The document discusses several key legal issues related to cloud computing:
1) Compliance can be difficult when cloud services are geographically decentralized and contracts impose auditing requirements. Applicable law and jurisdiction are also unclear when services are provided across borders.
2) Cloud providers face legal liability for illegal data hosted on their services. However, laws in India and other places provide liability protection if the provider is unaware and removes illegal data upon awareness.
3) Loss of data location challenges cybercrime investigations and applying legal jurisdiction. However, conventions like the Budapest Convention on Cybercrime provide for legal access of data across borders with user consent.
3. Legal Issues in Cloud Computing
Liability
Law
Compliance
Copyright Data Portability
www.cyberlawconsulting.com
4. Why Cloud Computing
• Cloud Computing services offer low
barrier to entry and easy scaling
possibilities.
• Easy “click-wrap agreements”
• Agility/ Flexibility of Technology
• Always ON – ubiquitous
• Real Time Information and Immediate
feedback
www.cyberlawconsulting.com
5. Compliance of Cloud Computing
• Auditing requirements
Many contracts impose auditing possibilities that
include physical inspection how can these auditing
requirements be complied with when geographically
decentralized cloud services are used?
• Applicable Law & Competent court
If outside own country, any litigation can become
prohibitively expensive . .
• What happens in case of bankruptcy of the
cloud computing service provider?
www.cyberlawconsulting.com
6. Compliance as per The IT Rules, 2011
• The intermediary shall observe following due diligence while
discharging his duties, namely : ―
• (1) The intermediary shall publish the rules and regulations,
privacy policy and user agreement for access or usage of the
intermediary’s computer resource by any person.
• (2) Such rules and regulations, terms and conditions or user
agreement shall inform the users of computer resource not to
host, display, upload, modify, publish, transmit, update or
share any information that ….
• If such hosting reported action to be taken in 36 hours
• FACTS : Drop Box , Rapid Share, Gmail Storage contains
infinite pornography, pirated s/w , songs etc
www.cyberlawconsulting.com
7. Law for Cloud Computing Service
• Cloud computing service providers are intermediary
as per The IT Act, 2000
• S2(1)(w) "Intermediary" with respect to any
particular electronic records, means any person who
on behalf of another person receives, stores or
transmits that record or provides any service with
respect to that record and includes telecom service
providers, network service providers, internet service
providers, web hosting service providers, search
engines, online payment sites, online-auction sites,
online market places and cyber cafes;
www.cyberlawconsulting.com
8. Indemnity Issues in Cloud Computing
We and our licensors shall not be responsible for
any service interruptions, including, without
limitation, power outages, system failures or other
interruptions, including those that affect the receipt,
processing, acceptance, completion or settlement of
any payment services. (...)
Neither we nor any of our licensors shall be liable to
you for any direct, indirect, incidental, special,
consequential or exemplary damages, including,
but not limited to, damages for loss of profits,
goodwill, use, data or other losses (...)
Who will indemnify the Customer or the user ?
9. Agreement Clauses in Cloud Service
• ”You are utilizing a shared disk model
and we cannot RISK the chance your
third party may interfere with other
clients using the same platform”.
• What happens
to risk mitigation ?
www.cyberlawconsulting.com
10. Legal Liability of Cloud Providers
• Including India many jurisdictions, cloud providers can
be held liable for the illegal data they may be hosting
Escape Routes
• no liability for services that “consist of” the storage of electronic
information under the condition that the provider has No
knowledge or awareness of illegal nature.
• ..and removes or blocks illegal data when it does
gain knowledge or become aware of illegal nature
• Liability protection does not prevent so-called
injunctions, which can be as costly and timeconsuming
www.cyberlawconsulting.com
11. Loss Of Location in Cloud Computing
• With Indian Investigation agencies, Loss of location is
likely to cripple cybercrime investigations at a very early
stage.
• The Budapest Convention on Cybercrime already
features a legal principle which overrules location as a
legal connecting factor: Consent. Article 32 of the
Budapest Convention states:
• Article 32 – Trans-border access to stored computer
data with consent or where publicly available
• India not a Signatory to Convention on Cybercrime
www.cyberlawconsulting.com
12. Letter rogatory an option
• The Interpol can take necessary follow up
steps for this the local police issues letters
rogatory under the provisions of Section 166 A
Cr PC.
www.cyberlawconsulting.com
13. Data Portability on Cloud
• Who is really managing my company’s sensitive
information?
• What are their internal security practices? How
well do they handle incident response?
• How reliable is the infrastructure that provides
the service?
• Are they prone to service outages?
• How can my service provider recover my cloud
stuff?
• What is H/W & S/W Portability of my DATA ?
www.cyberlawconsulting.com
14. Copyright Issues for Data on Cloud
• Cloud storage as offered by Box.net and other
providers like Dropbox do offer some of the
features of file sharing that a recent court ruling
found illegal.
• RIAA v/s LimeWire.
(Recording Industry Association of America)
• RIAA?? which took NAPSTER DOWN)
www.cyberlawconsulting.com