Multilateralism vs Multistakeholderism – Is it One or the Other?

Francois HOLLANDE - President of The French REPUBLIC Republic
European Commission Plenary

The traditional path of multilateralism is usually thought of as very much based on interactions and agreements between nation states. This political form of organization is a closed system encompassing multiple governments, and there are strong barriers to enter or participate in the system. While it is premised on creating a binding effect (consensus), discouraging unilateralism, and giving a voice and voting authority to smaller powers, this is not always the case in multilateral arrangements. I will use the United Nations (UN) as a point of reference to validate my point.

In the UN, the objective is that irrespective of the differences in territorial size, population size, military power or economic strength, all states have the same legal personality, although it is universally acknowledged that this principle does not correspond to the reality. And while a ‘one state, one vote’ rule does exists within the UN General Assembly, the Security Council (the most powerful body within the UN) has five permanent members who all hold the power to veto resolutions brought by the other members. And while there is a revolving door in terms of non-permanent members, there are at least 60 members who have never held a seat on the Security Council. Inequality is very much evident in this arrangement.

However, although systems such as the UN remain multilateral from the perspective that only states are members of most of its formal bodies, civil society does participates in a consultative role. Furthermore, civil society organizations have performed important roles such as mobilizing support for UN policies, gathering information, offering advice and drafting treaties. In a number of conventions, NGOs have not only offered expert advice, but have also drafted treaty language. So, in effect, the system is not entirely closed.

That being said, this traditional path of multilateralism is still not well suited for maintaining an open, resilient, and secure Internet, mostly due to the fact that it is not informed by broad participation of various interested stakeholders — including businesses, technical communities, civil society, academia — through a consensus, bottom-up process of policymaking.

Still, to be fair to governments, there are references in the Geneva principles as well as the Tunis Agenda that recognize and affirm that a multilateral process should exist apart from the multistakeholder approach with regards to mapping out the future roadmap on Internet governance. A strong argument can also be made that the Internet governance ecosystem is not entirely sensitive to the cultures and national interests of nations, and that the current framework of Internet governance is not particularly effective in responding to some of the core and strategic concerns of nation states (cyber crime, cyber terrorism, child online protection, protection of critical infrastructure, taxation, etc.).

So what we need is continued evolution of Internet governance mechanisms to a point where there is successful interplay between multilateralism and multistakeholderism, and which substantially improves the degree to which multilateralism can in practice (and not just in theory) become more representative, democratic, transparent and accountable – and whereby its contributions would benefit the entire Internet ecosystem.

That being said, I think that we’re witnessing several improvements in terms of how multilateral and multistakeholder institutions are coexisting and cooperating to work on Internet governance issues without significant tensions, and without undermining the Internet and its vast potential.

For example, the WSIS+10 High Level Event, which was organized by predominantly multilateral agencies (ITU, UNESCO, UNCTAD, and UNDP) to review the progress made in the implementation of the outcomes of WSIS. The preparatory process and the outcome documents can be viewed as positive developments, and can be recognized as examples of how multilateral institutions are opening to multistakeholder participation, especially given that member states have increasingly acknowledged the critical roles that other stakeholders have to play. See WSIS+10 outcome documents here: <>.

There was also incremental progress at the ITU’s Plenipotentiary Conference, which took place last year. At the conference, Member States agreed to establish mechanisms to enable multistakeholder input to the government-only Council Working Group (CWG) on International Internet Public Policy. While it would have been preferable to open the CWG entirely to multi-stakeholder participation, these advances are still commendable.

Another organization that has shown great promise in terms of the fusion of multilateralism and multistakeholderism is the OECD. The organization has a number of mechanisms in place to assist governments in developing policies to stimulate the digital economy. The Committee for Information Computer and Communication Policy (ICCP) has instituted a framework for participation of non-governmental actors in its work. The multi-stakeholder Internet Technical Advisory Committee contributes to the work of the OECD Committee on Digital Economy Policy (CDEP) and its specific working parties such as the Working Party on Communications and Infrastructure Services Policy (CISP) and the Working Party on Security and Privacy in the Digital Economy (WPSDE).

