any specific issue is beyond thescope of this article.

This article will first discuss the nature andorigins of cloud computing and key technicalcharacteristics and benefits to users. Currentexamples of and initiatives in cloud computingare next examined. The policy issues related tocloud computing are then discussed, followed bythe policy gaps raised by cloud computing.Finally, the article describes how issues of cloudcomputing and policy might be reconciled tofacilitate the development of cloud computing asa beneficial development for individual, corpo-rate, and governmental computer users.

WHAT IS CLOUD COMPUTING?

Like most technologies, cloud computingevolved from a need. The tremendous growth ofthe Web over the last decade has given rise to anew class of “Web-scale” problems—challengessuch as supporting thousands of concurrente-commerce transactions or millions of searchqueries a day. The natural response of technol-ogy companies has been to build increasinglylarge data centers to handle the ever-growingload; these data centers consolidate a great num-bers of servers (hundreds, if not thousands) withassociated infrastructure for storage, networking,cooling, etc. Over the years, technology com-panies, especially Internet companies such asGoogle, Amazon, eBay, or Yahoo!, haveacquired a tremendous amount of expertise inoperating these large data centers. This“know-how” extends beyond physical infrastruc-ture to include experience with process manage-ment and other intangibles. Cloud computingrepresents a commercialization of this combinedsolution.

The tremendous amount of informationavailable in electronic format today has translatedinto a proliferation of data- and processing-intensive problems for a wide variety of organi-zations and even individuals, in the context ofthe Web and beyond. For example, genomicsresearch involves huge volumes of sequencedata; financial companies maintain mountainsof information about clients; even the serioushobbyist may have more video footage than can

be reasonably processed by available machines.Common to all these scenarios is the need forlarge amounts of processing power. Prior tocloud computing, acquiring such resources wasan expensive proposition. Upfront capitalinvestment in purchasing the computers them-selves is only the initial step; significantresources must then be devoted to maintain theinfrastructure. In many cases, users (especiallysmaller companies, nonprofit organizations,and academic research groups) are unable orunwilling to make this investment.

The convergence of need and solution hasproduced the current conception of cloud com-puting, which promises to benefit all partiesinvolved. Cloud providers gain an additionalsource of revenue and are able to commercializetheir expertise in managing large data centers.Overall cost as measured on a capacity-basis isreduced due to consolidation, and capitalinvestment in physical infrastructure is amor-tized across many customers. Cloud users nolonger have to worry about purchasing, config-uring, administering, and maintaining their owncomputing infrastructure, which allows them tofocus on their core competencies. This para-digm has also been referred to as “utility com-puting,” in which computing capacity is treatedlike any other metered utility service—one paysonly for what one uses.

Currently, the best-known example of com-mercial cloud computing is Amazon’s ElasticCompute Cloud (EC2) (http://aws.amazon.com/ec2), which allows customers to “rent” computecycles in Amazon’s data center. Typically, this ser-vice is used in conjunction with Amazon’s SimpleStorage Service (S3) (http://aws.amazon.com/s3),which provides data storage services. For S3,costs are straightforwardly computed in termsof disk storage used on a monthly basis andadditional charges for data transfer. This isattractive for users, since they only pay forspace they use, with additional capacity avail-able on demand. For EC2, users are charged interms of instance-hours; one instance-hour canbe intuitively understood as the data processingcapabilities of a particular computational unitfor one hour. Such a pricing model is attractivefor the same reasons as S3; costs scale predict-ably with use and no resources are spent on idle

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

272 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS

processors. A number of startup companies useAmazon’s services with regularity, and evenestablished companies have found these ser-vices to be useful. For example, The New YorkTimes recently employed EC2 and S3 to pro-cess 11 million scanned articles 1851–1980 fromthe newspaper’s archives into Adobe PDF filesaccessible by readers (http://open.blogs.nytimes.com/2007/11/01/self-service-prorated-super-com-puting-fun). For applications where computingdemand is uneven or, in the case of The New YorkTimes, non-reoccurring, cloud computing pro-vides an efficient, cost-effective solution to userneeds.

The activity and interest in cloud computingis by no means limited to the commercialsphere. Developing applications and algo-rithms that run on hundreds if not thousands ofprocessors is a daunting challenge, a task mostcomputer science graduates today are ill-equipped to handle. Whereas the present com-puter science curriculum is mostly focused onsequential processing (e.g., executing oneinstruction after another), cloud computingrequires the programmer to reason about paral-lel processing, where many operations are exe-cuted concurrently, and distributed processing,where operations are executed in different pro-cessors.

To address this growing need for expertise,in October 2007, Google and IBM jointlyannounced the academic cloud computing ini-tiative with six U.S. research universities: Carn-egie Mellon University, Massachusetts Instituteof Technology, Stanford University, the Uni-versity of California–Berkeley, the Universityof Maryland, and the University of Washing-ton. The second author of this article is the leadfaculty at the University of Maryland. As partof this initiative, IBM and Google have dedi-cated a large cluster of several hundred comput-ers for use by faculty and students at theparticipating institutions. By making theseresources available, the companies hope toencourage faculty adoption of cloud computingin their research and also integration of thetechnology into the classroom. These invest-ments are seen as necessary steps to sustainthe growth of cloud computing as an emergingparadigm.

In general, there are two primary ways inwhich cloud clusters can be used. In one mode,the cloud cluster simply hosts a user’s applica-tion, which is typically provided as a Web ser-vice accessible to anyone with an Internetconnection. For example, the cloud provider cansimply take over the task of maintaining andrunning a company’s inventory database ortransaction processing system. In the consumerrealm, services such as Google Maps, Gmail,and YouTube can already be thought of as“cloud applications.” The second mode may bethought of as “batch processing,” where the usertransfers a large amount of data over to thecloud cluster along with associated applicationcodes for manipulating the data. The cloud clus-ter executes the application code, and the resultsare returned to the user. Note that in both usagescenarios, the user’s data and applications reside(at least for some time) on the cloud cluster,which is owned and maintained by a third party.This characteristic of cloud computing is at theroot of many challenging policy issues.

