jump to navigation

Are There Legal Ramifications to Cloud Computing? April 17, 2010

Posted by Peter Varhol in Architectures, Strategy.

So says this article on MSNBC.com.  Actually, it refers to them as constitutional issues, which I suppose they are, in a broad way.  But while they can likely be overcome without changing the Constitution, they should be in the back of the mind of anyone using or advocating cloud computing.

Here’s the deal (disclaimer: I’m not a lawyer, so take what I say with appropriate skepticism).  Let’s say you work for a company that does some computing in your data center, but also lease server time in the cloud.  It turns out that current US legal practice is that any data inside your data center requires a search warrant to access; the data in the cloud generally requires a subpoena to the cloud provider.

The difference is a big one.  As we learned years ago when various Web sites propagated information that was proprietary or incorrect (or sometimes merely annoying to its target), it took relatively little effort to shut it down.  A court order to the ISP was typically sufficient, a result of a petition to a court and no trial or even representation by the accused party.

We make a legal distinction between things kept at a physical location we can call our own, and things placed outside of that location.  Law authorities can’t come into our homes or offices, or look at our records, without a warrant (whether or not authorities don’t occasionally deviate from that standard is a different story, and not mine to say).  That also works for a remote data center where we own or even rent the servers; we have ownership of the physical container.

That’s different in cloud computing.  We rent server time, not the server itself.  The box remains firmly in control of the cloud provider; our code just so happens to run on it.  Do we know how our cloud provider will respond if someone shows up at the door with a subpoena or search warrant?

This is what virtualization has wrought.

Surely this is no different than the mainframe timesharing systems of three decades ago.  After all, that’s where virtualization was invented (I was a VM/MVS programmer for a brief time in my career).  That’s true, but what we are doing on computers today is much more interesting and important in the grand scheme of things, and more people have a better understanding of it.

And it’s not just a corporate issue.  Many of us use Gmail or one of the other Web-based email services; the same principles, or lack of principles, apply.  Same with social network sites.

It is important enough so that a wide variety of corporations, public interest groups, and individuals have created Digital Due Process.  As the name implies, its goal is to apply the same expectations we have concerning searches in physical locations to virtual locations.

This may or may not have a lot of impact on our lives right now, but often new laws, or new interpretations of existing laws, take a long time to come to fruition.  And we would like to know that the data we store under our names on far-away servers has similar protections to the that on the computer right in front of us.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: