“Partly Sunny with a Chance of Rain II”:
Forecasting the Legal Issues in Cloud Computing
by:
Thomas A. Kulik
Chairman, Dal...
About	
  the	
  Presenter	
  
Tom	
  Kulik	
  is	
  a	
  Partner	
  in	
  Scheef	
  &	
  Stone,	
  L.L.P.	
  out	
  of	
  ...
What	
  is	
  the	
  “Cloud”?...	
  

®	
  
…and	
  What	
  is	
  “Cloud	
  CompuBng”?	
  
“SaaS”	
  
	
  	
  	
  	
  	
  “PaaS”	
  
“IaaS”	
  

®	
  
 	
  “Cloud	
  CompuBng”	
  –	
  A	
  Hazy	
  Phrase	
  
for	
  a	
  Foggy	
  (Evolving)	
  Concept	
  
“As	
  a	
  metaph...
“Cloud	
  CompuBng”	
  DefiniBon	
  –	
  The	
  NaBonal	
  
InsBtute	
  of	
  Standards	
  and	
  Technology	
  	
  
	
  	
...
 	
  	
  	
  “Cloud	
  CompuBng”-­‐	
  EssenBal	
  CharacterisBcs	
  
•  On-­‐demand	
  self-­‐service	
  –	
  unilateral	...
“Cloud	
  CompuBng”	
  –	
  Service	
  Models	
  
 So7ware-­‐as-­‐a-­‐Service	
  (“SaaS”)	
  
•  External	
  soQware	
  h...
Examples	
  of	
  Cloud	
  Services	
  from	
  Cloud	
  
Service	
  Providers”	
  (“CSPs”)	
  
 Infrastructure-­‐as-­‐a-­...
“Cloud	
  CompuBng”	
  –	
  Deployment	
  Models	
  
  Private	
  Cloud	
  
 

Used	
  solely	
  by/operated	
  solely	
...
 	
  “Cloud	
  CompuBng”	
  –	
  DefiniBon	
  in	
  a	
  Nutshell	
  
	
  	
  	
  	
  A	
  fully-­‐scalable	
  service	
  f...
Why	
  the	
  Cloud	
  Model?	
  	
  
A	
  “Perfect	
  Storm”	
  	
  
•  Economics	
  -­‐	
  IT	
  capital	
  cost	
  pres...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  
CompuBng:	
  	
  More	
  Than	
  A	
  Drizzle…	
  
  Security	
  &	
  Pr...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  
CompuBng:	
  Security	
  &	
  Privacy	
  
  Data	
  in	
  the	
  “Cloud”...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  
CompuBng:	
  Security	
  &	
  Privacy	
  
Think	
  that	
  3rd	
  
parBes...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  
CompuBng:	
  Security	
  &	
  Privacy	
  
 Stengart	
  v.	
  Loving	
  C...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  
CompuBng:	
  Security	
  &	
  Privacy	
  
 City	
  of	
  Ontario	
  v.	
...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  
CompuBng:	
  Security	
  &	
  Privacy	
  
  Compliance	
  with	
  privac...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  
CompuBng:	
  Security	
  &	
  Privacy	
  
  Some	
  DomesBc	
  Considera...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  
CompuBng:	
  Security	
  &	
  Privacy	
  
  Some	
  InternaBonal	
  Cons...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  
CompuBng:	
  Security	
  &	
  Privacy	
  
  MUST	
  understand	
  the	
 ...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  CompuBng:	
  
Contractual	
  ConsideraBons	
  
  Different	
  contractual	...
 	
  The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  CompuBng:	
  	
  	
  
Contractual	
  ConsideraBons	
  
Don’t	
  think...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  CompuBng:	
  
Contractual	
  ConsideraBons	
  
  JurisdicBon	
  
• 

Gove...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  CompuBng:	
  
Contractual	
  ConsideraBons	
  
  TerminaBon	
  
• 
• 
• 
...
 	
  The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  CompuBng:	
  
Contractual	
  ConsideraBons	
  
Google	
  Apps	
  Exam...
 	
  The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  CompuBng:	
  
Contractual	
  ConsideraBons	
  
	
  Google	
  Apps	
  ...
The	
  Legal	
  ConsideraBons	
  in	
  Cloud	
  CompuBng:	
  
Contractual	
  ConsideraBons	
  
  MUST	
  take	
  CSP	
  o...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  
Intellectual	
  Property	
  
 Intellectual	
  property	
  rights	
  and	
...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  
Intellectual	
  Property	
  
 Copyright	
  
•  Remote	
  storage	
  DVR	
...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  
Intellectual	
  Property	
  
	
  	
  	
  	
  	
  Trade	
  Secrets	
  –	
  ...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  
Intellectual	
  Property	
  
  MUST	
  determine	
  how	
  IP	
  “creator...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  	
  
e-­‐Discovery	
  &	
  LiBgaBon	
  

 Discovery	
  of	
  electronicall...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  	
  
e-­‐Discovery	
  &	
  LiBgaBon	
  

  PreservaBon	
  is	
  KEY	
  

•...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  	
  
e-­‐Discovery	
  &	
  LiBgaBon	
  

  SpoliaBon	
  

•  Cloud	
  infr...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  	
  
e-­‐Discovery	
  &	
  LiBgaBon	
  
 MUST	
  account	
  for	
  specific...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  	
  
Ethical	
  ConsideraBons	
  for	
  Lawyers	
  
 Law	
  firm	
  use	
  ...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  	
  
Ethical	
  ConsideraBons	
  for	
  Lawyers	
  
 Answer:	
  	
  IT	
  ...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  	
  
Ethical	
  ConsideraBons	
  for	
  Lawyers	
  
 What	
  is	
  conside...
Weather	
  Brewing	
  on	
  the	
  Horizon:	
  	
  
Ethical	
  ConsideraBons	
  for	
  Lawyers	
  
 USE	
  COMMON	
  SENS...
“Partly Sunny with a Chance of Rain”:
Forecasting the Legal Issues in Cloud Computing	
  

Q	
  &	
  A	
  
	
  
	
  
	
  
...
Upcoming SlideShare
Loading in...5
×

Partly Sunny with a Chance of Rain II: Forecasting the Legal Issues in Cloud Computing

1,773

Published on

Driven by ever-increasing costs for computer infrastructure and the resources necessary to manage it, law firms and their clients have begun using hosted services and solutions available through the Internet for their required IT needs. Commonly referred to as “cloud computing,” these service models provide infrastructure, software or platforms via the Internet, rather than through more traditional on-site hardware and software installation and support. Technological developments have spurred somewhat of a “perfect storm” for the growth of cloud service providers, but clients and lawyers weighing this option must address the evolving legal risks inherent in this model, and may need to consider taking an umbrella before stepping “outside.”

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,773
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Partly Sunny with a Chance of Rain II: Forecasting the Legal Issues in Cloud Computing