CLOUD COMPUTING AND ISSUES OF INFORMATION POLICY

Cloud computing raises a range of importantpolicy issues, which include issues of privacy,security, anonymity, telecommunications capac-ity, government surveillance, reliability, and lia-bility, among others. This section of the articleintroduces and examines these issues individu-ally. While some of the trade press and popularmedia accounts of cloud computing have raisedpotential issues of privacy and intellectual prop-erty (i.e., Delaney & Vara, 2007; Ma, 2007), therange of policy issues raised by cloud computingmerits significant consideration.

A productive approach to begin analysis ofthe information policy issues related to cloudcomputing is to consider user expectations. At aminimum, users will likely expect that a cloudwill provide the following:

• Reliability and liability. Users will expectthe cloud to be a reliable resource, espe-cially if a cloud provider takes over the taskof running “mission-critical” applications

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

Jaeger, Lin, and Grimes 273

and will expect clear delineation of liabilityif serious problems occur.

• Security, privacy, and anonymity. Userswill expect that the cloud provider willprevent unauthorized access to both dataand code, and that sensitive data willremain private. Users will also expect thatthe cloud provider, other third parties, andgovernments will not monitor their activi-ties. The only possible exception may befor cloud providers, who may need toselectively monitor usage for quality con-trol purposes.

• Access and usage restrictions. Users willexpect to be able to access and use thecloud where and when they wish withouthindrance from the cloud provider or thirdparties, while their intellectual propertyrights are upheld.

Each of these interrelated issues will be con-sidered in terms of its importance, what realisticexpectations users might have, and the policyimplications. While there are other policyissues beyond those mentioned above, we con-sider those policy considerations central to thesuccessful development of cloud computing.

Reliability and Liability

Users have the expectation that services pro-vided through the cloud will be reliable, as oneof the key concepts behind this computing para-digm is the transfer of data center management,along with its associated risks, to a third party.Yet, reliability raises some very significantquestions.

What if a cloud provider experiences techni-cal problems that result in an organization’smission-critical applications becoming unavail-able? This exact scenario took place on February15, 2008, when Amazon’s S3 experienced aservice outage that lasted for approximatelytwo hours. As many organizations, particularlystartup companies, have come to rely on the S3service, this disruption raised significant aware-ness regarding the perils of relying on a thirdparty to serve mission-critical needs. Althoughservice disruptions will become increasinglyrare as the technology matures, 100% reliability

will never be possible. Thus, who bears therisk? Would it be the cloud user, who simplyaccepts service disruptions as a normal “cost ofbusiness” (in the same way that a data centerunder one’s own control may not be completelyreliable either)? Would it be the cloud provider,who might be contractually obligated to guar-antee a particular quality of service (e.g.,99.99% uptime) and thus legally liable for lostrevenue, productivity, etc.? Theoretically, onecould even imagine third parties (e.g., insurancecompanies) assuming such risk for a premium.Whereas service disruptions are transient, thereare even more serious issues associated withdata integrity. What if a user’s data were lost orcorrupted? Once again, such risks could beborne by the user, the provider, or a third party.

In addition to service disruptions and dataintegrity, correctness of results as generated bythe cloud is another facet of reliability. In manycases, the processing-intensive nature of thetasks will make it impractical to validate resultsindependently. Consider the hypothetical exam-ple of a financial company running large-scalesimulations on the cloud, and then acting on theresults (perhaps on behalf of its clients). Unbe-knownst to them, flaws in the infrastructureresulted in corrupted data, and hence incorrectresults. The outcome might be investments thatlater prove to be disastrous. Who should bearthe liability in this case?

The issue of reliability is not only a techno-logical problem, however, as the adequacy oftelecommunications policy to address issuesregarding cloud computing needs to be care-fully considered, since it challenges fundamen-tal assumptions of telecommunications policy.Internet access and services fall under theumbrella of telecommunications regulation, socloud computing provision would presumablyas well. However, telecommunications laws arebased on the assumption that the purpose of anetwork is to ship “bits” in the form of voice ordata transmissions from point A to point B.However, the notion of cloud computing defiesthese expectations in at least three ways: First, itis not only data, but also instructions for process-ing that data, that are transmitted; second, thetransmitted data are frequently modified as aresult of computations occurring in the cloud; and

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

274 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS

third, there may not be a notion of a “recipient” inthe usual sense. (Results of the computationsmay be transmitted back to the sender, or sim-ply stored in the cloud itself.)

Further, telecommunications policy is notbased around ideas of providing a legal com-pensation framework for lost transmission con-tent. If a telephone call is dropped, the partiestalking are expected to call back, resume theirconversation, and fill in the missing details. If acompany drops too many calls, policy relies onmarket forces to drive the company out of busi-ness. However, cloud computing greatly ampli-fies the risk associated with data loss and servicedisruptions. Depending on the nature of the loss,it may be one blow from which a company cannever recover. (Due to the fluid nature of Web-based transactions, for example, a major serviceoutage may drive customers to a competitor,from which they might never return.) To whatextent cloud computing providers are liable fortheir services is a question that will need to beaddressed. Liability and potential litigation is agrowing concern of cloud computing providers,who function in a currently gray area. Unneces-sary litigation would stifle innovation, as notechnical system is infallible, and 100% uptimesand services simply cannot be guaranteed.

Utilities in both North America and the EUhave dealt with similar problems of privacy pro-tection, reliability, and liability, so it seems thattelecommunications law may serve as basis, orat least a model, for regulating clouds. Thisanalogy, however, raises the question of howtelecommunications law would view a cloud.Would it be considered an Internet service pro-vider (ISP)? A telecommunications provider? Acommon carrier? Or, would a new definitionunder telecommunications law be needed? Theclosest parallel might be viewing cloud computingas cooperating interconnected networks, whichwere envisioned in the Telecommunications Actof 1996 as part of universal access. The statusaccorded to cloud computing under the lawwould impact the rules applied to cloud comput-ing, the expectations of users for the reliabilityof cloud provision, and any potential actionsavailable to users beyond market forces.

