I am rather disappointed with the 119 page consultation paper on cloud computing from the Telecom Regulatory Authority of India (TRAI). This is the third instance in the last couple of months where the TRAI is inquiring into aspects which should be left to market forces or dealt with by other regulators. The first two instances being its suggestion to control content providers and aggregators in its paper on free data and then confusing issues of privacy and security with net neutrality issues in its pre consultation paper on net neutrality.
The mandate of the current government is 'ease of doing business' and 'liberalise' / 'de-regulate' what ought not to be regulated. Most of the issues raised in the cloud computing paper, however, seek to do exactly the opposite!
'Digital India' needs the creation of a robust IT infrastructure and cloud is its integral part. For the MSME industry, especially the start-up community, it is extremely important to have access to affordable cloud infrastructure. Any policy that the government adopts ought to augment establishment of cloud services that reach rural India. The cloud computing (CC) consultation paper seems to almost suggest license raj, which in fact may throttle growth.
In view of the National Telecom Policy 2012, the Department of Telecommunications (DOT) requested TRAI to examine various aspects relating to CC services. Questions with respect to (i) government's adoption of cloud services (including requirement of separate cloud for government), (ii) steps for enhancement of cloud infrastructure in India, (iii) cost benefit analysis of adoption of cloud services, (iv) infrastructure challenges for establishment of data centers – seem relevant for government. In fact, I am happy to see that TRAI is considering tax subsidies to promote cloud services in India. However, Department of Electronics and Information Technology (DeitY) may be the appropriate department to examine these issues.
Now let me deal with controversial issues and aspects that appear out of scope for the CC paper.
First, the paper seems to suggest a legal regime for CC services; in fact a licensing regime. This will amount to over-regulation. On the one hand, the paper says that Cloud Service Providers (CSPs) may behave monopolistically and on the other hand it seeks to create entry barriers by introducing a licensing system. Cloud services are rendered through the infrastructure created by the private companies. It rides on the infrastructure of telecom operators and internet service providers (TSPs and ISPs), who are already regulated. I see no reason why CSPs should be subjected to additional licensing requirements. In fact, such requirements may be counterproductive and may keep CSPs away from India.
Second, the paper deals with questions with respect to data – control of data, data transfer (including cross border transfer), security against breaches and the like. However, these issues are not unique only to the cloud environment but are applicable to all digitized data. The Information Technology Act, 2000 (IT Act) deals with personal as well as non-personal data. For personal data, there is a separate Privacy Bill already being discussed. With this background, I see no reason to discuss these issues as part of the CC consultation process. Interestingly, in the net neutrality pre consultation paper, TRAI has raised queries relating to customer privacy! While I can appreciate TRAI's obsession with data protection issues, DeitY (and not TRAI) can take up this issues separately – and more holistically. There is scope for making the provisions of the IT Act broader and its enforcement stronger. India should also consider collaboration with other governments for quick information exchange for investigation of data breach crimes.
Third, the paper discusses aspects of quality of services, standards to be adopted by CSPs and interoperability between CSPs. Honestly, these should be left to be determined by the industry, either through commercial negotiations or through self-regulation. Law is seldom able to catch up with technological developments. Standards prescribed by law, in no time become obsolete and it takes ages for laws to be amended. The standards for encryption of data and the definitions of electronic signature under the IT Act are suffering from this lag. (Readers may remember the fate of encryption policy consultation paper last year). We can at best consider adoption of relevant international standards. There is one more reason that I suggest this. India cannot think about these issues in isolation. The cloud infrastructure is not located in single country. If each country starts imposing its own requirement, the CC model cannot work. International standards are already developing as discussed in the paper. India should actively contribute to that process. Government may include such international standards as part of eligibility criteria for tendering process for engaging CSPs.
Last but not the least, in the zest of discussing all these issues, the consultation paper has gone beyond this mandate and raised questions that purely deal with the relationship between two private parties (CSPs and its customer) e.g. billing and metering arrangement, data control and migration, mandatory interoperability between two CSPs and dispute resolution mechanism.
To summarise, TRAI should substantially narrow down its consultation paper to limit itself to questions relating to (i) adoption of cloud by government departments; and (ii) enhancement of cloud infrastructure in India. DeitY may separately deal with security of digital data. India should participate in development of international standards. Private parties should be left alone for all other matters!
One final comment, the current government has taken several aggressive challenges and has a lot on its plate. Government departments should focus on their specific mandates and avoid overlaps. It will help all stakeholders to contribute effectively in consultation processes.
We all look forward to bridging the digital divide and establishing a digitally smart India!
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.