Listening to some recent talks, I noticed what seems like a conflict. Interviewed for CBC’s Spark, Nicholas Carr (full interview) says we are moving to cloud computing. Also on a recent Spark show, Bill St. Arnaud explains (full interview) how the Internet causes carbon emissions, and tells us we need to move data centres closer to power and cooling. Then we have Eben Moglen, Director at the Software Freedom Law Center, talking about the technology of memory and the major problems of putting our data out on the cloud, with that data being manipulated by software which we do not control.
I wonder if virtualization allows us the opportunity to have it both ways. The problem with putting our computing out in the cloud isn’t that we no longer have “physical possession”, but that our information is manipulated by software of someone else’s choosing and control. One thing we should take from the virtual worlds that new technology enables is that ownership and possession are possible without needing physical possession, whatever the term physical possession really means for digital information.
The fact that software implements many of the most important policies online is something discussed in Lawrence Lessig’s book Code and other laws of cyberspace, and we always need to be asking ourselves who controls this policy.
I already use virtualization in my own network to separate operating system issues which touch the hardware (device drivers, physical disks, etc) and interdependencies between different libraries used by application software. Being able to upgrade software versions to deal with hardware changes entirely separate from application and support library changes has greatly simplified my management. It also helped greatly that in one case I took two shelves of power hungry computers and virtualized them into two physical computers.
Picture this: rather than running software and storing data on a computer that sits physically in my home or office, the software runs in a virtual machine elsewhere. The storage is very strongly encrypted, such that even the hosting company does not have access to the data. Please note that I’m talking about a future technology, as I’m not convinced any of the current virtualization offerings really offer what is needed. I thought Xen was promising, but the sale of XenSource to Citrix has pretty much killed the future possibilities of this open virtualization system. The virtualization system really needs to be Free Software to offer the required transparency, accountability and compatibility to everyone concerned.
Is this possible? We will always have the worry that the host of the virtual machine is manipulating the virtual machine such that they have access to the unencrypted data in memory, or the decryption keys which must obviously be stored somewhere. Anyone who has read about the Blue Pill malware issue may be wondering about similar issues on their existing physically possessed hardware.
While some trust is needed of the hosting company, we are talking about a very different scenario than Mr. Moglen was talking about with services such as those offered by Google, Microsoft, Facebook, Flickr and others. In those cases our data is stored in a way that it is not considered a breach of contract for the host to be accessing and aggregating the data, but where such activities are often explicitly approved as part of the terms of service.
I’m not convinced that there is a natural monopoly with large hosting services that are able to take advantage of physical location (near power, in colder climates to reduce cooling costs, near water cooling, etc). If we build standards for this type of virtualization service, the ability to move our computing and storage needs to competitors becomes easy. This competition creates an environment where terms of service can be enforced in the marketplace, and not just in the courts.
What do people think? Can we have our cake and eat it too by using virtualization to reduce the energy and maintenance costs associated with the physical aspects of computing, while at the same time retaining the privacy and security needs of the virtual aspects of our computing? What do you think the pitfalls or barriers will be? In a world where simple things like keeping the infrastructure of the net neutral becoming controversial, can this type of secure hosting service be possible?
Note: If you have not heard Eben Moglen speak before, I would like to recommend you listen to two previous talks titled “The Global Software Industry in Transformation: After GPLv3” and “Software and Community in the Early 21st Century”. Everyone has those people who motivate them in their field, and for me this is Eben Moglen. It is the type of things he speaks about that motivates me both in my volunteer policy work and blogging, as well as in my commercial FLOSS business.
