PRISM fallout could damage trust in the cloud: Kroes

8 Jul 2013

Neelie Kroes, vice-president of the European Commission

Vice-president of the European Commission Neelie Kroes has called for the creation of a European cloud network and has warned that in the aftermath of the PRISM revelations by Edward Snowden it is vital that Europe works to rebuild essential trust in cloud computing.

Kroes said there is a clear need for a transparent legal framework around cloud computing in Europe and that reports around PRISM, the alleged US national security electronic surveillance programme, only increase that urgency.

“That would be a big step forward to rebuilding essential trust,” she said.

“The benefits of cloud computing are immense: but that’s precisely why it’s so important to restore trust. And the cloud is something particularly on my mind as I head off to Tallinn for our European Cloud Partnership.

“In some cases, of course, it may be legitimate for authorities to have some degree of access to information held online; and I think that most people would accept that, in the case of (say) a child abduction, or a terrorist plot. But it is absolutely clear to me that any such access always needs to be within a legal framework that is legitimate and transparent. And it’s understandable that these issues are troubling for many ICT users – whether using it for business or pleasure.

“In spite of the current increased attention given to cybersecurity, the subject obviously isn’t new; and indeed, the EU has set out strategies for cybersecurity and cloud computing to address the issues. From these, I suggest five ways to  tackle these issues and improve security and trust online.

“First, our cloud computing strategy is clear about the need for a transparent legal framework: like agreeing exactly the limited conditions under which third countries might access online information for law enforcement or national security. Reports about PRISM only increase the urgency.”

The need for a European cloud

Kroes said reports about PRISM have heightened calls for a European cloud.

But first we would have to overcome legal borders, barriers and divergences within Europe. That’s the only way to ensure the cross-border scale to really maximise the European cloud boost – without compromising on European protections.

“Many governments and other actors can see the cloud advantage – but if your ambitions don’t extend beyond national borders, they don’t extend far enough. Legal differences within Europe include the current patchwork of divergent data protection rules, which we need to bring together and modernise: but also things like different contract terms. And these are all areas we are already working on as part of the cloud strategy,” Kroes said.

She said tone sector still wary of moving to the cloud is the public sector, mainly because of security concerns.

She said a European Cloud Partnership consisting of 20 top advisers from the public and private sector has been instigated.

She added that high quality research can also mean stronger security and existing EU investment in advanced encryption, along with the uptake of open-source software, which leads to more transparency about vulnerabilities, will also help.

“For all the shock of recent revelations, we should not lose sight of the big picture. The cloud offers a fantastic chance for governments to deliver more integrated, effective and efficient services. And for businesses – especially small businesses – to have IT as flexible, nimble and innovative as they are, without massive start-up costs.

“Overall, the cloud boost is worth hundreds of billions of euros to our economy. And in fact in many ways cloud computing can be more secure than in-house alternatives: as expert cloud service providers can often take more effective measures than local data managers ever could, to stop data going astray,” Kroes said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years