One of the Obama Administration’s major initiatives is to push a cloud-first policy for US government information and communication technology (ICT) investments. With costs of on-premises data storage, software programs, and computer infrastructure soaring as part of the Federal ICT budget, it only makes sense for the Government to cut costs by taking advantage of the cost efficiencies that result from using remote computing services. Success in this effort might mean that the government will never have to construct a costly new data center ever again.
Unfortunately, the imposition of short-sighted government rules poses a great risk to these benefits. Many countries have passed or are seeking to pass laws that require the construction of local computer facilities or that prevent the free flow of information to remote servers. The rationale is sometimes to foster a local processing industry or to preserve domestic employment – even though the biggest employment gains for a local economy result from the increases in growth made possible by inexpensive computing services. Fears that information in the cloud is insecure contribute to the rationale, even though remote facilities can do a better and cheaper job of keeping information safe and secure.
Regardless of the motivation, these rules have the effect of preventing cloud computing providers from creating the most efficient combination of networks and computer systems. Instead of building one large data center to house and process information from a variety of countries or regions, cloud providers would have to build one data center for each country or region, thereby unnecessarily increasing costs. In some cases, this would mean that the service could not be provided economically at all because the scale would be too small.
For this reason, the US has adopted an international posture in favor of the free flow of information and against requirements for domestic ICT facilities. We even persuaded our partners in the European Union to go along with us. The recently negotiated EU-US ICT trade agreement contains a principle favoring unrestricted cross-border information flows. It says that “Governments should not prevent service suppliers of other countries, or customers of those suppliers, from electronically transferring information internally or across borders, accessing publicly available information, or accessing their own information stored in other countries.”
The agreement also embodies a principle urging governments not to impose local infrastructure requirements: “Governments should not require ICT service suppliers to use local infrastructure, or establish a local presence, as a condition of supplying services.”
In a domestic reflection of this policy, the Obama Administration recently recommended a provision in its proposed cybersecurity legislation that would bar local jurisdictions from requiring the presence of data processing facilities in its local area. It said: “Cloud computing can reduce costs, increase security, and help the government take advantage of the latest private-sector innovations. This new industry should not be crippled by protectionist measures, so the proposal prevents states from requiring companies to build their data centers in that state, except where expressly authorized by federal law.”
The U.S. State Department is engaged with our European partners and with Japan to oppose localization requirements in other countries. The United States Trade Representative is looking to push for bi-lateral trade agreements that incorporate provisions in favor of the unrestricted flow of information and against localization requirements.
What’s sauce for the goose, however, is sauce for the gander. If we want to push these policies successfully abroad, we must abide by them ourselves domestically.