The recently concluded Internet Governance Forum (IGF) in João Pessoa, Brazil also had quite a large number of government delegates. See Participant List here: <>. This demonstrates that more state actors are realizing the importance of the multistakeholder process, and seeking to embed themselves deeper in the activities of the IGF. Interestingly enough, the Multistakeholder Advisory Group (MAG), the steering committee for the IGF, is comprised of a number of representatives from national governments.

While realizing the benefits of the Internet is not dependent on government, there is definitely a role for governments in the governance of the Internet, and this role is evolving, just as multistakeholderism continues to reshape and reform itself. Hopefully, the transition of the IANA function will be an optimal paradigm shift towards an Internet governance approach that fully embraces all stakeholder groups (and not just governments, but civil society and end users as well).

The Chilling Effects of Pervasive Government Surveillance


With recent news pertaining to the details of the proposed UK Investigatory Powers Bill, I am now more convinced than ever that governments are schizophrenic when in comes to online privacy. This new bill quickly follows the French government’s approval of ‘intelligence’ legislation which the United Nations Council on Human Rights deemed as “excessively broad” in terms of surveillance powers.

In an effort to quell public outcry with regards to rampant, unregulated data collection by corporations, governments pass stronger data protection and privacy laws. Yet, at the same time they pass intelligence legislation giving themselves greater authority and the ways and means to collect more data about individuals. So they’re essentially granting themselves the same powers they created privacy and data protection legislation to prevent corporations from abusing. But let’s take it a step further and look at how they use these powers.

The normal process for wiretaps is as follows:

1. Obtain evidence of wrongdoing or intent to commit a crime
2. Provide judge with said evidence and seek authorization to monitor phones
3. Obtain explicit approval from a judge and commence wiretapping exercise

The new process for online surveillance:

1. Write laws that allow you to collect information on everyone just in case they do something wrong in the future

With protection of human rights as the underlying principle, intrusive surveillance to this degree is by no means proportionate. It constitutes a total overreach by law enforcement, invariably violating the right to private life and correspondence, and is unlikely to be ‘necessary in a democratic society’. But then we have these individuals who say, “If I am not doing anything wrong, why does it matter if the government collects data related to my landline calls, mobile calls, VOIP calls, emails, instant messages, SMS, social media posts, and photo uploads?” My advice to them is don’t be so quick to give up your rights.

Some of the sensitive facts those records uncover becomes glaringly obvious after some contemplation: Who has called a drug addiction counselor, a suicide hotline, a brothel, the HIV/AIDS information center, a divorce lawyer, their mistress or an abortion clinic? Which websites are people frequenting? What type of porn do they watch? What religious and political groups are they involved in?

Some facts are less straightforward to deduce. Because the metadata from your cellphone calls typically includes information about the proximity to cell towers, this data creates a virtual map of where you spend your time, who you spend it with, and what you’re doing.

So many people believe strongly in democracy and regularly harp against authoritarian and despotic regimes. But in a democracy, it is essential that the vast majority of power reside with the masses. With the emergence of almost limitless data storage capabilities and powerful data analytics, information is quickly becoming the currency of power. As the ability of the government to collect and store vast amounts of data increases, so does its power. This systematic centralization and strengthening of power is chilling, and not so much for its impact on an individual basis, but more so for its wide-reaching effects on the organization of social and political activity.

Can Traditional Policy and Regulatory Frameworks Satisfactorily Address the Internet’s Public Policy Issues?

Internet law

The Internet has largely transformed the manner in which we build relationships, communicate, and innovate. It has also changed how we define and build wealth. For example, look at how Bitcoin is disrupting the existing financial system. Also take into consideration the fact that many successful tech companies have little to no physical assets or property — their market value is based on their technology platforms and the data held within them. These changes are necessitating a move away from traditional approaches to public policy and regulation, from human rights to intellectual property to national security.

As such, I do not believe that traditional policy and regulatory frameworks are able to address the Internet’s public policy concerns in a satisfactory way. Traditional frameworks were generally led by governments and focused on the underlying telecommunications infrastructure. WSIS made it clear that Internet governance, regulation, and policy are not restricted to the activities of governments and that many different types of stakeholders have a role in defining and carrying out Internet policy and regulation activities. Thus emerged new terminology such as ‘multistakerholderism’.

