The growth and development in information technology has evolved the concept of cloud computing. Cloud computing can be explained as delivering computing as a service whereby shared resources, information are provided as a utility. It delivers the application via the internet which can be accessed from a web browser without installation. The business software and data is stored at a centralized remote location. The delivery models of cloud computing are SaaS (Software as a service), PaaS( Platform as a service ) and IaaS (Infrastructure as a service). The processing, storage and other fundamental computing resources run on cloud infrastructure. The deployment models include private cloud (internal applications), public cloud (general public), community cloud (particular community) and hybrid cloud (combination).
There are various legal issues in a cloud which include liability, security, risk allocation, data retention, third party contractual limitations, privacy, regulatory compliance, control over physical location of the data, security breach, intellectual property, jurisdiction issues. The cloud being stateless with the servers located in different locations and countries, the issues relating to conflict of laws, applicable laws arise. These legal problems arise in cross border transactions where in there is cross border data flow.
Generally, the cloud services involve multiple parties shifting the liability and onus on one another. The responsibility and liability of sub contractors is limited or disclaimed in entirety normally. The contractual issues often make it difficult for the customers to bind service providers for a breach. The cloud architecture is multi tenant which may involve data from different users stored on a single virtual server. Multiple virtual servers run on a single physical server in a cloud. The data security largely depends on the integrity of the virtualization.
The cloud services are usually provided on a standard service level agreement termed as SLA. The service level agreements are generally between the cloud service provider and the customer utilizing the cloud services describing the service levels and various other factors. The issue with these agreements is that they are usually not negotiable. The customer is given only little opportunity to conduct due diligence and the liability of providers is usually limited.
Since the data in cloud services is on continuous move and flow, the customer should have the right to know where and by whom their data is stored, accessed, transferred. The cloud technology pools the data resources and moves them from time to time to enable cost effectiveness. It is therefore, difficult to determine the physical location of data. The SLA’s also do not provide audit trail of data by customers which is a letdown in a cloud in regard to data security and privacy.
The intellectual property is the vital asset of any customer or company in the cyber world. The third parties might have access to the data which can be detrimental to trade secrets of customer or a company. The intellectual property rights, ownership, trade secret issues crop up usually in cloud computing. Many types of information can potentially qualify for trade secret protection like the technical specifications, financial information, business plans etc. The issues relating to software patents, copyright also arise in cloud.
The operational legal issues concern those arising from the use of cloud computing services on a day to day basis including the access to data, storage of data, upgrade. The data portability is another concern and the possibility of accessing the data after discontinuance or termination of relationship between cloud provider and customer. The legislative and regulatory issues present an area of ambiguity in cloud computing. The issue presented by cloud is the data concerning customers of a certain jurisdiction may warrant particular standards that may not be necessary at the jurisdiction where is being stored, accessed and processed.
The cybercrimes like hacking, virus, malware disruptions pose challenges like the right to claim lost profit by the customer, the providers liability etc. The legal and practical liability for events like disaster is also another challenge in a cloud. The risk allocation or mitigation issues arise since no provider offers 100 % guarantee. In certain cases, even the agreements may not able to oust the jurisdiction of multiple courts, especially when legislation in this regard specifically provides for jurisdiction. The cloud computing involves multiple features or transactions, so it may be difficult to arrive at any conclusion regarding the appropriate tax treatment.
The cloud technology may also raise e-discovery issues. The e-discovery is any process by which electronic data is sought, located and searched with the intent of using it as evidence in a civil or criminal legal case. It may be carried out offline on a particular computer or network. In cases where the customers adopting cloud based technologies are unable to respond to e-discovery requests or fail to do so in a timely manner face the risk of sanctions in litigations. The courts in some cases have imposed substantial sanctions thereby involving lot of risk. There are few other issues to consider in cloud computing like representations, indemnity and confidentiality, the bankruptcy of cloud service providers.
Every customer or business has unique requirements for using cloud services. The cloud computing has tremendous benefits like cost effectiveness, optimization, scalability, on demand services. The customer using the cloud needs to properly protect its data and IT.
The intellectual property issues that arise in cloud while being serious, are not greater or challenging than those posed by the use of internet. However, despite the legal challenges presented by cloud computing, the advantages it provides are many.
FINAL YR MS IN CYBER LAW AND SECURITY,
NATIONAL LAW UNIVERSITY, JODHPUR