The ongoing debate of network neutralitymay also have a considerable impact on the

development and progress of cloud computing.Cloud computing is highly dependent on a con-sistent and stable Internet platform. If networkneutrality is not guaranteed, the telecommuni-cations service providers that control the under-lining network connection would have theability to limit a cloud provider’s servicethrough pricing and distribution structures.Without network neutrality, under a differentialpricing model, telecommunications service pro-viders could effectively charge cloud providersmore, absorbing any potential profits (Odlyzko,2008). Telecommunications service providerscould even become themselves cloud providers,giving preferential treatment to their ownservices.

For cloud computing to effectively function,however, cloud providers need to be able tomanage their systems to schedule and prioritizetasks and data. As noted by Odlyzko (2008),cloud computing is merely an “extreme form ofvertical integration, just carried out by othercompanies than the telecommunications serviceproviders, and at higher levels of the protocolstack” (p. 16). Therefore, even with establishednetwork neutrality, cloud providers couldbecome limited in performing necessary opti-mization functions. In essence, network neu-trality could be a double-edged sword for cloudcomputing. Without network neutrality, tele-communications service providers could cut offor hamper the connection of cloud providers;with network neutrality, cloud providers maybe subject to the same regulations as telecom-munications service providers, meaning theywould not be able to regulate and optimize theirown services.

Security, Privacy, and Anonymity

After reliability, perhaps the most pressingconcerns for cloud users will be security,privacy, and anonymity. Clearly, the levels ofprivacy and anonymity available to the user of acloud will be lower than the user of desktop inmany cases (Delaney & Vara, 2007). To protectthe privacy of cloud users, care must be taken toguard both users’ data and applications formanipulating that data. For example, corporationsmay be concerned about the security of client

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

Jaeger, Lin, and Grimes 275

data and proprietary algorithms; researchers maybe concerned about premature release of newdata or discoveries; individuals may be con-cerned about personally sensitive information.Yet, as unauthorized releases of sensitive infor-mation by corporations and governments over thepast several years have demonstrated, the elec-tronic environment provides innumerable scenar-ios for the unwanted release of information.

Since the physical infrastructure in a cloudcomputing environment is shared among anumber of users, the fate of sensitive informa-tion (e.g., personally identifiable information,medical records, trade secrets) is a tremendousquestion. For example, if a bank stores recordsof customers (including, for example, socialsecurity numbers) in a cloud, what guaranteescan be made about the fate of such information?Even if an organization takes all the necessarysteps to protect sensitive information (e.g.,encrypting the records), are such efforts suffi-cient? Depending on the exact type of records,will regulatory obligations be met? In somecases, the proprietary algorithms for data pro-cessing are far more valuable than the dataitself. Could a particular user receive reassur-ances with respect to applications that run onthe cloud?

Wesabe and Mint are two early examples ofwhat the future may hold for sensitive data andcloud computing. Both of these Web-basedapplications are money management softwarepackages akin to the popular software Quickenor Microsoft Money. Each Web applicationfunctions by encouraging users to provide alltheir financial information to their service,which is then aggregated and systematicallyanalyzed. These services push the envelope ofprivacy, security, and confidentiality of sensi-tive data, yet they could be forerunners of thetypes of cloud services to come.

While there are basic issues that may beinherent in the nature of the cloud, such as acloud provider needing to profile users toensure service quality, users will not likelywant their actual content monitored. Manycompanies already provide contextualized adsbased on keywords, Web sites viewed, andother forms of automated learning of users’activities and content. Will users accept those

same strategies in a cloud? It appears that usersare willing to accept these strategies in e-mailsystems in exchange for increased convenience,storage capacity, and searching ability, if thesuccess of Google’s Gmail is any indication.Perhaps user attitudes will be the same forcloud computing. However, corporate usersmay be more concerned about monitoring ofinformation, even for ad placements, than theindividual users of Gmail accounts.

Furthermore, cloud computing could alsoeasily open up the ability of third parties to mon-itor content in a similar fashion. Users of alltypes may prove less comfortable with both pro-viders and third parties monitoring or possiblyusing their information. One Microsoft VicePresident working on the company’s cloud com-puting efforts has suggested “you may win aNobel Prize by analyzing data assembled bysomeone else” (quoted in Baker, 2007, ¶ 35).Such statements will likely have a chilling effecton the enthusiasm of researchers for cloud com-puting who wish to keep control of their owndata and have no one else looking at it.

To ensure the growth and adoption of cloudcomputing, it will be necessary to find technol-ogy and policy solutions for ensuring privacy(in some form) and assuring information secu-rity. In these circumstances, ensuring anonymitywill not be sufficient. Solutions have been devel-oped to ensure user anonymity on peer-to-peernetworks, and these technologies may transfer tothe cloud concept (Singh, Gedik, & Liu, 2006).However, while anonymity of users’ activitieswill clearly be a central aspect of protectinguser privacy, much of the information flowingthrough the cloud will not only have to be pro-tected in terms of who it belongs to, but alsowhat it is. In the United States, since there is nouniversal standard for privacy protection, itmay be a significant issue to determine whattype of privacy is guaranteed in cloud comput-ing, if any, or if it will be left up to individualcloud providers to decide. Furthermore, cloudcomputing is a global service, crossing multiplegovernments and their differing sets of regula-tions and servicing users across the world; itwill also have to account for the privacy con-cerns of different cultures and the privacy lawsof numerous countries. Even between European

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

276 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS

Union member nations and the United States,there are significant differences in the defini-tions of privacy and variations in types of pri-vacy protection available (Sunosky, 2000).While the World Summit for the InformationSociety (http://www.itu.int/wsis/index.html) hasspearheaded a number of efforts to use cloudcomputing to encourage collaboration andreduce deficits of scientific knowledge in certainregions of the world, intergovernmental collabo-ration on cloud computing standards seems notto have been explored yet.

