BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

UK And Germany Double Down On Joint AI, Clean Energy R&D Efforts
Decarbonizing Heavy Transportation: Quantron's Michael Perschke On Pioneering Hydrogen Solutions
Bridging The Digital Divide In The AI Era - The UNDP Way
Big Tech Ramps Up Content Moderation Amid EU Pressure
Spain's Successful Miura 1 Launch Reignites Europe's Hopes For Space Exploration
UNESCO And The Netherlands Launch Initiative To Ensure Ethical Oversight Of AI
Edit Story
ForbesTech

Commission To Congress Re. The Cloud: Require Disclosure Of Server Locations

Lisa Brownlee
Former Contributor
Opinions expressed by Forbes Contributors are their own.
This article is more than 8 years old.
Tweet This

Correction Nov. 20, 2015 14:28 EST: The quote in the second to last paragraph was erroneously attributed in the Reuters report it cites to William Shea.  We have corrected our report to Commission Chairman, William Reinsch.

The US-China Economic and Security Review Commission (USCC) recommended Wednesday that “Congress evaluate existing consumer right-to-know laws to determine whether a cloud-based computing company has an affirmative duty to identify the physical location of its cloud based assets. ” This recommendation came in USCC’s 2015 Annual Report to Congress. USCC Commissioner Michael R. Wessel indicated in an email last night that the impetus behind this recommendation was to enable consumers to make informed choices about data storage/processing risks.

Cloud location transparency and cyber espionage

The recommendation for cloud location transparency came with little discussion about cloud computing in general, in the middle of the Commission’s 630-page report that also proffers five recommendations in its section, Commercial Cyber Espionage and Barriers to Digital Trade in China, including the highly-publicized recommendation that Congress permit U.S. companies that have been hacked to “undertake counter intrusions for the purpose of recovering, erasing, or altering stolen data.”

There were few instances in the report in which cloud computing in China was discussed. These instances pertained primarily to:

  • the requirement of foreign companies to form joint ventures in China as prerequisite to providing services, including cloud services, there; and
  • revival of banking regulations that would “jeopardiz[e] hundreds of millions of dollars in revenue for foreign tech companies selling a wide range of products from servers to cloud computing software.”

The history of U.S.-China hacking incidents, data exfiltrations and ongoing threats (also highly-publicized) were extensively discussed in the Report.

Commissioner’s explanation of cloud location transparency recommendation

When asked to clarify the origin of or basis for the recommendation about cloud location transparency, USCC responded in an email last night, in which Commissioner Michael R. Wessel stated for the record that the “recommendation is directed at evaluating the extent to which existing laws provide consumers the information they might like to have to make an informed decisions about which company's cloud-based services they utilize.”

His response continued:

“The expansion of cloud-based computing and storage and the geographic dispersion of the assets underlying those services may create a risk profile that consumers want to be aware of so that they can make an informed choice.” He added that the “recommendation was offered based on experience with both federal and private contracting situations where the vendors did not provide accessible information as to the nature of the IT services, including cloud-based services."

Context: Red Cloud Rising

The cloud location transparency recommendation is backed by considerable earlier research performed on behalf of USCC. In 2013 USCC released a report prepared by Defense Group Incorporated’s Center for Intelligence Research and Analysis (CIRA) entitled, Red Cloud Rising: Cloud Computing in China.* CIRA is “the premier open source and cultural intelligence exploitation cell for the US intelligence community.” The Red Cloud Rising report was intended to promote greater public understanding of the issues addressed by the Commission in its ongoing assessment of U.S.-China economic relations and their implications for U.S. security,” but is not implicitly endorsed by the Commission.

The report discusses the potential concerns for U.S. consumers caused by burgeoning China-based cloud computing services and solutions activities, “particularly if consumer data is being stored or processed using infrastructure located within Mainland China.” It also mentions that “Chinese progress in cloud computing is also important due to the Chinese military’s demonstrated interest in developing and procuring advanced cloud computing technologies.” One of the Red Cloud Rising report’s findings was that “future growth in US consumer use of China-based cloud computing infrastructure would likely raise significant security concerns.” One of its conclusions was that the “rise of China-based cloud computing services and solutions raises important concerns for US consumers, who may find themselves knowingly or inadvertently processing and storing sensitive data using cloud infrastructure located within Mainland China.”

Future of the Cloud in China

The Red Cloud Rising report states that Chinese industry analysis projections are that that China’s cloud computing industry will continue to grow, with the overall value chain reaching $122 to $163 billion USD by 2015.

In January of this year China began permitting foreign investors to fully own e-commerce companies in Shanghai's free trade zone, thus eliminating in that zone the requirement for US-China joint venture structure for cloud computing.

All major U.S. cloud service providers have operations in mainland China, including AWS, Amazon, and Microsoft. Last week Oracle announced plans to offer cloud services in China, in tandem with Tencent Cloud, “China’s largest and most-used internet service portal.” IBM also announced this month its plans to bring its “Bluemix” cloud platform to China, also (like Microsoft) pairing with the 21Vianet Group.

Hacking by China continues

In a news conference Thursday pertaining to the “massive” USCC Report, Commission Chairman, William Reinsch told reporters that hacking by Chinese actors “remains unabated." This echoed comments made by National Counterintelligence Executive William Evanina on Wednesday while announcing a forthcoming report on economic espionage in cyberspace.

“Evanina said the U.S. intelligence community doubts China could call an abrupt halt to its cyber-espionage if it wanted to, comparing such a dramatic change to ‘turning off a big faucet in China.’"

*The Red Cloud Rising report was amended in 2014 to correct and add new information about Microsoft’s cloud partnership with Chinese company 21Vianet.

Sources: USCC, Reuters, Bloomberg/Breitbart, Forbes

Follow me on Twitter
Lisa Brownlee
Lisa Brownlee