The activities related to Internet regulation and public policy are varied in nature, and include such areas as open standards development, deployment and operation of critical infrastructure, development, sector regulation, and legislation (data protection, intellectual property, cybersecurity, etc.), and several others. While governments play a role in some of these areas, there are a number of other stakeholders that address the various policy and regulatory concerns associated with the Internet.

What is unique about the Internet is that innovation ‘occurs at the edges’. Hence, the value is no longer in the network (as with traditional markets and associated policy and regulatory responses), but in devices, applications, and services. Unfortunately, policy and regulation have been slow in catching up to this change in market structure. So the key message here is that technology constantly changes, and policies and regulations that are premised on a set of technological “facts” are rendered ineffective when those facts change.

When I think about it, there are a couple of reasons why legislation may be needed in response to technological changes:

1. Special regulations may be needed to prohibit, restrict, promote, or coordinate use of an emerging or new technology platform (e.g. IoT, RFID, DPI, etc.).
2. Existing laws may have to be clarified with regards to how they apply to activities, relationships, or processes that have been changed by technology (e.g. data privacy, data collection, online surveillance, etc.).
3. The scope of existing legal rules may be inappropriate in the context of new technologies.
4. Existing legal rules may become obsolete.

Often times, new technologies will have little to no negative or disruptive effects. In other instances, they may only relate to a few of the aforementioned issues. Yet examples of each type of problem can be found in the context of diverse technologies. In some legislative corners, there are calls for technologically neutral drafting as a ways and means to future proofing law. Still, this will not prevent some laws from being ineffective or operating unfairly in light of a constantly changing technology landscape.

I think that a better approach for dealing with ‘law lag’ is to focus on how the legal system holistically addresses technological change. We should examine the respective roles that administrative bodies, national courts, tribunals, law reform bodies, and other entities play in helping the law adapt to rapid technological change. A small example is the Queen’s Bench Division Technology and Construction Court in the UK, which deals principally with technology and construction disputes.

References to ‘law lag’ can often times be used as a convenient excuse to avoid serious discourse around the regulation of science and technology. For example, those that scream, “The Internet cannot be regulated” are conveying a sense of anarchy and implying that the Internet evolves all on its on, and changes too quickly for policy or regulation to be applicable. This is a questionable assumption in my opinion. There are also some cases where ‘technology lag’ can be observed. For example, the broad deployment of renewable energy technologies has been stymied due to policies and regulations that protect the entrenched fossil fuel-based systems. Another area is where technological improvements in automotive design have been driven by litigation and the advocacy of the legal community and consumer advocates as opposed to engineers.

This is not to say that deficiencies in the law can’t be corrected by an amendment to existing legislation. The concern is more about the timeliness and overall quality / effectiveness of amendments. An amendment for one has to be fit for purpose, and not fix one issue while causing problems in other areas. One also has to look at legal flexibility and determine whether or not to incorporate new rules into common law as opposed to implementing more rigid statutory laws. Access to specialist skills and information is also key to ensuring that laws are not created by groups that don’t understand the complex issues at the intersection of technology, policy, and business (and as such negatively impact one or more stakeholders with errant changes to legislation).

Can Bitcoin be Regarded as “Money” for Legal Purposes?


From a functional perspective, Bitcoin can be classified as money. It is a valid medium of exchange, as thousands of individuals and businesses exchange bitcoins for their goods and services. Even real estate transactions are being regularly conducted using bitcoins. As a unit of account, it also fares pretty well. Common goods are quoted in bitcoins at merchants, and bitcoins are traded against currencies such as the Dollar, Pound Sterling, Euro, and the Yen. Much like gold and silver, Bitcoin is finite, therefore making it an adequate store of value. It’s highly portable, easy to store, hard to steal, and not very easy to confiscate.

As for its standing as “money” for legal purposes, it may appear at the surface that Bitcoin is not quite there yet. Most notably, no country has thus far granted Bitcoin status as legal tender. However, case law in the US has set precedent via SEC v Shavers and USA v Robert M. Faeilla and Charlie Shrem establishing Bitcoin as money. Additionally, both the Bank of England (UK) and the Inland Revenue Service (USA) have reported that Bitcoin fulfills a number of the functions of money, and is therefore a valid method of meeting financial obligations or extinguishing debts. The UK, EU, USA, and Canada all treat Bitcoin as money or income for taxation purposes. And in the USA and Canada, anti-money laundering and terrorist financing regulations are applicable to Bitcoin exchanges. Hence, there is a solid argument that supports Bitcoin as “money” for legal purposes.

Then why are governments so apprehensive about granting Bitcoin legal status as money? There are a number of reasons to explain this situation. For one, there are widespread fears that cryptocurrencies represent a potential risk to the stability of fiat currencies. But fiat currencies are not void of their own set of problems such as economic volatility, currency debasement, and price instability. Secondly, concerns have arisen with regards to the burgeoning underground marketplace where Bitcoin is a popular currency — but illegal activities exist and will continue to do so with or without Bitcoin. We also need to accept that legislation generally lags behind technology, and many lawmakers simply do not understand Bitcoin to begin with. How then can we expect them to adequately regulate it?

What is clear is that money is defined by society. If an extended community approves of something (by means of market forces and under the principles of demand and supply) as a medium of exchange, unit of account, and a store of value – it is money. And since 2009, increasingly larger markets have decided that Bitcoin solves a number of problems intrinsic to fiat currencies. For example, blockchain technology that underlies Bitcoin allows for participants in the financial system to share transactions on a common public ledger, consequently enhancing transparency and building greater trust while substantially driving down the costs of transaction and processing. As such, it has the potential to enable broad-based changes in banking processes. So instead of being led by fear, governments need to respond appropriately by embracing cryptocurrencies and focusing more attention on clarifying the legal and regulatory landscape.

Why the IETF and Open Standards Matter


The Internet is by all means a technological phenomenon. It is an open, accessible, and user-centric platform for human self-realization. It allows us to seamlessly and dependably connect with one another; it enables freedom of expression; it allows individuals to create, share, and collaborate. At the core of the Internet’s existence and continued evolution are its open, decentralized nature, resilience, and the ability to innovate at the edges. The Internet’s open technological standards are what underpin its rapid growth; and they are of critical importance to its continued vitality and utility. Open standards are what permit an employee connected to a corporate network in Brisbane to communicate with a villager accessing the Internet through a wireless community network in Sao Paulo.

The Internet Engineering Task Force (IETF) is the primary entity responsible for establishing the Internet’s open standards and best practices – standards for networking protocols, infrastructure, software, operations, maintenance, and security.

The IETF is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It produces standards and best practices that influence the way people design, use, and manage specific aspects and segments of the Internet. Participants volunteer their time to develop and refine protocols that are useful to organizations, manufacturers, and vendors who utilize the Internet. The IETF is open to any individual who wants to participate. The actual technical work of the IETF is done in its working groups, which are organized by topic into several areas (e.g., routing, transport, security, etc.). Individuals become involved by subscribing to one of the IETF working group mailing lists and offering technically competent input on a standard being developed by that group.

The open, democratic, and merit-based nature of this structure allows thousands of people from around the world to contribute to the IETF’s work. As many as 1400 individuals from more than 50 countries participate in each of the meetings of the IETF and its working groups. Many persons do not attend the meetings in person, but are involved through online collaboration tools or via the mailing lists. Anyone on a working group mailing list can propose a new standard or best practice. If the proposer can generate sufficient support from others, the working group may decide to take on development. A well-defined review process assures that the final document follows sound network engineering principles, meets security requirements, and is consistent with other Internet processes.

The IETF and each of its working groups make all decisions by consensus. Final accepted standards are based on the combined engineering judgment of participants and real world experience in deploying, operating, and administering IETF specifications. The great majority of work performed by the IETF and its working groups is done by email. Three international meetings are held each year, each lasting a full week. These provide opportunities for participants to meet one another face-to-face, to network, and to generate support for initiating new standards or best practices.