Such differences may not only confuse users,but may become more problematic if users areusing multiple cloud providers, with or withouttheir knowledge. One can imagine in the futurea network of cloud providers, and an efficientmechanism for “routing” computing resourcesto where they are needed, much in the sameway the power grid is managed today. Say auser connects to provider A, but provider Adoesn’t have enough “compute cycles.” Toguard against exactly such a scenario, providerA has contracted to purchase computingresources from provider B for limited durations.Thus, provider A proceeds to transfer the user’sdata and code over to provider B, without theuser’s explicit knowledge.

This type of scenario also raises anotherissue of privacy and security: the establishmentof controls on what cloud providers can andcannot do with users’ data. Cloud providershave legitimate reasons for monitoring use ofthe resource, which is necessary to perform rou-tine maintenance, to more effectively balanceload across servers, to optimize for certainusage profiles, etc. However, at what point doesinformation gathering become nefarious datamining? While clearly-stated usage agreementsmight address this problem, such a solutionmay prove to be overly reliant on industry tomake these decisions, given the potential reve-nue that could come from, for example, adver-tising targeted to cloud users, as discussedabove.

Yet another related issue concerns the cloudprovider’s obligation (if any) to maintain theanonymity of its users and serve as a neutralprovider of computing capacity. Would it repre-sent a conflict of interest for a cloud provider to

supply services to two competing companies?In this case, technical solutions may preventunauthorized access of data. Nevertheless, thereare no clear guidelines with respect to the obli-gations of the cloud provider in these cases.

Perhaps more complicated is the fact thatcloud computing also highlights the difficultyof protecting information stored on remote sys-tems from government investigations. Searchwarrants for off-line computers are muchharder to get than for online databases, and pro-viders would likely have no requirement forinforming users of such a search warrant (Ma,2007). Since 2001, the United States govern-ment has engaged in amazingly comprehensivegathering, surveillance, and analysis of electronicinformation through a mix of laws, executiveorders, and secret programs (Gorham-Oscilowski& Jaeger, 2008; Jaeger, 2007; Jaeger & Burnett,2005). When a subject of interest is identified, themore targeted information collection may extendwell beyond that subject. For example, Verizonacknowledged to Congress that the governmentrequested data about not only specific subjects,but also about individuals several degrees outfrom a subject—that is, an individual whophoned a second person, who phoned a thirdperson, who phoned the target of the investiga-tion would still have all of his or her recordscollected even if she or he has never heard of thetarget of the investigation, who was three genera-tions of phone contact away (MSNBC, 2007).

The USA PATRIOT Act, the HomelandSecurity Act, and other related security legisla-tion, coupled with sophisticated electronic infor-mation-gathering technologies, make it possiblefor the government to gain access to electronicinformation in virtually any context. With per-sonal, corporate, and even secret data and codeflowing through a cloud computing network, theconcept of generations of data being gathered bythe government in an investigation become par-ticularly problematic. As such, the current gov-ernment approach to surveillance and securityhinders trust and use of cloud computing for fearthat innocent but sensitive data or code mightbecome snared in an investigation. This linger-ing mistrust and fear of governmental snoopingis already having a negative backlash on certainGoogle services (Avery, 2008).

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

Jaeger, Lin, and Grimes 277

For all of these significant concerns, it isclear that having the cloud provider define ausage policy is not enough to address privacyand security. One obvious solution is for usersto encrypt whatever data resides in the cloud.Although this solution may suffice for the stor-age of data, it may prove technically cumber-some to implement algorithms that couldprocess the data in an encrypted form. Decryp-tion on-the-fly prior to processing is not a solu-tion, since it creates a point of vulnerability inthe cloud. Furthermore, for competitive intelli-gence purposes, it may not be necessary to gainknowledge of the exact processing being per-formed by a user: simple observations of howmuch and for how long may provide valuableclues themselves.

Access and Usage Restrictions

The concept of cloud computing also raisesquestions of proper access and use. Users willwant to access and use the cloud on their ownterms, yet will also want their intellectual prop-erty rights protected. The protection of copy-right in types of materials stored on and sharedthrough clouds has received some consider-ation, and cloud providers believe the ability totrace usage will serve as a means of preventingillegal activity (Delaney & Vara, 2007; Ma,2007). However, this does not fully consider allof the dimensions of access and usage that arerelevant to cloud computing, most significantlythe issue of licensing. The unique issues ofcloud computing may ultimately illustrate thattechnology has reached the point that there isserious need to rethink how intellectual propertyis licensed.

If a user has a license for a particular soft-ware product or dataset and uses it in his or herwork, can he or she still use the licensed prod-uct in the cloud? Recall that to make effectiveuse of the cloud, both data and applications mayneed to be transferred over to the cloud pro-vider. Licenses typically forbid redistribution,but whether use of cloud computing could beviewed as redistribution is an interesting ques-tion. Data and applications are being sent to athird party, but that third party is not “using”the licensed products in any real sense. And yet,

licenses tend to be written to be as inclusive aspossible (Carrico & Smalldon, 2004).

A parallel issue of access related to cloudcomputing exists in the provision of interna-tional access to a cloud. Cloud computingmeans that anyone with an Internet connectioncan access the cloud, including people in othercountries. Licensing and use agreements maybe different across national markets and certainproducts may only be available in certain mar-kets, but the cloud eliminates such differences.This may raise some problems for cloud pro-viders in the types of software and processingcapacities available in the cloud. Further, cloudproviders may be affected by export controlregulations and limitations on sharing of scien-tific information with certain nations (Jaeger,2007; Jaeger & Burnett, 2005).

