Cloud Computing,Contracts & LawJamie Clark, General Counsel, OASISWindsor, UK, October, 2011
"The largeststandardsgroup forelectronic             Over 5,000 participantscommerce on            representing more thant...
OASIS interoperates with the worldCooperation, liaison and harmonization is a first-class OASIS priority:   ●      ISO, IE...
So what about the Cloud?
It’s a fairly loud, crowdedtopic right now
But maybe not as complexas it sounds, for law  software-as-a-service  platform-as-a-service                          Someo...
But maybe not as complexas it sounds, for law                                 s or                       s h h d d o t ne ...
Many of the challenges that"the cloud" brings alreadyare well in hand. Others, notso much yet.Being sorted out (maybe not ...
Many of the challenges that"the cloud" brings alreadyare well in hand. Others, notso much yet.Being sorted out (maybe not ...
Many of the challenges that"the cloud" brings alreadyare well in hand. Others, notso much yet.Being sorted out (maybe not ...
Whats left over for thelawyers to sort out so thatour contracts actually work?       Comparable Quality of Service measur...
Quality of Service, andservice level agreements    Comparable QoS measurements: dashboardability      Automated SLAs: Ru...
Data ownership and access   Its yours, but you cant get at it: backup and    portability   Platforms: lock-in by code, n...
Data ownership and access   Its yours, but you cant get at it: backup and    portability   Platforms: lock-in by code, n...
Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all ser...
Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all ser...
Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all ser...
Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all ser...
Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all ser...
Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all ser...
Jurisdiction, applicablelaws and enforcementw oo:r:                      la f f r               g                         ...
Jurisdiction, applicablelaws and enforcement                                  for:                      nig ga aw         ...
The peculiar problem ofidentifiers   Competing identifier systems   Non-rigorous identifiers and massive scaling   Who ...
Cloud Computing,Contracts & Lawjamie.clark@oasis-open.orgWindsor, UK, October, 2011
Upcoming SlideShare
Loading in...5
×

Oasis cloud-law-ics-unofficial

254

Published on

Jamie Clark's preso on cloud computing and legal issues at the OASIS International Cloud Symposium (#intcloudsymp) at Ditton Manor, Windsor, UK, October 2011

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
254
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Oasis cloud-law-ics-unofficial"

  1. 1. Cloud Computing,Contracts & LawJamie Clark, General Counsel, OASISWindsor, UK, October, 2011
  2. 2. "The largeststandardsgroup forelectronic Over 5,000 participantscommerce on representing more thanthe Web" 600 organizations and individuals, since 1993 60+ technical committees producing royalty-free and RAND standards http://www.oasis-open.org/
  3. 3. OASIS interoperates with the worldCooperation, liaison and harmonization is a first-class OASIS priority: ● ISO, IEC, ITU, UN-ECE MoU for E-Business ● ISO/IEC JTC1 SC34, SC38; ISO TCs 154, 215, ITU-T SG 17 ● OECD, SWIFT, UPU, World Bank ● Asia PKI, Changfeng (Beijing), CESI, EA-ECA, Korean NIA, CEN/ISSS, European ICTSB, ETSI, PSLX, SIENA, Standards-AU ● ABA, ACORD, AIAG, CalConnect, CSCC, HL7, MBAA, NAESB, LRC, InfoCard/OpenID, Kantara/Liberty, OAGi, ODCA, OGC, OMA, OMG, RosettaNet/GS1/UCC, W3C http://www.oasis-open.org/liaisons
  4. 4. So what about the Cloud?
