Magazine article Information Today

Legislating the Cloud

Magazine article Information Today

Legislating the Cloud

Article excerpt

[ILLUSTRATION OMITTED]

In January 2010, Microsoft's senior vice president and general counsel Brad Smith made an unusual request. While speaking on a panel about cloud computing at the Brookings Institution, Smith stressed the growing importance of cloud computing to the audience of legislators and businesspeople. But what made Smith's address unusual is that he was not calling for fewer regulations in an emerging market; Smith and Microsoft were calling for more.

Microsoft is not alone in asking for legislation that clarifies the specifics of cloud computing. Despite the general tendency of corporations to battle against more restrictions, more companies and organizations are calling for new laws that govern this emerging technology. The reason is simple: Existing communications laws cannot adequately govern the modern internet.

Problems in the Cloud

Many of the laws that define the legal details of the internet and telecommunications are now decades old. Some, such as 1986's Electronic Communications Privacy Act, were drafted when most users still accessed the internet through company- or university-operated mainframes, and consumers didn't have access to the internet at all.

Today, things are very different, of course. Any user with a PC and an internet connection can gain access to the full run of the internet in no time. And with cloud services taking the place of more local software applications, even a task as simple as sending an email message might involve a half-dozen computers scattered in different locations around the country or even around the world.

The result is that existing computer laws drafted in the days of mainframes fall short when applied to modern issues of technology law. Questions of jurisdiction and privacy quickly arise: If a user sends an email from New Jersey to a user in Ohio using a cloud service based in New York, the question of the email's jurisdiction is better answered by a philosopher than a judge. If one of those users happens to be in another country, the result is a legal and jurisdictional quandary.

[ILLUSTRATION OMITTED]

Blurring jurisdiction is quickly becoming a major problem with legal matters that involve cloud computing, according to Jorge Espinosa, an intellectual property lawyer with Espinosa Trueba, PL and author of cloud law blog LexNimbus. "In the 1990s, a lot of the services that were provided were still intra-territorial. They were within the United States from a U.S. perspective," he says. "So, yes, you still had privacy issues and security issues involving paying with credit cards and transferring e-mail. However, you knew that the data was located domestically, you knew that you had access to domestic law to seek remedies, and you didn't have to worry about order restrictions or export controls."

However, cloud computing changed all that. "One of the aspects of the cloud is that data can reside anywhere in the world," says Espinosa. "It can shift across international boundaries. And oftentimes in negotiating agreements, some of the larger providers like Microsoft refuse to restrict to single-country service providers."

For John Blossom, lead analyst and president of Shore Communications, Inc., cloud security is generating plenty of user attention. "In a world where your data could be anywhere in the world at any time, the need for these types of laws becomes more important," he says. "There will always be 'rogue states' that will not comply with international standards for security and legal prosecution of data theft, but the majority of nations that stand to profit most from cloud computing are now moving rapidly to establish laws such as those proposed in the Cloud Computing Act [broad legislation that calls for reform in the way the law handles cloud computing security and privacy]."

Although some cloud providers agree to confine computing services to a single country, this is far from the norm, and Espinosa notes that it may be out of the reach of smaller organizations to demand such terms. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.