Similarly, cloud users may engage in activi-ties that violate intellectual property rights ofothers or represent some other forms of illegalactivity. Just as ISPs are liable to limit illegalfile-sharing activities on their networks, andWeb sites must remove materials to which theydo not own the copyright, cloud providers mayhave to place controls on the use of their com-puting resources. (Note that this would be tech-nically very challenging.) If users engage incriminal activities by employing the processingpower of the cloud—breaking governmentencryption or cracking Web sites—would theprovider of the cloud be liable? If so, that wouldmean cloud providers would have to engage invery close monitoring of cloud activities, whichwould further enhance issues of privacy andsecurity within the network. Similarly, cloudproviders may have to worry about users tryingto engage in criminal activities by stealing otherusers’ data, such as corporate espionage.

There may also be issues of public access inthe provision of cloud computing. If any com-puter can be connected to a cloud, will cloudproviders be willing to accept public accesscomputers? A large percentage of Americansrely on public access computers, such as thoseprovided by public libraries, as their sole meansof getting online (McClure, Jaeger, & Bertot,2007). If public access computers are not includedby cloud providers, then a large numbers of userswill be unable to access the capacities of the

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

278 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS

clouds, creating new forms of social disparitiesin technology access. Cloud computing wouldalso offer a means of assisting organizations thatprovide public computing access, many of whichare overwhelmed by the capacity and technicaldemands of Web 2.0 content and services (Jaeger,Bertot, & McClure, 2007; McClure et al., 2007).

In spite of all of the policy concerns, cloudcomputing ultimately has the potential to helpbridge certain gaps in access to digital content.By moving computing and storage away from theusers, cloud computing reduces the demands andrequirements on local hardware that individualshave to purchase. While the gap in broadbandaccess would still need to be addressed, hardwarecosts can be eliminated or greatly marginalizedby cloud computing. Storing and computing inthe cloud would be beneficial and more economi-cal for the many people who do not own a com-puter or who have trouble affording a computer(Carr, 2008).

COMPUTING IN A POLICY CLOUD?

As the selection of issues discussed abovedemonstrates, there are significant uncertaintiesabout and tensions between public policy andtechnological capacity in the development andprovision of cloud computing. In some cases,the technical solutions available might not becompatible with policy mandates. For example,only a certain amount of security can be everguaranteed to users by providers as a result ofgovernment surveillance and data collectionactivities. While the policy issues raised aboveclearly demonstrate that there are many poten-tial concerns raised by the unique nature of cloudcomputing, combining aspects of computer,information, and telecommunications issues, italso demonstrates a larger policy problem.

Information policy in the United States, sim-ply put, is continuing to fall further and furtherbehind regarding policies related to new tech-nology developments and how these develop-ments are being employed. This gap betweenpolicy and technology has been noted, as hasthe increasing speed and distance of the gap asthe United States continues to make laws reac-tively and based on a pre-electronic mentality

(i.e., Braman, 2006). However, by raising somany different policy issues, cloud computingdemands meditation on the gap between policyand technology.

Many of the problems at the nexus of policyand technology derive from trying to use print-based concepts of policy in an electronic world.Intellectual property problems caused by thisgap may be the easiest to understand. For exam-ple, the extensions of copyright protection tosuch incredible lengths—life of the author plus80 years—create many questions of ownership,and these extensions create significant tensionswith the increases in access to informationbrought about by the Internet and electronicfiles. The exceptions created to try to addressthese issues, such as the fair use exemption andthe exemptions for use in distance education,only serve to make the issues murkier and leavemany information providers and users uncertainof their legal positions (Butler, 2003; Travis,2006). Orphan works—older works where thecopyright owner is untraceable—are virtuallyunusable, even by archives that own the items(Brito & Dooling, 2006; Carlson, 2005). Librariesstruggle mightily with previously much clearerissues of interlibrary loan, electronic resources,and services to distance learners, while univer-sities must determine how to try to provideresources to distance education students (Allner,2004; Carrico & Smalldon, 2004; Ferullo, 2004;Gasaway, 2000). At the same time, industries,educational institutions, and users struggle withthe implications of electronic files and theability to share files for music, movies, books,and other content formats (Strickland, 2003,2004).

Perhaps the most striking result of this uncer-tainty of intellectual property in an electronicworld is the Google Books project (http://books.google.com). The goal of this project isto digitize and make searchable every bookprinted, whether or not it is in copyright, and anumber of major libraries have made their col-lections available for Google to digitize. Thislegality of the effort has attracted some notefrom the mainstream press (i.e., Thompson,2006). However, the legal defenses Googlehas raised for digitizing and making freelyavailable copyright-protected materials without

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

Jaeger, Lin, and Grimes 279

permission of the copyright holders do not holdup well under basic legal analysis (Hanratty,2005). Yet, the confused nature of applyingprint-based conceptions of intellectual propertyto an electronic world allow for projects likeGoogle Books to plow forward under a cloud oflegal uncertainty. And intellectual propertyquestions are but one example of these kinds ofuncertainties at the intersection of technologyand policy in the United States. It seems thatcloud computing is similarly moving forward inuncertain legal territory, which might signifi-cantly hamper its legitimacy in the eyes ofmany users.

Currently, the decisions related to issues ofinformation policy raised by cloud computingare being made entirely by cloud providers.Amazon’s EC2 service presents an excellentexample of this. In January 2008, Amazon WebServices was storing 14 billion units of data,varying in size from a couple of bytes to 5gigabytes, and was handling 30,000 requests toits database per second (Hardy, 2008). A majorreason for these impressive numbers is thatAmazon’s services present enormous cost-savingsfor users in many cases (Hardy, 2008). How-ever, many of the issues discussed above areentirely absent from these agreements or absentin terms of the user.

