Cloud computing: Legal standards up in the air
Cloud computing in the US is a 'Wild West' of legal standards. Do federal or local laws apply to cloud computing data? Can law enforcement access your data without your knowledge?
With the advent of Google Drive, we talk about cloud computing as if the bits and bytes of our lives are stored somewhere up in the air, but, really, the "clouds" are very terrestrial. What's more up in the air are the laws that govern who can access your stuff and how.
Originally a way for geeks to explain to the rest of us the notion of remote servers storing and serving up content, cloud computing can be defined several different ways, depending on whom you ask. In some ways, even email is a form of cloud computing. (It really lives on a server somewhere out there and is served up wherever we desire.)
"The problem that cloud computing has, more generally, is that (the real world) assumes that rights are based geographically," Mark Radcliffe, senior partner at law firm DLA Piper, said in an interview with the newspaper. "That assumption is not realistic in the cloud."
Why? Who knows where the servers really sit? They may be in the United States, governed by American laws. Or they may be across the pond in Europe, where there are rather stringent privacy rules. Regardless of where the company is based, the location of the servers determine in some large part who can legally gain access to the content on them and how.
"The U.S. is more like the Wild West," Radcliffe said. "It's very heterogeneous," with laws at the federal, state and sometimes the municipal level.
One concern some have expressed online and out loud is how law enforcement could gain access to your digital life stored in a cloud.
With a computer in your home, you'd have to be served a warrant for legal access to your hard drive. But with remote storage, you may not know whether a subpoena or warrant has been served on the cloud service provider.
"Law enforcement can subpoena the service, but it depends on their contractual obligation," Radcliffe said. In other words, what they spell out in their terms of service. Always remember, that's a contract that you agree to by using the service.
Most terms of service include a clause stating the provider would give up your information if required by law, with no mention of whether it would inform you. Interestingly enough, Dropbox's Terms of Service says something a little different.
But it further states that if you encrypt your stuff before storing it there, the company can't undo that. Something to keep in mind.
So, the obligation varies by company and the rules vary by jurisdiction. That's a lot of variation to process.
"The direction I think is most likely is an agreed-upon code of conduct," Radcliffe said. "We're urging that right now (and are) working with a number of companies right now to see if we can do that."
Jeff Fowler, a partner at law firm O'Melveney & Myers, told the newspaper, "We in the law business are always chasing these technological developments." Until the law catches up, he advised, a consumer really needs to be a good self-advocate, keeping track of terms of service and privacy policies.
"There is no easy way to wrap your arms around a cloud," Fowler said. "The name is quite fitting. It will require a lot of creative thinking over the next few years."