Shifting the Balance of Power in the Personal Data Ecosystem

data privacy

It has been widely acknowledged that the underlying business model of social media companies and Web 2.0 service providers is characterized by the large amounts of revenue that they earn from charging advertisers for using their platforms to target users with a mass of products and services. These outlets essentially provide a platform to reach hundreds of millions of individuals. Why wouldn’t any for-profit business leverage such tools? That being said, are expectations of privacy too high for users on these platforms? We generally think about scope and context with regards to online privacy. But we need to also realize that privacy concerns vary from individual to individual.

There is no discounting the fact that individuals need to be equipped with information and tools to better understand and control their perceived privacy risks. Nonetheless, as data science has demonstrated, privacy is not contingent on factors only within our control (e.g. third-parties can iteratively learn about an individual through observable facts about them such as routine, habits, associates, etc.). Given that individuals generally lack the knowledge of what data is personal and what is not, should we be focusing more on risk? What is the risk of disclosing certain information? What are the negative consequences of disclosure? And ultimately, shouldn’t we be considering whether or not there is a purposeful use of data as opposed to if data is personal or not? Data collection does have positive applications in healthcare & scientific research, delivery of government services, transportation & logistics, etc.

My thinking is that the present ecosystem benefits commercial entities (revenue generation) and governments (intrusive surveillance), and individuals have little to no control over how their personal data is used. There is a need for a paradigm shift towards an arrangement where data collectors and individuals use a permission-based system in determining what data usage is acceptable, an approach where data collectors respect the privacy and interests of the individuals whose data they are collecting and where privacy policy, law and technical standards enable users to exercise greater control – a transparency and a context-based approach (accountability and trust). Moreover, individuals should also be allowed to share in the revenue that is earned from the use of their personal data (licensing of personal data sets – a type of “pay-for-share” approach to online data collection).

There’s no doubt that a revenue sharing system for personal data could be akin to opening a can of worms if not implemented and embedded into practice effectively. That being said, what I envision is some type of a micropayment system that allows individuals to be paid for sharing original content, providing useful information, or documenting their daily interactions. The ecosystem can be created around an inclusive arrangement that addresses the current tensions in the data privacy debate, including securing and protecting user data, developing accountability systems, and agreeing on rules for a permission-based, trusted flow of data for different contexts. Central to this would be the inclusion of individuals, who serve a progressively crucial role as both data subjects and as data creators.

A startup called Tsu ( has launched a social network that is premised on a similar idea, where users distribute and share original content, just like they do on other social networks, but on this platform, the majority of the advertising revenue is distributed among the users. However, for this approach to scale, legislation would have to be developed that is adaptable (i.e. robust enough to be enforceable and flexible enough to accommodate contextual differences). Lawmakers would also have to resist the urge to introduce “one-size-fits-all” legislation that creates unintended outcomes that restrict the open flow of data and discourage the trusted sharing and use of data to create value.

How Secure is Barbados’ New Centralized Healthcare Information System?


Think about the following scenario for a minute:

A Caribbean government deploys a health information system (HIS) with the goal of improving the quality and coordination of patient care in the public service. For all intents and purposes, expert consultants from Europe and the USA are brought down to implement the system and to ensure that best practices for securing and protecting sensitive clinical data are used. The project is successfully completed, the consultants leave, and hand off day-to-day management of the system to the government’s IT staff.

The government has no overall IT security policies, procedures and guidelines to ensure that the system and the data housed in it continue to be secure and protected from malicious threats. There are no trained or experienced IT security experts on the government’s payroll. There are no data security standards enforced by the government. There is no data protection legislation in place to provide a control framework for protecting highly confidential healthcare data from being stolen by hackers or to prevent data from being accidentally lost or leaked.

Eventually, all these weaknesses together result in persistent compromises of the system by hackers, and all the private clinical data of the citizens of the country are posted on the Internet or otherwise made available for the world to see.

Does the above scenario make you shudder? I know it scares me to death.

The rest of this article will demonstrate how close to reality this is in the Caribbean region.

In the past week or so, the Government of Barbados informed the public of the launch of their Med Data healthcare information system (HIS) and electronic medical records (EMR) scheme. Let me first commend the government on this much-needed initiative to drive efficiency and improved standards of care in public healthcare. However, I have a number of grave concerns about the manner in which this project has been undertaken.

