Cloud computing raises new ethics, sustainability questions

[Editor's Note: GreenBiz contributor Eric Louie wrote last week about some of the current environmental benefits of cloud computing. In this article, originally published in the BSR Insight, BSR authors Dunstan Allison Hope and Ryan Schuchard discuss the tech trend's potential for even greater sustainability gains.]

Just a decade ago, it would have been hard for all but the most tech-savvy to imagine the extent of cloud computing today. The cloud -- what some are calling “the factory of the 21^st century” -- is a complex system of data centers worldwide that store, process and deliver information on demand over the Internet, providing users with resources, applications and information that they previously would have stored locally. The cloud, run by a network of IT service companies, Internet firms and telecommunications services providers, offers services to all of us, from banks and retailers to individuals like you and me. It is both real -- requiring traditional inputs such as electricity -- and virtual.

Throughout the history of corporate responsibility, a few megatrends have redefined how we think about the ethics of business. The outsourcing of manufacturing to places with low labor costs and lax regulations, for instance, led to a rise in consciousness about working conditions at supplier facilities. Or the increasing number of people living at the “base of the pyramid” (the now 2.5 billion people who exist on less than $2.50 per day) prompted companies to address global poverty while advancing business interests.

We believe cloud computing has the potential to create new sustainability and ethical dilemmas. Addressing these dilemmas calls for a rethink on how we approach corporate responsibility.

To be clear, cloud services make a positive contribution to sustainability: The cloud encourages important clean-tech applications like smart grids and it also encourages consumers to use virtual services such as video streaming to replace resource-heavy physical products. The cloud also draws resources to where they are used most efficiently and its jobs tend to be cleaner and safer than those of more traditional industries.

What follows is an evaluation of how cloud computing could affect two of the most pertinent sustainability issues of our time: climate change and human rights.

The Climate in the Cloud

At the 2011 BSR Conference, Autodesk CEO Carl Bass posed a question about the power of what he called “infinite computing,” asking what we can do to harness the unlimited amount of computing to help solve some of today’s most pressing problems.

There is no doubt that the expansive power of computing can help us address sustainability challenges, but this technology also draws from the Earth’s finite environmental stocks and biosphere. Data centers are already responsible for nearly 1.5 percent of global electricity use -- a level that has steadily climbed despite the recent economic slowdown -- and there are troubling signs that data center power use will continue to grow substantially.

There are several interconnected issues related to the cloud’s impact on climate change: its swelling energy footprint, the fact that location makes all the difference on the carbon footprint, the cloak of secrecy around data center sites and the challenge of accounting for carbon when collaboration is so complex.

Regarding the first issue, there have been breakthroughs in energy efficiency at data centers, such as chiller-less servers and pods that use low energy in harsh climates, and there will be more. But as affluent consumers desire more high-tech equipment and applications grow hungrier for energy, global energy consumption will rise by around 40 percent by 2030, likely causing energy demand from data centers to outstrip efficiency gains.

Facility location is another challenge: If all else is equal, data center operators will build facilities where the energy is cheap, and usually, that means dirty. In the United States, more than half of all top data centers rely on coal for the majority of their energy needs, which means a lot of the new data centers are clustered in North Carolina and the Midwest.

Meanwhile, there is a tendency for operators to keep quiet about where their sites are located, which runs against the good practice of making carbon information transparent. Many companies keep certain site locations, such as suppliers, under wraps for competitive reasons, and cloud companies are even more secretive about data center locations due to often legitimate concerns about security. Customers whose personal information is stored at these data centers tend to appreciate this. Nevertheless, transparency about local carbon impacts remains a key element of climate responsibility, and companies will be under increasing pressure to disclose more and, when they can’t disclose, to explain why.

Finally, the cloud’s value chain is more complex than what current accounting and reporting systems can handle. Even the new Greenhouse Gas Protocol’s Scope 3 standard, the authoritative framework for measuring carbon in value chains, offers little guidance. The difficulty lies in the fact that the disparate collection of IT services companies, Internet firms, telecommunications and service providers make it hard to create accountability for carbon performance as a system. 

Next page: Challenges ahead

These four challenges point to some new themes that will soon be part of leading climate and corporate responsibility practice for cloud services providers:

1. Location matters. One of the greatest opportunities for cloud carbon reduction is with siting, since energy makes up such a large share of a data center’s footprint and the carbon content of electricity is determined by the local grid’s portfolio. This makes alignment among sustainability, operations and real estate teams crucial for managing carbon performance. Furthermore, the building companies that are erecting data centers have a responsibility to educate their clients about the carbon impacts and risks that result from the location they have chosen. They also have an opportunity to strengthen relationships by offering better insights and services to help clients get the most out of low-carbon siting.

2. Companies have a role in influencing electricity grids. Because data centers can be large energy customers, an additional point of leverage for developers and operators is to influence local policymakers and utilities to invest in more sustainable energy sources. Initially, this might seem radical. But savvy companies already negotiate electricity prices with utilities and engage with local governments on a range of policy issues, so this can be an extension of those conversations. Also, power utilities are effectively key suppliers -- if not the key supplier -- for energy-intense data centers and the practice of engaging suppliers on sustainability is a common frame of reference.

