online prescription solutions
online discount medstore
pills online
buy lorazepam without prescription
xanax for sale
buy xanax without prescription
buy ambien without prescription
ambien for sale
buy modafinil without prescription
buy phentermine without prescription
modafinil for sale
phentermine for sale
lorazepam for sale
buy lexotan without prescription
bromazepam for sale
xenical for sale
buy stilnox without prescription
valium for sale
buy prosom without prescription
buy mefenorex without prescription
buy sildenafil citrate without prescription
buy adipex-p without prescription
librium for sale
buy restoril without prescription
buy halazepam without prescription
cephalexin for sale
buy zoloft without prescription
buy renova without prescription
renova for sale
terbinafine for sale
dalmane for sale
buy lormetazepam without prescription
nobrium for sale
buy klonopin without prescription
priligy dapoxetine for sale
buy prednisone without prescription
buy aleram without prescription
buy flomax without prescription
imovane for sale
adipex-p for sale
buy niravam without prescription
seroquel for sale
carisoprodol for sale
buy deltasone without prescription
buy diazepam without prescription
zopiclone for sale
buy imitrex without prescription
testosterone anadoil for sale
buy provigil without prescription
sonata for sale
nimetazepam for sale
buy temazepam without prescription
buy xenical without prescription
buy famvir without prescription
buy seroquel without prescription
rivotril for sale
acyclovir for sale
loprazolam for sale
buy nimetazepam without prescription
buy prozac without prescription
mogadon for sale
viagra for sale
buy valium without prescription
lamisil for sale
camazepam for sale
zithromax for sale
buy clobazam without prescription
buy diflucan without prescription
modalert for sale
diflucan for sale
buy alertec without prescription
buy zyban without prescription
buy serax without prescription
buy medazepam without prescription
buy imovane without prescription
mefenorex for sale
lormetazepam for sale
prednisone for sale
ativan for sale
buy alprazolam without prescription
buy camazepam without prescription
buy nobrium without prescription
mazindol for sale
buy mazindol without prescription
buy mogadon without prescription
buy terbinafine without prescription
diazepam for sale
buy topamax without prescription
cialis for sale
buy tafil-xanor without prescription
buy librium without prescription
buy zithromax without prescription
retin-a for sale
buy lunesta without prescription
serax for sale
restoril for sale
stilnox for sale
lamotrigine for sale

Legal Issues in Cloud Computing

Cloud computing is when a user provides an input for a program, but some or all of the program’s processing is outsourced to another computer or set of computers (the “cloud server”). Google Maps is an easy example of this – the user provides an input, which Google’s cloud server processes in order to provide the user an output. Cloud servers, in processing inputs, will acquire data, some of which may be highly sensitive (i.e., medical records). Once the data is on the cloud server, any number of things can compromise its privacy – third parties may expose the data through an attack, the data may leak due to faulty coding or hardware, cloud server operators may use the data for gain without consent of the users, or the cloud server operator may hand the data over to the government without consent of the users.

User data uploaded to cloud servers receives, at best, awkward privacy protection through legal doctrine.

First, Fourth Amendment “right to be secure” jurisprudence fails to provide much protection to cloud user data at all. The “Third-Party Doctrine” doctrine of the Fourth Amendment holds that knowingly revealing information to a third party relinquishes Fourth Amendment protection in that information. Thus, when a cloud computer user utilizes cloud computing services, he or she entrusts the security of sensitive information to a third party, the cloud server, thereby waiving his or her Fourth Amendment right to preserve the security of that data. What’s more, the Supreme Court has actually expressed some fear of delving into the intersection of modern internet technology and the Fourth Amendment, noting in City of Ontario, Cal. v. Quon that “The judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear.”

Second, statutes may provide some protection to cloud users, but their language is antiquated and thus applies tenuously, if at all, to modern cloud technology. The Stored Communications Act (“SCA”), codified in 18 U.S.C. §§ 2701-2712, addresses the voluntary and compulsory disclosure of electronic communications and records. However, the SCA was enacted primarily to protect information that is communicative in nature – i.e., electronic mail – and the statute thus has several shortcomings when it is applied to cloud computing:

  1. The SCA does not address negligent or reckless disclosure of data, only voluntary (i.e., knowingly or purposely) or government-compelled disclosure;
  2. It is possible that cloud computing falls under neither the “electronic communication service” (“ECS,” defined at 18 U.S.C. § 2510(15)) nor the “remote computing service” (“RCS,” defined at 18 U.S.C. § 2711(2)) scopes of the SCA’s protections;
  3. Many cloud computing services are not provided “to the public” at large, nullifying the SCA’s protections against voluntary disclosure; and
  4. Data shed during cloud computing likely do not qualify as “contents” under the SCA (defined at 18 U.S.C. § 2510(8)) and can thus be disclosed freely to any nongovernmental third party.

This begs the question: how should the law protect cloud computing data, if at all? New technology is emerging which will make it easier for cloud users and servers to protect user data. For instance, Christopher W. Fletcher, a researcher in the Massachusetts Institute of Technology’s Computer Science and Artificial Intelligence Laboratory, is developing a processor for cloud servers called “Ascend” that makes it impossible for the cloud server to see the data it handles. In essence, Ascend turns the cloud server into a black box to which users send encrypted blobs of data for processing; then the server sends encrypted blobs of data back to the users.

This is to say that emerging technology may do a better job of protecting user data than the legal system can. While Ascend is server-side and thus relies on cloud server operators to install the technology themselves, perhaps a user-side processor with similar effects may be developed in the near future. However, if one were to decide that cloud user data should be protected primarily through technology, there still remains the question of how the law should incentivize the use of such technology. Is cloud user data so sensitive that server operators should by law be required to implement protective measures like Ascend? Or should they merely be incentivized to use such measures by implementing a negligence regime for improperly disclosed or leaked data? Or, should the law sit back and let the free market decide?

In my view, the importance of cloud computing in today’s environment demands a forward-looking and flexible environment. Lawmakers, perhaps through a Congressional subcommittee or an agency, should be tasked with evaluating which types of user data are the most sensitive and thus most entitled to protection, which technologies are sufficient to protect the data, and what degree of liability is appropriate for the harm visited upon the user through inadequate protections.

About the Author

Cody Ruegger

Cody Ruegger is a Staffer for the Columbia Science and Technology Law Review. He is a 2L at Columbia Law School.
blog comments powered by Disqus