Data Protection Legislation

First of all, no data protection legislation has been discussed, ratified, and implemented through Parliament. Simply put, healthcare data must be processed fairly and with the consent of individuals, especially as it pertains to whom data is shared with and in what context. Legislation should address key areas such as mandatory data breach notifications, heightened enforcement, heavy penalties for breaches, and expanded patient rights. Moreover, any data protection legislation should have a broader scope and include the management and protection of data in areas outside of healthcare, namely banking, insurance and law enforcement.

In essence, data protection legislation would hold both private and public institutions accountable and liable for damages in the event of a security breach. It would also make it mandatory that all breaches are reported to the public so that data owners can take steps to protect their identities. And finally, it allows for heavy fines to be levied on any institution that fails to maintain strong security controls for data.

Data Security Standards

Secondly, there has been no development of data security standards to accompany the legislation and to provide best practice guidance for accessing, exchanging, transmitting, and storing healthcare data in a secure manner. On a broader scale, the Government has no risk management framework, no IT governance processes, and from an operational perspective, no procedures for responding to IT security incidents. There has been an initiative in play for some time now to create a Computer Security Incident Response Team (CSIRT), but it has stalled due to lack of resources (human and financial).

Given the number of security incidents that have occurred in the public sector over the last couple of years, one would think that government officials would be taking data privacy and security more seriously. Key systems at the Royal Barbados Police Force, Inland Revenue, and the Ministry of Foreign Affairs have been hacked in the last couple of years (and these are only the ones that have been made public or that the government are aware of).

But enough criticism of the government; let’s talk about solutions. There is no doubt that IT governance, risk and control (GRC) is an area that requires major attention from the Government of Barbados. The question is: How do we address these deficiencies?


For one, I would suggest that public officials engage local groups such as the Caribbean Cyber Security Center, Information Systems Security Association (ISSA) Barbados Chapter, Institute of Internal Auditors (IIA) Barbados Chapter, and the Barbados IT Professionals Association (BIPA) to assist them in building the necessary competences to improve the control framework and information security posture of the public sector.

Additionally, an online register of consultants should be established to allow the government to create a repository of world-class professionals — not only in IT, but across disciplines — who can assist them in delivering critical initiatives such as the Med Data project. All the expertise does not reside in Europe or North America. We have talent pools (of awesome individuals) across the Caribbean region that remain untapped.

Another area for improvement is around developing policy and legislation. There needs to be greater engagement of the general public and other interested parties in such processes — effective dialogue is constructive. Mechanisms such as e-participation or crowdsourcing can provide the government with a better understanding of the inherent risks, latent issues or knowledge gaps that may exist in program management and project delivery.

Finally, organizational management and intellectual capital development should be foremost on the minds of public officials. The leaders that we have elected need to think more strategic and create organizational structures that are agile and can respond expediently to the needs and demands of the people and address the key risks that the country is faced with. Centralized strategic planning and oversight of the tactical and operational aspects of IT are needed. Key positions such as the Chief Information Officer and Chief Information Security Officer must be defined and filled appropriately. Government employees have to be trained in disciplines such as project management, risk management, IT service management, business continuity, and cybersecurity.

The aforementioned recommendations are not meant to be a panacea. They are basic parts of a maturity model; one that will permit the government’s risk response mechanisms to evolve to better defend against the threats that exist and emerge. But more importantly, they are of critical importance to building trust in the e-government systems that the public are expected to use. They hopefully should also foster a risk-oriented philosophy that pervades throughout the public sector.

Navigating the cloud: SMEs and cloud services

More and more small businesses are migrating to the cloud and reaping significant benefits like never before. With cloud services, small businesses no longer need to install physical infrastructure like e-mail servers and storage systems, or purchase software applications with exorbitant annual license fees. The “on-demand” availability of cloud solutions means seamless and simple collaboration with customers, business partners, and staff members using nothing more than a web browser. Cloud services also provide entrepreneurs and home-based businesses with access to advanced technology without the requirement to hire a full-time IT specialist.

But what exactly is this “cloud”?

