Like picking up any new technology or looking to make sense of the new technology, I start with looking at the new technology with references to established methodologies, approaches or techniques or simply methods. These established methods are still around, come cloud or no cloud.

I have heard references of cloud computing in terms of outsourcing or another way of addressing or outsourcing your computing costs. So folks also talk about cloud computing in terms of opex and/or capex. Is cloud computing new technology or another way to talk about outsourcing your computing costs?

After reading this excellent write up on Cloud Computing, my initial skepticism on cloud computing turns into childish delight! Ah! It makes sense to have the 4 letters i.e. SaaS, PaaS, IaaS to describe cloud computing in terms of services. It seems that cloud computing does resemble outsourcing except that with outsourcing one is led to address business function/activities instead of computing services. My next question -what services are offered by cloud computing that will radically change the way I work or use technology? An ediscovery question in cloud computing – will (or is) cloud computing radically change (changing) the ediscovery scene?

Right now I can’t think of any (cloud) services except that I will have to figure out what data do I consider cloud worthy. This sounds familiar in outsourcing too. The same question as what is core to my business, I keep in control and not outsource also applies to cloud computing. At the lowest level, is data core to my business? A tough question or a non question! There will be established or seasoned/reasoned questions which are irrelevant in cloud computing.

Businesses outsource their core function as ‘core’ is not an accounting concept or an IT concept. We don’t talk about core accounting costs or core computing/technological data or services. Do we?

It seems the focus is no longer on ‘core business’ or even services. Cloud computing is driving the way we handle or our ability to handle data – period. The signs are around us e.g. ‘Big Data’ and ‘BYOD’.

I am not interested in what cloud computing delivers, it is what data to ‘outsource’/give up to cloud service providers. There is data protection act (soon a law in itself) and privacy related concerns. It will be interesting to see whether the changes to the data regime will define further questions or will the changes redefine the way cloud computing is currently defined. I have not come across a piece of legislation that changes the way technology is defined (& hence it’s course of design, development and deployment). It is a known fact that law plays catch up in terms of technology. The ‘right to be forgotten‘ is probably the policy/rule makers’ way of acknowledging that computing is beyond ‘legal codifying’. Perhaps the policy makers in mixing data protection with privacy wanted to recapture the concept of privacy as defined by Judge Thomas Cooley in 1888 – The Law of Torts 29 (2d ed. 1888) – ‘the right to be left alone’.

So where does this lead to in terms of ediscovery, which is also here to stay whether cloud or no cloud.

One term that comes to mind is disruption as in disruptive technology with the intended consequences and (perceived) benefits.

Cloud computing is disruptive technology/computing for ediscovery at many levels as it touches on several areas where ediscovery is weak (in terms of uncertainty or complexity in data access and processing). Similar to the concept of ‘core’, ‘control’ and ‘trust’ are meaningless in disruptive technology. Meaningless in the sense that one invariably (even with contractual agreements in place) loses control of data (in the cloud). The issue with trust is – how can we trust cloud providers if we loses control of data? Control of data and issues of trust are interlock or meshed up as seen in the measures to deal with data protection and privacy rights. The emphasis on ‘protect’ data (as in data protection rather than ‘control’ ) seems to have lost its lustre in the attempt to address privacy of individual in the non physical data world.

So it is back to ‘handling of data’ which is essentially what we do when we do ediscovery. We ‘handle’ – as this cover all aspects of accessing or processing – as it is human that handle the data not computer.If this is not the case, why do we have ediscovery rules (CPR) that has description of ‘how to do…’ . Like all changes in rules/law, there will be disruption initially. So it is safe to say, changes in the data regime will disrupt the ediscovery rules or more accurately further disrupt the handling of data.

Can we define data in terms of services? It’s like defining personal and sensitive data (or secret data/info) as services for cloud computing. Maybe we are getting there in terms of 4 letters, as data is 4 letters too.

Can we really distinguish and be able to categorise data into neat buckets (or cells, columns, rows, stacks etc.)? Answer depends on who is distinguishing the data and what the data represent for who. Lots of ‘who’ when it comes to dealing with the reality of data…

This blog was triggered after reading the article, The Fog over the Grimpen Mire: Cloud Computing and the Law, and the recent volcanic ashes quadmire affecting not only the travel industry but also announcement from the ICC on the non- force majeure of the rules of UCP 600 (article 36), URDG 458 (article 13) and URC 522 (article 15), I can’t help but wonder why documents are still needed. No wonder my online banking is never really ‘instant’ when it comes to international payment/transaction – electrons travel but not the paper/document ‘money’. Is ‘money’ real or an illusion? The ‘bucks’ have to stop somewhere and it seems paper is still king in the digital age.

Recently, I was fortunate to have the chance to spend a brief period in the CIETAC office in Beijing and have my first taste of Chinese arbitration-mediation hearing and the administrative work done by the excellent staff in the CIETAC, Beijing. Paper documentation dominants the way the Chinese conduct businesses and invariably paper document finds their way into the dispute resolution mechanism. I am told that the important stuff with document is the red stamp or the seal that shows or authenticate or prove that a piece of document is ‘real’. The seal representing a symbolic proof that the business or transaction is genuine and/or the document has been approved by some high authority or power. In essence the seal is a physical mark – like a signature and yet not quite like a signature more like a symbol recognisable by those who know where the line crosses i.e. the power to draw the line.

Perhaps the Service Level Agreements or the detailed contractual clauses serve as a reminder that the ‘bucks’ have to stop somewhere. The ‘somewhere’ is non categorisable as the ‘act of god’ means different things to different people. Is that why no one really read into the fine print (except those that wrote them?) until the ‘act of god’ becomes a reality to be reckoned with – like in the volcanic ash events?

In my previous work as analyst (system and business) whereby I have to categorise data or model data to fit into a particular business domain or process, I wish I have the luxury to be able to formulate the neat category as described in the article, The Fog over the Grimpen Mire: Cloud Computing and the Law. The author described an approach to the Easter egg business as:
“A cloud computing service that processes data for a small business will have access to four different types of data. First, there is data about the small business’ own customers. For example, the data for an Easter egg business might include a list of past Easter egg purchasers, and information about their purchases. Second there is account data about the small business itself, including its contact and payment details.
Third is data generated by the operation of the services (some of which, for example the internal state of applications, may not be accessible to the small business). Last there is activity data, which tracks when and for which applications the business’ account with the service provider is used.”

What I find interesting is whether such approach to data categorisation can be extended to any business, not only small business. In the context of cloud computing, the law is applicable not only to small business.

Research into trust model(s) in the cloud and a new credit privacy rule (still in draft according to the report) in China.