How not to rank countries in terms of ‘cloud readiness’

Which countries are top of the world when it comes to “cloud readiness”? According to the Business Software Alliance (BSA), the top 5 in descending order are Japan, Australia, the U.S., Germany and Singapore, while emerging markets such as South Africa, Indonesia, Brazil, Thailand and Vietnam are at the bottom of the pile.

But wait, what are we actually talking about here? To understand that, we first need to remind ourselves of what the BSA actually is: a lobbying association for software vendors ranging from Microsoft(s msft) and Oracle(s orcl) to IBM(s ibm) and Apple(s aapl). Probably best known for threatening small businesses over their use of “pirated” software, the BSA just released its second Global Cloud Scorecard, which purports to rank countries according to the cloud-friendliness of their legislative and regulatory policies.

In practice, the scoring criteria are … interesting. For example, intellectual property rights are in there. From the BSA document:

“Providers of cloud computing and digital economy technologies and services, as with other highly innovative products, rely on a combination of patents, copyrights, trade secrets, and other forms of intellectual property protection. Thus, to encourage investments in cloud research and development, as well as infrastructure, IP laws must provide strong incentives for these investments and clear protection and vigorous enforcement against misappropriation and infringement.”

Presumably Japan’s willingness to do things like arrest file-sharers counted in its favor when the BSA was compiling its rankings. What does that have to do with cloud computing, in reality? Not a lot.

Overall, the criteria we’re looking at are these:

  • Intellectual property rights: This is a heavily-weighted criterion. The BSA likes what Canada, Russia and India are doing, so they moved up the scale.
  • Data privacy: The BSA is all about “light touch regimes” here, explaining why Singapore, which introduced “broad, principles-based” data privacy laws last year while avoiding too much prescriptive detail, jumped from number 10 to number 5. Korea, which has proposed stricter data privacy rules, comes in for severe criticism, although its number-8 position remained unchanged. The EU, which is revising its data privacy legislation, is urged to bring in “clear rules”, not a “rigid framework”.
  • Security: Here the BSA is talking about both nationally-coordinated security measures (good) and factors such as censorship (bad). Russia’s score apparently took a hit because of internet censorship rules introduced in 2012, for example.
  • “Cybercrime”: This is mainly about legal deterrents to attacks. As such attacks are frequently cross-border, I’m not sure what the value is here, but it is at least theoretically a valid factor when talking about cloud policy.
  • Promoting free trade: Here the BSA seems mainly concerned with countries’ attitudes towards buying equipment from international suppliers, who – surprise surprise – will probably be BSA members. Still, with so much of the innovation in cloud technology coming from the U.S., they may have a point.
  • Infrastructure: This is the most heavily-weighted criterion, and sensibly so. It’s the criterion that makes the most objective sense when talking about cloud-readiness.

So, how seriously should we take this scorecard? It’s difficult to say. Much of it is sensible, some is debatable and some is laughable – I’m sorry, but no matter how much you’re in favor of intellectual property rights, they don’t have a major effect on “cloud readiness”. For a much more reasonable take on such things, look for rankings that stick to criteria such as computer penetration, infrastructure and GDP.

Nonetheless, the BSA scorecard does give a good flavor of what the big tech firms want to see when it comes to cloud policy — we can see this stance reflected in concerted lobbying operations around the world, so it is worth understanding.