The Customer Agreement (http://www.amazon.com/AWS-License-home-page-Money/b/ref=sc_fe_c_0_201590011_10?ie=UTF8&node=3440661&no=201590011&me=A36L942TSJ2AJA#10)focuses solely on the business transaction ele-ments of the service, on protecting Amazon’sintellectual property, and on releasing Amazonfrom responsibility regarding any of the con-cerns raised above. If you are concerned aboutthe security of your information, Section 7.2unreassuringly states that “you acknowledgethat you bear sole responsibility for adequatesecurity, protection and backup of Your Con-tent.” If you are concerned about the privacy ofyour information, your only protection is thestandard Privacy Notice (http://www.amazon.com/gp/help/customer/display.html/002–0131023–8675278?ie=UTF8&nodeId=468496) that appliesto all interaction with Amazon.com, not takinginto account any of the unique aspects of cloudcomputing.

As such, the businesses that provide cloudcomputing services are establishing corporatepolices that protect the providers, while manyusers are unaware of the potential policy impli-cations, and the federal government remainssilent on the issues related to cloud computing.Ultimately, however, the government maychoose not to act and allow the concerns to besettled by the free market. Perhaps the marketmay develop a cloud provider that chargesmore for stronger guarantees of privacy, secu-rity, and reliability. As things stand, users ofcloud computing services may benefit from thecost-savings but may be surprised by importantissues not addressed in relation to their cloudcomputing activities.

In the end, trust is a key reason that bothcloud providers and cloud users would want tohave these policy issues clarified and settled.Exactly one-half of the respondents to a 2007Pew Research Center study agreed with thestatement “You can’t be too careful in dealingwith people” (p. 2). People often find it harderto trust online services than off-line services.As examples, people perceive greater potentialrisk in shopping online, in engaging in socialactivities, and in participating in online politi-cal activities than they do in performing similaractivities offline (Best, Kreuger, & Ladewig,2005). The distrust of online services is evennegatively affecting the level of trust accordedto organizations than have long been respectedas trustworthy, such as fears about electronicrecords that are undermining the long-heldtrust of public libraries (Jaeger & Fleischmann,2007).

If highly personal information were beingstored in a cloud, the importance of trust growsexponentially. The Health Insurance Portabilityand Accountability Act (HIPAA) of 1996 cre-ated very intricate standards to protect the pri-vacy of patient information in medical records(Wun & Dym, 2008). Yet, currently, userswould have no idea how highly sensitive infor-mation would be handled by the cloud provider.As such, if users do not feel that they can trustcloud providers to keep their informationsecure, private, protected, and reliably accessi-ble, then many users will opt not to use cloudcomputing. It is therefore imperative for cloud

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

280 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS

providers—in the interest of the users and of theprofitability of their systems—to embrace thedevelopment of policies for cloud computing.

CONCLUSION: BRIDGING OPPORTUNITIES AND POLICIES

IN CLOUD COMPUTING

Cloud computing is likely to present manypolicy questions and raise many issues as itbecomes more commonplace. However, it willalso likely serve to further highlight the ever-widening gaps between the capacity of tech-nology and the focus of policy. Though notechnological development has yet to forcepolicy-makers in the United States to begin toconceive of information policy as proactiverather than reactive and to move away frompre-electronic bases for concepts of policy, itis worth considering whether cloud computingmight serve as such an instigator.

Thomas Watson, Sr., former chairman ofIBM, was once allegedly misquoted to havesuggested in 1943 that the total market for com-puters around the world would not exceed five(Carr, 2008). Although this quote was neververified, it is often lampooned and propagatedby the tech savvy as a silly, shortsighted predic-tion of the future. However, with the advent ofcloud computing, it might ironically become aneerily accurate prediction of the future. The his-tory of computing is becoming cyclic—usersonce all connected to a central mainframe to dotheir computing, only to later have that para-digm eventually shift towards desktop comput-ing, with each user having his or her owncomputer. Cloud computing completes thiscycle, as computing returns toward a central-ized source.

Given the factors of economies of scale,first-mover advantage, network effect, and pathdependency, the future may only be able to sup-port a few massive cloud computing providers.Those first to develop platforms will have thefirst-mover advantage that would later be fur-ther supported by the network effect. Latecom-ers would have difficulty overcoming thenetwork effect, and smaller cloud providers

could be unsuccessful in competing due to theadvantage of cost given by the economies toscale. These cumulative dynamics would resultin the future of Watson’s erroneous quotation,leading towards the potential monopoly orduopoly of all computing. Moreover, due toissues of vertical integration, cloud providerscould have the potential to achieve a verticalmonopoly (Odlyzko, 2008).

As it simultaneously offers potential benefitsto such a wide range of users and raises so manydifferent issues of information policy, cloudcomputing might not only serve as a means oftechnological but also policy advancement. Thegaps between policies and technological reali-ties are becoming so significant in some casesthat arguments can be made that informationpolicies may have to be completely rethought(Travis, 2006). This situation is further con-founded by the number of policy decisions leftto the marketplace in the United States that aremore heavily regulated through policy in othernations. The protection of personally identifi-able information provides such an example—there are enormous differences between theminimal regulation of the United States and theintricate protection structures of the EuropeanUnion (Sunosky, 2000).

In approaching cloud computing from apolicy-making standpoint, the regulation ofe-government may serve to be instructive.While e-government is clearly a governmententerprise and cloud computing a nongovern-mental one, e-government is an online technol-ogy that developed quickly and needed guidingpolicies after development was well underway. A series of policies, regulations, and theE-government Act of 2002, however, gaveshape to development and regulation ofe-government. In a similar fashion, the develop-ment of policies, regulations, or even a law tocover cloud computing issues would beextremely helpful in sorting out the concernsand uncertainties currently related to cloud com-puting for providers and for individual and orga-nizational users. With the current lack ofpolicies or court decisions about cloud comput-ing, however, the lack of guidance presents animpediment to the development of the potentialof and to user adoption of cloud computing.

