The Law Isn't Quite Ready For Cloud Computing
from the that-could-be-a-problem dept
Michael Scott points us to an interesting discussion among some lawyers trying to grapple with the implications of a rise in "cloud computing." For example, they note that courts usually don't take kindly to excuses such as "the hard drive ate my documents" when certain documents are unable to be found during the discovery process. But, if people are using a cloud computing solution such as Google Docs, this could actually be an issue. Google's terms of service allows it to cancel accounts and delete documents -- and someone who relies on a system like that only to find out later that he or she needs to hand over documents as a part of a court case may be in trouble. Of course, I don't see how this should be any different than any other "out of my hands" issue. What if a fire destroys paper documents? Or should the problem be that the user didn't make backup copies? The problem here isn't necessarily cloud computing itself, but the way the law views the discovery process.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cloud computing, discovery, law
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
http://www.sagentic.com/news/news.php/Google-Introduces-New-Business-Version-of-Popular-Ho sted-Applications-5/
Are you saying P&G and GE are not public companies?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
How is CC more reliable than personal computing?
GQ -> "because consumer grade servers fail a lot"
I thought it had more to do with the medium upon which the data is stored and how it is stored upon that medium. How many consumers actually buy a server? Most consumers use a usb drive or two. Isn't this less expensive, and more reliable ?
Why is in-house storage ridiculous ?
You seem ridiculous - IMHO
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Oh wait...
[ link to this | view in chronology ]
Re: Accomplices
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Cloud computing is a business like any other. Over time some companies that offer it will become known as more trustworthy, and the ones that aren't will go out of business because no one will use them.
[ link to this | view in chronology ]
Re:
Off-site backups are a damned useful thing to have, as is remote access to company resources. But they are not a replacement for storing your data on hard drives you own and maintain.
[ link to this | view in chronology ]
Archive your web 2.0 stuff
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Geeargh...
For some major corporations I can see limited use of public-clouds in the short-term for ancillary services that carry no accounting, transactional or personally identifiable information. In most cases, however, that wouldn't leave much for the cloud players to cheer about.
For now the public cloud services are for non-critical apps and private companies that have a lot of trust.
[ link to this | view in chronology ]
Progress can not be avoided indefinitely
NIST recently published a working draft of the Cloud Computing Security presentation. Some of the Security Advantages mentioned in the presentation are:
1. Shifting public data to a external cloud reduces the exposure of the internal sensitive data
2. Cloud homogeneity makes security auditing/testing simpler
3. Clouds enable automated security management
4. Redundancy / Disaster Recovery
5. Data Fragmentation and Dispersal
6. Dedicated Security Team
7. Greater Investment in Security Infrastructure
8. Fault Tolerance and Reliability
9. Greater Resiliency
10. Hypervisor Protection Against Network Attacks
11. Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)
12. Simplification of Compliance Analysis
13. Data Held by Unbiased Party (cloud vendor assertion)
14. Low-Cost Disaster Recovery and Data Storage Solutions
15. On-Demand Security Controls
16. Real-Time Detection of System Tampering
17. Rapid Re-Constitution of Services
18. Advanced Honeynet Capabilities
I understand that these will depend on the actual implementation. It usually does for everything. For e.g. you can create world's most secure cipher, but the poor implementation is usually the weakest link.
But in theory, if cloud services are implemented properly, I think NIST's list of advantages hold true.
As Professor David Deutsch would say, "Problems are Soluble. Problems are inevitable"
No amount of precautions can avoid problems that we do not yet foresee. Hence we need an attitude of problem fixing, not just problem "avoidance". And it's true that an ounce of prevention equals a pound of cure, but that's only if we know what to "prevent". If you've been punched on the nose, then the science of medicine does not consist of teaching you how to avoid punches. If medical science stopped seeking cures and concentrated on prevention only, then it would achieve very little of either.
The traditional Enterprise IT world is buzzing at the moment with plans on how to stop Cloud Computing from entering into the workplace. It ought to be buzzing with plans to reduce the security and privacy risks associated with Cloud Computing and improve data-portability and forensic capabilities. And not at all costs, but efficiently and cheaply. And some such plans exist, host-prood hosting[1], for example.
With problems that we are not aware of yet, the ability to put right -- not the sheer good luck of avoiding indefinitely -- is our only hope, not just of solving problems, but of making technological progress.
(the above is based on a talk by Professor David Deutsch on problem avoidance)
1. http://en.wikipedia.org/wiki/Host-proof_hosting
[ link to this | view in chronology ]
Discovery in a courtroom
The reason courts take a dim view of not having hard evidence is that historically softer forms of "evidence" tend to be manipulated.
Of course, people no longer try to pervert justice (giggle!), but the courts still like to see objective data, and I for one agree wholeheartedly - have trouble maintaining it? That's YOUR problem, pal!
[ link to this | view in chronology ]