Cloud computing is an overarching term which encompasses a number of different categories. Software-as-a-Service (SaaS) is where a particular application or service is provided to a business or individual as a subscription. Google Drive, QuickBooks Online Plus, and BaseCamp are all popular examples of SaaS.

Using Platform-as-a-Service (PaaS), businesses are provided with a platform on which they can build, install, and maintain customized apps, databases and integrated business unit services. Widely used PaaS include Windows Azure, SharePoint Online, and Google App Engine.

Infrastructure-as-a-Service (IaaS) allows businesses to outsource infrastructure in the form of virtual resources. Components include servers, storage, networking and more. IaaS providers include Rackspace, HP Converged Infrastructure, and Amazon Web Services.

Most small businesses generally don’t need much more than SaaS to meet their operational needs. SaaS provides them with the capabilities to deliver a myriad of IT services that would otherwise be expensive and resource intensive to administer as localized, on-site solutions.

It must however be emphasized that cloud services bring with them a number of security, stability, and data control issues. That is why it is critically important that small businesses stay informed and strictly require that cloud providers furnish them with detailed business continuity plans and security controls to remediate outages and protect sensitive data.

What to do when your cloud brings the rain?

There are a plethora of reasons why cloud computing is popular. It gives small businesses the technology that enables them to be lean, agile, and competitive. But as is quite evident, trusting your information assets to a single entity whose equipment is stored in a centralized location, means that you’re extremely vulnerable to whatever outages, security compromises, or natural disasters that they are exposed to.

So what are small business owners to do? Here are some recommendations that can allow you to better manage the risks associated with cloud providers.

Fine Tune Your SLA: Service level agreements (SLA) should codify the exact parameters and minimum levels of service required by the business, as well as compensation when those service levels are not met. It should assert the ownership of the business’ data stored on the cloud platform, and outline all rights to retaining ownership. It should include the infrastructure and security standards to be adhered to, along with a right to audit for compliance. It should also specify the cost and rights around continuing/discontinuing use of the cloud service.

Keep Critical Data Local: Decide which business processes require maximum uptime, and keep them on-site. Avoiding the cloud totally for specific mission-critical applications, small businesses can minimize data unavailability as well as security and privacy issues. Most definitely some businesses have regulatory requirements to meet, and this ought to be a key consideration when deciding not to ship your data offshore.

Two-Factor Authentication: More and more providers are offering two-factor authentication (2FA) as a means of securing access to cloud services. Two-factor authentication adds a second layer of authentication to user logon credentials. When you have to enter only your username and one password, that’s considered as single-factor authentication. 2FA mandates that users have 2 out of 3 types of credentials before access to cloud resources are granted.

Deploy A Hybrid Configuration: Maintaining a hybrid implementation of cloud and local services is a best practice approach for protecting company data. Replication or archiving solutions often deliver a service with both a local appliance at the customer’s premises and cloud storage too. This type of on-premise-to-cloud replication strategy ensures that you have local copies of the data you transmit to the cloud. Actively seek out cloud providers that can configure this kind of scenario.

Availability, integrity and confidentiality issues will always exist when using IT systems. And when a business employs cloud-based computing, these challenges are even more pronounced. Be extremely meticulous when searching for cloud providers, and question them about their security controls and disaster recovery options. Even though you outsource the processing of your business data; there’s no reason why you should lose control.

Network Operators and the Profiteering Games They Play


[This is my personal commentary on a situation in the Caribbean where Digicel Group, a mobile operator, is blocking VOIP services such as Viber, Nimbuzz, etc. and asking these companies to basically pay for Digicel’s network upgrades]

The Internet, as with any other disruptive technology, has necessitated a change in the business models of service providers. However, in many cases, there is serious resistance from network operators to adapt to this new reality. These companies make millions (and in many cases billions) of dollars in profits a year, but are insisting that content providers and OTT services providers foot the bill for network upgrades.

Based on CAPEX trends in the telecoms industry from 1996 through 2012, capital expenditures have pretty much remained the same from year to year. So why all of the sudden have ISPs and mobile broadband operators put so much time and energy into ‘forcing’ content providers to pay in addition to their own increased costs of supplying more robust Internet content, any increase in network upgrade costs of the ISPs as well?