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

Jaeger, Lin, and Grimes 281

Based on the discussion herein, there seem tobe two approaches that could be taken individu-ally or concurrently: either regulation by a des-ignated federal government agency, such as theFederal Communications Commission, or legis-lation mandating greater precision in serviceagreements between the providers and users ofcloud computing. Either of these methodswould have the goal of establishing acceptedcloud computing standards for the following:

• Basic thresholds for reliability• Assignment of liability for loss or other

violation of the data• Expectations for data security• Protections of privacy• Any potential expectations for anonymity• Access and usage rights• International standardization to promote

transborder data flows in clouds

The specific elements of these standards couldbe established through regulation or creation ofparameters for future service agreements.Whichever approach is taken, this issues will bekey elements to address the policy issues andfoster user trust in cloud computing.

Aside from direct interventions in terms ofpublic policy, there are other efforts that can bevery helpful in the development of some notionof cloud policy. Education is a key first step.The six schools that are a part of the IBM/Googleinitiative are developing and implementingeducational courses on cloud computing.Courses such as these will help to preparefuture information professionals and computerscientists to be more cognizant of the issuesraised by cloud computing and to be attuned toaddressing these issues. The University ofWashington is a leader in this regard, havingsuccessfully designed and implemented under-graduate computer science courses in 2007 oncloud computing (Kimball, Michels-Slettvet, &Bisciglia, 2008). Ongoing efforts at the Universityof Maryland include a joint research and educa-tion initiative that pairs undergraduate studentswith Ph.D. students in working on cutting-edgeresearch problems in text processing, such asstatistical machine translation and analysis of e-mail archives (Lin, 2008). While both primarily

focus on technological issues, at least the latterprogram includes a discussion of policy issuessuch as those raised in this article.

Policy research also clearly needs to bringgreater focus on this area. While many com-puter scientists may be drawn to the interestingtechnological issues raised by cloud computing,and technological futurists will focus on theutopian or dystopian possibilities inherent in thetechnology (i.e., Carr, 2008), there are a wealthof important social and policy questions raisedby cloud computing, such as the following:

• What expectations for privacy, security,reliability, and anonymity do users ofcloud computing have?

• Are there variations in these expectationsamong individuals, corporate users, aca-demic users, and governmental users?

• Would greater degrees of privacy, secu-rity, reliability, and anonymity influenceusers’ decisions about which cloud providersto use?

• Have users even considered issues like pri-vacy, security, reliability, and anonymity?

• Do users have any concerns about protectionof their intellectual property in the cloud?

• Do users have any concerns about themonitoring of their activities in the cloudby providers or by the government?

• Do users only trust cloud computing forcertain types of functions?

• Can information policies for print-basedenvironments intelligibly translate to cloudcomputing? If so, how?

• What issues of cloud computing are com-pletely unaddressed in the current policyenvironment?

These are just a sampling of the types of researchquestions raised by cloud computing that wouldnot only illuminate this particular technology,but that would also have relevance to greaterquestions of the relationships between technol-ogy and policy in the electronic environment.Data on these questions would also be extremelyvaluable in crafting a public policy response tothe issues raised by cloud computing.

If a particular technology is used widelyenough and encounters enough significant

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

282 JOURNAL OF INFORMATION TECHNOLOGY & POLITICS

policy issues, perhaps it will generate momen-tum for a broad reassessment of the informa-tion-policy–making process in the electronicage. While cloud computing is very new, it isworth considering whether and how its devel-opment may ultimately impact the large mosaicof policies related to technology. Though it isnot difficult to identify potential informationpolicy issues in cloud computing, potential pol-icy-based solutions to these issues are less obvi-ous due to the newness of the technology and tothe previously discussed disjunctions betweentechnology and policy in the United States.

The unique nature of cloud computing—andthe potential for it to become a truly ubiquitoustechnology employed by individuals, academicinstitutions, corporations, and perhaps even gov-ernment agencies—provides an opportunity toconsider essential issues of technology and pol-icy that seem destined to continue to grow insignificance as technology continues to evolve.This article is intended to identify and encour-age discussion about the policy issues related tocloud computing. It is hoped that providing seri-ous consideration for and research about theseissues, as cloud computing is in its developmen-tal stages will allow the policy concerns to beaddressed in a timely and satisfactory mannerbefore cloud computing becomes too large ortoo widely used to regulate effectively.

NOTE

1. Throughout this article, “user” refers generically toorganizations or individuals who exploit cloud computingtechnology. While these types of users may have somedifferent interests and perhaps different concerns based onscale of data involved, generally a corporate and an indi-vidual user are going to have the same policy-relatedexpectations and concerns related to cloud computing.

REFERENCES

Allner, I. (2004). Copyright and the delivery of library ser-vices to distance learners. Internet Reference ServicesQuarterly, 9(3), 179–192.

Avery, S. (2008, March 24). Patriot Act haunts Googleservice. Globe and Mail. Retrieved July 2, 2008, from

http://www.theglobeandmail.com/servlet/story/RTGAM.20080324.wrgoogle24/BNStory/Technology/home.

Baker, S. (2007, December 14). Google and the wisdom ofthe clouds. Business Week. Retrieved July 2, 2008,from http://www.msnbc.msn.com/id/22261846/.

Best, S. J., Kreuger, B. S., & Ladewig, J. (2005). The effect ofrisk perceptions on online political participatory decisions.Journal of Information Technology & Politics, 4(1), 5–17.

Braman, S. (2006). Change of state: Information, policy,and power. Cambridge: MIT Press.

Brito, J., & Dooling, B. (2006, March 25) Who’s YourDaddy? Wall Street Journal, A(9).

Butler, R. P. (2003). Copyright law and organizing theInternet. Library Trends, 52(2), 307–317.

Carlson, S. (2005). Whose work is it, anyway? Chronicleof Higher Education, 51(47), A33–A35.

Carr, N. (2008). Big switch: Rewiring the world, from Edisonto Google. New York: Norton.

