Cloud computing: Legal standards up in the air

Cloud computing in the US is a 'Wild West' of legal standards. Do federal or local laws apply to cloud computing data? Can law enforcement access your data without your knowledge?

Fabrizio Bensch/Reuters/File
A visitor uses his mobile phone as he walks past the Microsoft booth with a logo for cloud computing software at a CeBit computer fair in Hanover.

With the advent of Google Drive, we talk about cloud computing as if the bits and bytes of our lives are stored somewhere up in the air, but, really, the "clouds" are very terrestrial. What's more up in the air are the laws that govern who can access your stuff and how.

Originally a way for geeks to explain to the rest of us the notion of remote servers storing and serving up content, cloud computing can be defined several different ways, depending on whom you ask. In some ways, even email is a form of cloud computing. (It really lives on a server somewhere out there and is served up wherever we desire.)

"The problem that cloud computing has, more generally, is that (the real world) assumes that rights are based geographically," Mark Radcliffe, senior partner at law firm DLA Piper, said in an interview with the newspaper. "That assumption is not realistic in the cloud."

Why? Who knows where the servers really sit? They may be in the United States, governed by American laws. Or they may be across the pond in Europe, where there are rather stringent privacy rules. Regardless of where the company is based, the location of the servers determine in some large part who can legally gain access to the content on them and how.

"The U.S. is more like the Wild West," Radcliffe said. "It's very heterogeneous," with laws at the federal, state and sometimes the municipal level.

One concern some have expressed online and out loud is how law enforcement could gain access to your digital life stored in a cloud.

With a computer in your home, you'd have to be served a warrant for legal access to your hard drive. But with remote storage, you may not know whether a subpoena or warrant has been served on the cloud service provider.

"Law enforcement can subpoena the service, but it depends on their contractual obligation," Radcliffe said. In other words, what they spell out in their terms of service. Always remember, that's a contract that you agree to by using the service.

Most terms of service include a clause stating the provider would give up your information if required by law, with no mention of whether it would inform you. Interestingly enough, Dropbox's Terms of Service says something a little different.

It reads: "To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won't share your content with others, including law enforcement, for any purpose unless you direct us to."

The Dropbox privacy policy section on compliance with laws and law enforcement does say the company may disclose information it collects when there is a "good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) protect Dropbox's property rights."

But it further states that if you encrypt your stuff before storing it there, the company can't undo that. Something to keep in mind.

So, the obligation varies by company and the rules vary by jurisdiction. That's a lot of variation to process.

"The direction I think is most likely is an agreed-upon code of conduct," Radcliffe said. "We're urging that right now (and are) working with a number of companies right now to see if we can do that."

Jeff Fowler, a partner at law firm O'Melveney & Myers, told the newspaper, "We in the law business are always chasing these technological developments." Until the law catches up, he advised, a consumer really needs to be a good self-advocate, keeping track of terms of service and privacy policies.

"There is no easy way to wrap your arms around a cloud," Fowler said. "The name is quite fitting. It will require a lot of creative thinking over the next few years."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.