The reason is because the usage-based model of service billing is no longer relevant or sustainable. The Internet has killed it… DEAD!!! Service providers cannot bill a customer $0.45 a minute for ILD when VOIP providers are charging $0.02. They cannot charge for the usage of mobile broadband in megabyte increments; market forces and hyper-competition have pushed service providers toward unlimited data packages. They cannot milk consumers with outlandish roaming charges when individuals can jump on the free Wi-Fi in airports or at Starbucks and make those calls for free via Viber or Skype (or even better, simply use 4G networks to make those calls for free).

The Digicel Group posted $2.78 billion in revenues for the year ended March 31, 2013 with core profits of $1.2 billion ( Is all this money supposed to go to shareholders and the likes of CEO O’Brien who cashed in a dividend of $650 million ( Why isn’t a percentage of this profit reinvested into network upgrades to meet market demands? To now ask OTT service providers to fund upgrades is not only unreasonable at face value, but also entirely inconsistent with published financial reports indicating that returns on investments are excellent, and are expected to improve even further, driving additional growth in bottom line profits.

And to expect regulators to be complicit in their forcing of costs on companies like Viber, Nimbuzz, etc. or in raising prices on consumers is to present a false choice. Increasing demands for bandwidth is a fact of the industry. Innovating to meet those demands are what network operators are in business to do.

The Narcissistic Entrepreneur


My blog posts are generally about the challenges and opportunities of the Internet, and its impact on society. But there is a trend I have been witnessing that has necessitated a brief divergence from my tunneled musings. I am going to refer to the aforementioned trend as “narcissistic entrepreneurship”, and it is characterized by inflated egos, superiority complexes, and a certain intolerance / indignation for anyone who is not “working for himself or herself”.

First of all, let me state that none of us ever truly work for ourselves. We work for our employers, customers, shareholders, investors, employees, families and most of all for the state (have to pay those taxes folks!!!). Trade and commerce are symbiotic in nature, and the complex interweaving of dependencies is often forgotten (or ignored) by most.

Secondly, entrepreneurship is a compendium. There are several types of entrepreneurs; all of which must be understood and appreciated for what they are worth. Now let’s take a look at some of the different types:

1. The Octo-Boss
These are the brave and adventurous souls (or so they think of themselves) who have started a small enterprise and take on numerous roles — strategic, tactical and operations — to keep the company afloat. They market the business, manage the books, answer the phones, meet with potential investors, serve the customers, and anything else that is required to be successful. Work-life balance maybe an issue, but who cares. They are their own boss. Right?

2. The Obstinate Artist
These individuals are generally ‘anti-system’ and committed to freely living their passions. Albeit, many of them are starving or not making enough money to eke out a comfortable existence. Still, they are the ‘free spirits’ among us — the painters, musicians, budding fashion designers, etc. — who enjoy being untethered and have made a statement by rebelling against the man and his wage labor oppression. Fight the power! Umm, I guess.

3. The Freelancer
This person runs their life as if they are actually working for a company. They are so highly skilled and effective that they only work on a contractual or project basis, They maintain flexible working hours or work remotely, negotiate excellent remuneration and a litany of perks, and pretty much still enjoy all the benefits of being an employee (without actually being one). Some of them even secure such large contracts that they can outsource the work to others. All power to them.

4. The Simplistic Frugal
He/she has a simple business model. They have found one thing that they’re very good at and committed to (e.g. Selling coconuts, snow cones, fruits, nuts, grilled fish, etc.). They generally have mastered their supply chain, or have very little overheads, and profit margins are substantial. They are not extravagant by any means, save most of their money, and have made some very shrewd investments. Over an extended period, they have build significant wealth, but one would not know from seeing them. Be careful who you judge.

Some of you maybe wondering what is the point I am trying to make. It is simple. There are many entrepreneurs who think their path is so much more righteous than the road travelled by those in the money-for-labor system. But every entrepreneur is not a success, and every success is not an entrepreneur. For those beating themselves up because they haven’t started their own company, think about where you fit on the compendium. Landing on the cover of Entrepreneur or Fortune is not the only route. Every single one of us has the ability to create something. And we all can succeed if we find our niche and perfect our craft. One love and best of success!