  5. 5. It’s a fairly loud, crowdedtopic right now
  6. 6. But maybe not as complexas it sounds, for law software-as-a-service platform-as-a-service Someone else holds or controls your Someone else holds or controls your  application-as-a-servicedata?Not new.  data? Not new. Your computing resources are somewhere storage-as-a-service Your computing resources are somewhere   else? Not new. else? Not new. Network latency and service levels? Not Networkinfrastructure-as-a-service latency and service levels? Not   new. new. As with e-signatures in the 1990s, lots of acronyms-as-a-servicepre-existing law andin theallocation of As with e-signatures risk 1990s, lots pre-existing law and risk allocation practices inform us practices inform us boring-slides-as-a-service oy-gevalt-as-a-service
  7. 7. But maybe not as complexas it sounds, for law s or s h h d d o t ne . ele e olols? rNoneww. What IS new is the degree of o e eone l o d a a   So Smmone eys ur atat? Not  What IS new is the degree of co ntrlols our d y e s re e reliance on this tech for critical ar contro s putingesources w. reliance on this tech for critical resourc a r ot ne our cmmutings? ?NNt new.  YYur co op ele e o systems. ie e systems. o ewhre e ls  so mwhe er e d seriv c some e nc a a n v tncy y nd ser  c kalta etwor l e t new. k o w. “More outsourcing” “More outsourcing”  NNtwor e ls? Nt ne  eve No lelvels?  Consider how our expectations Consider how our expectations  of mobile telephones changed, of mobile telephones changed, as they evolved from toy, to as they evolved from toy, to convenience, to necessity. convenience, to necessity.   Increasingly, apps, MSPs, PaaS Increasingly, apps, MSPs, PaaS and remote storage define and remote storage define computing. computing.
  8. 8. Many of the challenges that"the cloud" brings alreadyare well in hand. Others, notso much yet.Being sorted out (maybe not done, Uncharted waters ahead (Herebut well started, anyway): Be Dragons):  Cloud computing security  Comparable Quality of  Virtualization and hypervisor Service measures interactions  Vocabularies for SLAs &  Reliable messaging and dashboardability transactional patterns  Data ownership and  Federated identity (of humans access and organizations)  Jurisdiction  Remote data storage access  Identifier rigor
  9. 9. Many of the challenges that"the cloud" brings alreadyare well in hand. Others, notso much yet.Being sorted out (maybe not done, Uncharted waters ahead (Herebut well started, anyway): Be Dragons):  Cloud computing security  Comparable Quality of n d andss Virtualization a r dhypervisor Service measures Sta dard   Stan interactions  Vocabularies for SLAs & Reliable e c h n l ylogy o o gand dashboardability echno T messaging   T transactional patterns  Data ownership and a(ofee t s  identity k t M s Federatedh e M a rr k humans access  T h e T  and organizations)  Jurisdiction  Remote data storage access  Identifier rigor
  10. 10. Many of the challenges that"the cloud" brings alreadyare well in hand. Others, notso much yet.Being sorted out (maybe not done, Uncharted waters ahead (Herebut well started, anyway): Be Dragons):  Cloud computing security  Comparable Quality of n d andss Virtualization a r dhypervisor Service measures Sta dard   Stan interactions  Vocabularies for SLAs & Reliable e c h n l ylogy o o gand dashboardability echno T messaging   T transactional patterns  Data ownership and a(ofee t s  identity k t M s Federatedh e M a rr k humans access  T h e T  and organizations)  Jurisdiction  Remote data storage access  Identifier rigor
  11. 11. Whats left over for thelawyers to sort out so thatour contracts actually work?  Comparable Quality of Service measures  Vocabularies for SLAs & dashboardability  Data ownership and access  Jurisdiction  Identifier rigorAll elevated from casual to critical priority: thisisnt your teenagers party pics anymore
  12. 12. Quality of Service, andservice level agreements  Comparable QoS measurements: dashboardability  Automated SLAs: Rule-based negotiations for service use and management: common vocabularies for SLAs?  The “Heidi” model of endpoints: when is a service asserted to be reliable? Do reputational models suffice? Consider “good enough” weather forecasts.  Data protection due diligence, plenary magic-bullet licenses, and the general problem of liability in software WSQM? RuleML? WSDM? .902 = 0.81 . . . .904 = 0.66 . . . .9010 = 0.35 “warranty of merchantability … fitness for a purpose”http://legalbrat.blogspot.com/2011/09/why-this-cloud-has-no- silver-lining-for.html
  13. 13. Data ownership and access Its yours, but you cant get at it: backup and portability Platforms: lock-in by code, not data If its about you, is it yours or mine? Privacy, personal data and the rights of subjects Its yours, but you gave me permission: ToS documents, implied consent, and transitive permission to third parties Exchange formats; lock-in; data replication Ownership vs. regulation (as in credit bureaus) Uniform legal intercept expectations Whos a “third party”?
