Conflicts of Interest in the Cloud: Technology, Politics and “Virtual” Ethics
Start talking about the MPRE and you will immediately be met with groans and eye rolls from aspiring attorneys in the 47 of 50 states that require passage of this ethics exam for admission to the State Bar. While tedious, the MPRE is designed to make sure that young lawyers at least have a cursory grasp on some of the major ethical obligations and restrictions that come with practicing law such as: don’t sleep with your client, keep client communications confidential, avoid conflicts of interest, etc. Sounds simple, right? Well, maybe not so much, specifically when considering those “grey” areas that have caused many an attorney to end up on the front page of their local newspaper for ethics violations, especially when it comes to conflicts of interest. Basically, “conflict of interest” is self-explanatory: a person or company has two (or more) interests, and their dealings in one interest could influence their decisions regarding the other interest.
As an attorney, I always assumed that conflict of interest cases mainly had to do with people practicing law or dealing with financial transactions (self-dealing, anyone?), but who knew that conflicts of interest issues arise in the technology world all the time? Well, apparently that’s the case, especially when it comes to cybersecurity and cloud computing.
With the promotion of Obama’s Cloud First and Federal Data Center Consolidation Initiatives, more and more government entities are stepping into the spaces of cloud computing and virtualization. Interestingly, however, questions have come up with regard to how secure data really is in virtualized environments. Namely, these questions have to do with conflicts of interest, but how? Well, when a customer stores data or runs programs with a cloud or virtual vendor, the vendor has a vested interest in convincing the customer that the data is secure. After all, admitting to flawed security would likely result in the customer packing up and moving to another provider, which is increasingly easy in the scalable world of the Cloud.
As you can imagine, government entities were caught in somewhat of a bind between President Obama’s initiatives and ensuring data security. So what’s a civil servant to do?
Well, recently some Cloud providers have come up with a concept of MOLO, a managed colocation rack that allows the customer to monitor its data and identify any problems with security. So far, only a few providers have become players in this space, but I am interested to see who else jumps on this virtual bandwagon considering the millions of dollars in government spending that are likely to be put toward cloud computing and virtualization.
This topic reminded me of a recent class discussion in which the professors reiterated the idea that there are politics and social factors inherent in technological design, even apart from the uses of a particular technology. The professors used the example of bridges in NYC that were designed in such a way that city busses could not pass underneath them, thus preventing low-income New Yorkers from getting to the beaches on the other side of the bridges. So what about the politics of technology in the cloud computing world? It looks to me as if the politics and power structures surrounding the technology are changing in such a way that the power is shifting from the provider to the customer … especially when “Big Brother” is watching.