[LINK] SMH: 'Megaupload closure hits legitimate users'
Roger.Clarke at xamax.com.au
Tue Jan 24 08:47:10 EST 2012
On Sun, Jan 22, 2012 at 1:56 PM, Roger Clarke
<<mailto:Roger.Clarke at xamax.com.au>Roger.Clarke at xamax.com.au> wrote:
>[I've got a paper in press at the moment that examines 49 reported
cloud outages. If I'd held off a bit longer, this could have made a
At 18:58 -0800 22/1/12, Scott Howard wrote:
>Out of interest, did you also analyze how many non-cloud outages
>there were during the same period? How many companies Exchange
>servers went down due to power outages, hardware failure, bad (or
>no!) sysadmins, or any one of a thousand other causes - compared to
>how many times Google Apps or Microsoft Office 365 went down? Or
>what the time to recover was in either situation?
>Picking on cloud outages without considering the alternatives is
>like claiming that airplanes are unsafe because hundreds of people
>died in plane crashes last year, without taking into account the
>fact that they are still orders of magnitude faster than any other
>form of transport by any reasonable measure.
Yes, your point's good. And no, I didn't do that analysis. Using
media reports would have been an ineffective way to do it.
As previously posted, the paper is here:
Clarke R. (2012) 'How Reliable is Cloudsourcing? A Review of
Articles in the Technical Media 2005-11' Computer Law & Security
Review 28, 1 (January 2012), PrePrint at
I made a couple of brief mentions of the fact that cloud reliability
needs to be compared with the reliability of other services.
And I said this:
"In the case of local infrastructure or services such as a desktop,
LAN or workgroup server, an outage affects only those people who are
local to it. When, on the other hand, every staff-member is dependent
on the same infrastructure, the 'one out, all out' principle applies:
the organisation's business processes are frozen, and manual fallback
arrangements are needed. Some applications are by nature shared
organisation-wide, and hence co-dependency risks cannot be avoided
but instead have to be managed in other ways. But cloudsourcing
extends the co-dependency risk to services that were never subject to
it before. After an organisation has adopted SaaS for its office
applications, for example, a single server, database, network or
power outage renders unavailable the office applications, office
documents, mail-archives, appointments and address-books of every
staff-member, not merely those local to the point-of-failure. "You
have to think about ... not being able to do anything when, say,
10,000 workers are suddenly idled by a single tech outage" (Needleman
>I'd be interested in what definition you could use to decide that
>Megaupload were NOT a cloud provider for their customers? "Cloud"
>is definitely a vague term, but I don't think it's that vague!
Agreed, it's vague. In this paper, I said the following:
"The term cloud computing is applied to several somewhat different
forms of service. Their common feature is that servers are
'virtualised'. This means that the concept of a server has ceased to
mean 'a computer that runs processes that provide services to other
computers', and has reverted to its original sense of 'a process that
provides a service to other processes'. This time around, the process
can run in any of a large number of computers (and probably an
indeterminately large number of them), which can be widely dispersed
across many locations and many networks".
>I think the real moral of this story is that you need to investigate
>your cloud providers with a level of diligence that is relevant to
>the type of service they are providing you.
Agreed. The paper concluded:
"A significant proportion of user-organisations appear to have
adopted cloudsourcing precipitately, without ensuring that the
services will satisfy their business needs. Company directors have a
clear obligation at law to ensure that risk assessments are
undertaken, and that risk management plans are in place. This is no
longer pioneer territory. ... The evidence of these reports suggests
that many company directors may be in breach of their legal
obligations, and that their organisations need to re-visit their IT
sourcing strategies, and to do so very quickly".
>Given that the Megaupload Terms of Service specifically stated that
>they were not responsible for the safe storage of people files, and
>that they could stop providing service to them at any time, it's
>hard to see how the loss of such files is the responsibility of the
>US government, rather than the users that uploaded them.
Suppliers can write anything they like in their Terms of Service.
Consumers are very slack (and that includes remarkably large
organisations purchasing consumer services, and even purchasing
factors of production!). So suppliers have been getting business
even though they do everything their lawyers can come up with to
avoid any liability for anything.
The laws of many countries impose various kinds of minimum terms of
service, and courts will interpolate conditions that the suppliers
have tried to avoid. So, if a consumer has money, time, patience and
employs lawyers for a long time, and if the supplier hasn't been
bankrupted or skipped in the meantime, some kind of reparations may
However, regulation and consumer protection aren't easy, but they've
been abandoned as principles by governments like Howard's, and not
reinstated by successor governments like Rullard's. So 'dog eat dog'
and 'caveat emptor' rule right now, particularly in exciting new
markets like cloudsourcing.
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link