  14. 14. Data ownership and access Its yours, but you cant get at it: backup and portability Platforms: lock-in by code, not data If its about you, is it yours or mine? Privacy, personal data, and the rights of subjects Its yours, but you gave me permission: ToS documents, implied consent, and transitive permission to third parties n: itive eerm s oo prmisisisin: ur Trnnisive p Traas t ur at witit oo dtaa whh ur saar yyo” a y hhree our d “We ma s ane ss Exchange formats; lock-in;ey s prtrtnrreplication “Wesin s data er” ma s pa t f fr r bs r daaa oo u d buuines in creditubureaus) s andt Ownership vs. regulation (as mayuuseyyo r dases,bbyus an “We y se ou rpoes, y “We ma ement pupos ” Uniform legal interceptaexpectations pur m anggment providess e mana service rovider ” r o r r ervice p Whos a “thirduparty”? nessaassocaiaees” ou s t ci t s” sso A bbusi ess “ usin rs HHIPA “ IPAA us Poce r rocessos ssor ller vess s P tooer v r ll er r u onn CCo tr
  15. 15. Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all services provided hereunder are governed by the law of the State of California without regard for the application of blah blah blah” and you must come here to sue us. Jurisdiction: In the sense of applicable regulatory schemes Memset (UK): Our clouds not housed in a Patriot Act jurisdiction: http://www.katescomment.com/securing-data- in-the-cloud/ Jurisdiction: In the sense of government enforcement India: Move your servers for RIM, Google and Skype, please: http://news.cnet.com/8301-1009_3-20015418- 83.html
  16. 16. Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all services provided hereunder are governed by the law of the State of California without regard for the application of blah blah blah” and you must come here to sue us. Jurisdiction: In the sense of applicable regulatory schemes Memset (UK): Our clouds not housed in a Patriot Act jurisdiction: http://www.katescomment.com/securing-data- in-the-cloud/ Jurisdiction: In the sense of government enforcement India: Move your servers for RIM, Google and Skype, please: http://news.cnet.com/8301-1009_3-20015418- 83.html
  17. 17. Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all services provided hereunder are governed by the law of the State of California without regard for the application of blah blah blah” and you must come here to sue us. Jurisdiction: In the sense of applicable regulatory schemes Memset (UK): Our clouds not housed in a Patriot ne i n Act eissoo e t su t h coutrttoose eoaattaach jurisdiction: http://www.katescomment.com/securing-data- u tocour her to t c in-the-cloud/ Gonngtogoingthere t her. ig Goi ng; going t anoher. thng; opetryyissanot t i Jurisdiction: In the sense oflocalppoper t i thigovernment enforcement r lo cal r yaaffeecss tt l f f Skype, onyand cl r c l w o sl o India: Move your servers for RIM,cGoogle ot all w nrtaa t tlaaactn :nn t al CCo ur conrtacts: ont please: http://news.cnet.com/8301-1009_3-20015418- r 83.html o o r cont ry ruees. yy u ulaooy rul l s. g t tr ree ula rg
  18. 18. Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all services provided hereunder are governed by the law of the State of California without regard for the application of blah blah blah” and you must come here to sue us. Jurisdiction: In the sense of applicable regulatory schemes Memset (UK): Our clouds not housed in a Patriot Act jurisdiction: http://www.katescomment.com/securing-data- in-the-cloud/ Jurisdiction: In the sense of government enforcement India: Move your servers for RIM, Google and Skype, please: http://news.cnet.com/8301-1009_3-20015418- 83.html