Carrico, J. C., & Smalldon, K. L. (2004). Licensed to ILL:A beginning guide to negotiating e-resources licensesto permit resource sharing. Journal of Library Admin-istration, 40(1–2), 41–54.

Delaney, K. J., & Vara, V. (2007, November 27). Googleplans services to store users’ data. Wall Street Journal.Retrieved July 2, 2008, from http://online.wsj.com/article/SB119612660573504716.html?mod=hps_us_whats_news.

Ferullo, D. L. (2004). Major copyright issues in academiclibraries: Legal implications of a digital environment.Journal of Library Administration, 40(1–2), 23–40.

Gasaway, L. N. (2000, Fall). Values conflict in the digitalenvironment: Librarians versus copyright holders.Columbia—VLA Journal of Law & the Arts, 24, 115–161.

Gilder, G. (2007). The information factories. Wired,14(10). Retrieved July 2, 2008, from http://www.wired.com/wired/archive/14.10/cloudware_pr.html.

Gorham-Oscilowski, U., & Jaeger, P. T. (2008). National secu-rity letters, the USA PATRIOT Act, and the Constitution:The tensions between national security and civil rights. Gov-ernment Information Quarterly, 25(4), 625–644.

Hand, E. (2007, October 24). Head in the clouds. Nature,449, 963.

Hanratty, E. (2005). Google library: Beyond fair use? DukeLaw & Technology Review, 10. Retrieved July 2, 2008,from http://www.law.duke.edu/journals/dltr/ articles/pdf/2005dltr0010.pdf.

Hardy, Q. (2008, February 11). The death of hardware. Forbes.Retrieved July 2, 2008, from http://www.forbes.com/technology/forbes/2008/0211/036.html.

Jaeger, P. T. (2007). Information policy, informationaccess, and democratic participation: The national andinternational implications of the Bush administration’sinformation politics. Government Information Quar-terly, 24, 840–859.

Jaeger, P. T., Bertot, J. C., & McClure, C. R. (2007). Pub-lic libraries and the Internet 2006: Issues, funding, andchallenges. Public Libraries, 46(5), 71–78.

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

Jaeger, Lin, and Grimes 283

Jaeger, P. T., & Burnett, G. (2005). Information accessand exchange among small worlds in a democraticsociety: The role of policy in redefining informationbehavior in the post-9/11 United States. LibraryQuarterly, 75(4), 464–495.

Jaeger, P. T., & Fleischmann, K. R. (2007). Public librar-ies, values, trust, and e-government. Information Tech-nology and Libraries, 26(4), 35–43.

Kimball, A., Michels-Slettvet, S., & Bisciglia, C. (2008).Cluster computing for Web-scale data processing. Pro-ceedings of the 39th ACM Technical Symposium on Com-puter Science Education (SIGCSE 2008), Portland,Oregon, 116–120.

Lin, J. (2008). Exploring large-data issues in the curricu-lum: A case study with MapReduce. Proceedings ofthe Third Workshop on Issues in Teaching Computa-tional Linguistics at ACL 2008, June 2008, Columbus,Ohio, 54–61.

Lohr, S. (2007, October 8). Google and IBM join in ‘cloudcomputing’ research. New York Times. Retrieved July2, 2008, from http://www.nytimes.com/2007/10/08/technology/08cloud.html.

Ma, W. (2007, November 29). Google’s Gdrive (and its adpotential) raise privacy concerns. Popular Mechanics.Retrieved July 2, 2008, from http://www.popularmechanics.com/technology/industry/4234444.html.

McClure, C. R., Jaeger, P. T., & Bertot, J. C. (2007). Thelooming infrastructure plateau? Space, funding, connec-tion speed, and the ability of public libraries to meet thedemand for free Internet access. First Monday, 12(12).Retrieved July 2, 2008, from http://www. uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2017/1907.

MSNBC. (2007, October 16). Telecoms won’t talk aboutsurveillance. MSNBC. Retrieved July 2, 2008, fromhttp://www.msnbc.msn.com/id/21322332.

Naone, E. (2007, September 18). Computer in the cloud.Technology Review. Retrieved July 2, 2008, from http://www.technologyreview.com/Infotech/19397/?a=f.

Odlyzko, A. (2008). Network neutrality, search neutrality,and the never-ending con?ict between efficiency andfairness in markets. Minneapolis, MN: Digital Tech-nology Center. Retrieved July 2, 2008, from http://www.dtc.umn.edu/˜odlyzko/doc/net.neutrality.pdf.

Pew Research Center. (2007). Americans and social trust:Who, where and why. Washington, DC: Author.

Singh, A., Gedik, B., & Liu, L. (2006). Agyaat: Mutualanonymity over structured P2P networks. InternetResearch, 16(2), 189–212.

Strickland, L. S. (2003, October/November). Copyright’s dig-ital dilemma today: Fair use or unfair constraints? Part 1:The battle over file sharing. Bulletin of the American Soci-ety for Information Science and Technology, 30(1), 7–11.

Strickland, L. S. (2004, December/January). Copyright’sdigital dilemma today: Fair use or unfair constraints?Part 2: The DCMA, the TEACH Act, and e-copyingrestrictions. Bulletin of the American Society for Infor-mation Science and Technology, 30(2), 18–23.

Sunosky, J. T. (2000). Privacy online: A primer on theEuropean Union’s Directive and the United States’Safe Harbor privacy principles. Currents: Interna-tional Trade Law Journal, 9, 80–88.

Thompson, B. (2006, August 13). Search me? Googlewants to digitize every book, publishers say read thefine print first. Washington Post, pp. D1 & D7.

Travis, H. (2006). Building universal digital libraries: Anagenda for copyright reform. Pepperdine Law Review, 33,761–833.

Wun, E., & Dym, H. (2008). How to implement a HIPAAcompliance plan into a practice. Dental Clinics ofNorth America, 52(3), 669–682.

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014

Dow

nloa

ded

by [

82.3

9.14

0.39

] at

13:

12 2

9 Ju

ne 2

014