3. Transparency will enhance collaboration. Data center operators need to be more proactive about advancing carbon transparency by reporting as much as they can about carbon impacts through the Carbon Disclosure Project and communicating more earnestly about what can and cannot be disclosed. The more information companies can provide, the more tools researchers, civil society and service providers will have to establish metrics and public policies that improve incentives for investments in energy and carbon-efficient operations.

The Cloud and Human Rights

The extent to which the cloud affects human rights will depend on the range of services it provides. For example, there will be less of a risk associated with corporate information than personal communications. Some categories of customers (such as civil society organizations) may have more reason to be cautious than others (such as multinational corporations).

We believe cloud-services providers should consider their human rights' responsibility in two main dimensions: data center location and their role as gatekeepers to information.

The first responsibility is for a company to factor in human rights considerations when deciding on a data center location. In addition to price and local energy supply, a key factor in determining the ideal location for a data center is the local legal context. While some countries have strong privacy and security laws and practices, others do not, and this variation can significantly affect the cloud’s impact on privacy, security and freedom of expression.

When it comes to siting data centers, companies are understandably nervous about storing data in jurisdictions that may not respect the rights of their users and customers. For this reason, they often choose to locate data centers in places with favorable privacy laws, even if that means storing the data in a country outside the user’s location. Yahoo, for example, chose to locate its services targeted at the Vietnamese market in Singapore. However, governments are becoming wise to this and can retaliate by requiring that data be located within the country if the business is licensed to operate there.

The second responsibility of the cloud provider relates to its role as the gatekeeper of user data when law enforcement comes knocking for personal information. In theory, it is the customer -- the bank or the retailer, for example, and not the cloud-services provider -- that responds to a law enforcement demand. However, what often happens in a law enforcement context is shrouded in mystery. There are various controls and conditions that a local government can implement as part of the operating license that could bypass the customer altogether and go straight to the cloud-services provider. Additionally, and very importantly, when a cloud company provides services such as email or file storage to an individual customer, it is the company that decides whether to give in to law enforcement demand, not the customer.

This places cloud-services providers in a difficult position: In theory, they exist to provide virtual services to anyone, anywhere, unrestricted by traditional geographical boundaries or physical presence. In reality, the cloud is connected to the ground, and there is a very real ethical question about where to locate its physical presence. And as more business transactions take place in the cloud, cloud-services companies are caught between protecting the rights of their users and abiding by the law enforcement demands of their regulators.

Next page: How to make your cloud more ethical

So what is a responsible company to do? Consider these three ethical issues:

1. Location: For both the users and providers of cloud services, it is important to have a siting strategy that fully considers the legal and jurisdictional issues where the data centers and network architecture are located.

2. The role of law enforcement: For cloud services providers, it is important to know how to manage law enforcement relationships. This may mean insisting on due process, challenging law enforcement demands that may jeopardize human rights and promoting good governance and the rule of law. The Global Network Initiative is a good example of a responsible approach that supports greater interaction between companies and governments to enforce laws that protect rights to privacy, security and freedom of expression.

3. The importance of raising awareness: Cloud services providers are experts in the field, and therefore have a responsibility to provide advice and guidance to users who know less about how the cloud affects privacy and freedom of expression.

The Changing Ethics of the Cloud

In our conversations with companies about cloud computing, we’ve encountered objections to some of the views expressed here. We’ve heard it argued that cloud services companies have no business trying to influence energy policy -- that this is the prerogative of the energy industry. We’ve also heard that cloud providers should stick to their core contribution of “dematerializing” the economy (reducing the number of physical materials needed to run the economy) and “enabling solutions.” And we’ve heard it argued that cloud services companies should avoid engaging in human rights, the rule of law and good governance in high-risk countries -- that governments know best and the role of business should be simply to follow their laws.

But it’s important to remember the core definition of corporate responsibility (as defined by the European Union, ISO26000 and many others), which emphasizes the role of business in supporting sustainable development. In this regard, cloud computing represents two shifts that are highly relevant. First, its highly networked, decentralized structure blurs jurisdictional lines, raising questions about accountability that effectively have never been asked. Second, today’s version of cloud computing is a mere embryo of what will be one of the most important industrial revolutions of the 21st century. As significant infrastructure is built for an industry whose equipment is reinvented every two or three years, decisions made today will establish the architecture and communities we will have to work with later.

As cloud computing takes hold and changes the profile of business, so too will it change notions of business ethics and corporate responsibility. There was once a time when business would argue that suppliers should take sole responsibility for following labor and environmental laws, yet today we see armies of auditors and labor relations specialists going above and beyond what is legally required. A similar transition will arise with cloud computing, and activities deemed outside the scope of corporate responsibility today -- challenging unreasonable law enforcement demands and meddling in energy policy -- will be mainstream tomorrow. Now is the time for today’s most innovative companies to define what that looks like in practice.

This article was originally published in the BSR Insight.