  19. 19. Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all services provided hereunder are governed by the law of the State of California without regard for the application of blah blah blah” and you must come here to sue us. Jurisdiction: In the sense of applicable regulatory schemes Memset (UK): Our clouds not housed in a Patriot Act jurisdiction: http://www.katescomment.com/securing-data- in-the-cloud/ Jurisdiction: In the sense of government enforcement India: Move your servers for RIM, Google and Skype, please: http://news.cnet.com/8301-1009_3-20015418- 83.html
  20. 20. Jurisdiction, applicablelaws and enforcement Jurisdiction: in the sense of contract enforcement “This contract and all services provided hereunder are governed by the law of the State of California without regard for the application of blah blah blah” and you must come here to sue us. Jurisdiction: In the sense of applicable regulatory schemes Memset (UK): Our clouds not housed in a Patriot Act jurisdiction: http://www.katescomment.com/securing-data- in-the-cloud/ Jurisdiction: In the sense of government enforcement India: Move your servers for RIM, Google and Skype, please: http://news.cnet.com/8301-1009_3-20015418- 83.html
  21. 21. Jurisdiction, applicablelaws and enforcementw oo:r: la f f r g ? ovennnn law sofwaaeeuuses? G e rr i i g r ser rs Jurisdiction: in the sense Gov Righssoofsoft tw r privacy? of contracttenforcementf Right & va y? ion& priarec r t cct tappotee tion ts?  “This contract and all services providedohereunder Da r governed by the law of the StateDofta moaalrirgghs?   a Californiai ht r l without tregard for the application of blah blah blah”mor youcmustecome I R; ; IPPR and e &coomp tittiioo i nn  pe taad & m  here to sue us. r de  FFarirtr ? ai uuees  r r l l s? Jurisdiction: In the sense of applicable regulatory schemeshe t men,t,ififthe t e n Memset (UK): Our clouds not housedoofea noocc mnAct in e f f r r e u etyy. n Patriot r . A ndeease msinncco ntr ase f i - - ou And er aams jurisdiction: http://www.katescomment.com/securing-data- r in-the-cloud/ evv r f f r ss r e re Jurisdiction: In the sense of government enforcement India: Move your servers for RIM, Google and Skype, please: http://news.cnet.com/8301-1009_3-20015418- 83.html
  22. 22. Jurisdiction, applicablelaws and enforcement for: nig ga aw erithe lw for: ftware secontract enforcement u s? Jurisdiction: vinn nightssenseeof rsiresra?cy? nl w f view o Goer v R hts ofosoft ion & rivacu? is that a naïve vie of Go fs owar u  Rig p v yt a rototctcon & s?Butprovided ation? it naïve pr e e services is that a hereunder are p B “This contract DDtat p allal rigtht?  and tr u s rk loc o the Statewok?location? aa ; mrarl righ s pnniewrlof? California without regard tt nuolr s  governed by theIRRmo of & cmmetettien e e   law IP P; ade co o p i io o for the applicationitrrofe blahemetnti,f itfhblah”rerand you must come  Fa tr & Fair ad blah te e erevre hs s v here to sue us. nd ase e foenfnotfrrocremen , en c  eas o f . cou y AAdrms i-n-ountry. n e Jurisdiction: Inamthe c fafr s in sense of applicable regulatory schemes Memset (UK): Our clouds not housed in a Patriot Act jurisdiction: http://www.katescomment.com/securing-data- in-the-cloud/ Jurisdiction: In the sense of government enforcement India: Move your servers for RIM, Google and Skype, please: http://news.cnet.com/8301-1009_3-20015418- 83.html
  23. 23. The peculiar problem ofidentifiers Competing identifier systems Non-rigorous identifiers and massive scaling Who owns the ID for the object? Who can charge for it? Where does the data live? Identifiers and names as a predicate for enforceable obligations URIs, URNs, XRIs, UUIDs, UPCs, ASN.1, oh my.If my inventory falls in the forest, but my subscription to the identifier database runs out, does it make a sound? Is the product “identified to the contract”, or substitutable?
  24. 24. Cloud Computing,Contracts & Lawjamie.clark@oasis-open.orgWindsor, UK, October, 2011
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×