  1. 1. “Partly Sunny with a Chance of Rain II”: Forecasting the Legal Issues in Cloud Computing by: Thomas A. Kulik Chairman, Dallas Bar Association Computer Law Section Partner, Scheef & Stone, L.L.P. Dallas Bar Association – Computer Law Section October 28, 2013   ®  
  2. 2. About  the  Presenter   Tom  Kulik  is  a  Partner  in  Scheef  &  Stone,  L.L.P.  out  of  its  headquarters  in   Dallas,  Texas,  as  well  as  Chairman  of  the  Dallas  Bar  AssociaBon  Computer  Law   SecBon.    With  a  deep  understanding  of  how  intellectual  property  assets   influence  business,  he  leverages  20  years  of  law  pracBce  with  prior  industry   experience,  strategically  counseling  clients  on  maKers  involving  the   evaluaBon,  acquisiBon,  development  and  protecBon  of  intellectual  property   rights,  with  an  emphasis  on  creaBvely  leveraging  such  assets  both   domesBcally  and  internaBonally.   Prior  to  matriculaBon  in  law  school,  he  was  an  award-­‐winning  systems   engineer  for  3Com  CorporaBon,  where  he  was  responsible  for  local  and  wide-­‐ area  network  architecture  and  design  supporBng  both  Fortune  500  and  start-­‐ up  companies  in  the  computer  services,  financial  and  pharmaceuBcal   industries.     Leveraging  this  industry  experience,  his  pracBce  focuses  on  intellectual   property  transacBons,  parBcularly  within  the  context  of  the  computer   soQware,  emerging  Internet  technologies  and  e-­‐commerce,  and  includes  an   extensive  trademark  preparaBon  and  prosecuBon  pracBce  and  aKendant   intellectual  property  liBgaBon.   ®  
  3. 3. What  is  the  “Cloud”?...   ®  
  4. 4. …and  What  is  “Cloud  CompuBng”?   “SaaS”            “PaaS”   “IaaS”   ®  
  5. 5.    “Cloud  CompuBng”  –  A  Hazy  Phrase   for  a  Foggy  (Evolving)  Concept   “As  a  metaphor  for  the  Internet,  "the  cloud"  is  a   familiar  cliché,  but  when  combined  with   "compuBng,"  the  meaning  gets  bigger  and  fuzzier… [but  essenBally]  encompasses  any  subscripBon-­‐ based  or  pay-­‐per-­‐use  service    that,  in  real  Bme  over   the  Internet,  extends  IT's  exisBng  capabiliBes.”    What  Cloud  Compu-ng  Really  Means,  Eric  Knor  &  Galen  Gruman,  InfoWorld,  2009   ®  
  6. 6. “Cloud  CompuBng”  DefiniBon  –  The  NaBonal   InsBtute  of  Standards  and  Technology            “Cloud  compuBng  is  a  model  for  enabling  convenient,  on-­‐ demand  network  access  to  a  shared  pool  of  configurable   compuBng  resources  (e.g.,  networks,  servers,  storage,   applicaBons,  and  services)  that  can  be  rapidly  provisioned   and  released  with  minimal  management  effort  or  service   provider  interacBon.  This  cloud  model  promotes  availability   and  is  composed  of  five  essen-al  characteris-cs,  three   service  models,  and  four  deployment  models.”        The  NIST  Defini,on  of  Cloud  Compu,ng,  Peter  Mell  and  Tim  Grance,  Version  15,  October  7,  2009   ®  
  7. 7.        “Cloud  CompuBng”-­‐  EssenBal  CharacterisBcs   •  On-­‐demand  self-­‐service  –  unilateral  and  automaBc   provisioning  of  a  user’s  compuBng  needs   •  Broad  network  access  –  services  available  through  the   network  to  cellphones,  PDAs,  laptops,  iPads,  etc.     •  Resource  pooling  –  dynamic  assignment  of  physical  and   virtual  compuBng  resources   •  Rapid  elas9city  –  quick  scale-­‐out/scale-­‐in  –  seamless  and   seemingly  unlimited  to  the  user   •  Measured  Service  –  automaBc  control  to  opBmize   management  of  resources  (storage,  processing,   bandwidth,  accounts)   ®  
  8. 8. “Cloud  CompuBng”  –  Service  Models    So7ware-­‐as-­‐a-­‐Service  (“SaaS”)   •  External  soQware  hosBng  in  a  cloud  infrastructure    PlaDorm-­‐as-­‐a-­‐Service  (“PaaS”)   •  Think  “SaaS-­‐plus”  –  compuBng  plamorm  and  “soluBon   stack”  for  building  and  running  custom  applicaBons  by  the   user        Infrastructure-­‐as-­‐a-­‐Service  (“IaaS”)   •  Data  processing,  storage,  network  and  other  fundamental   compuBng  resources  in  cloud  infrastructure   ®  
  9. 9. Examples  of  Cloud  Services  from  Cloud   Service  Providers”  (“CSPs”)    Infrastructure-­‐as-­‐a-­‐Service  (“IaaS”)   •  Amazon  ElasBc  Compute  Cloud  (EC2),  Amazon  S3,   Rackspace    So7ware-­‐as-­‐a-­‐Service  (“SaaS”)   •  Apple  iCloud,  Google  Apps,  Facebook  ApplicaBons    PlaDorm-­‐as-­‐a-­‐Service  (“PaaS”)   •  Salesforce  AppExchange,  Google  AppExchange   ®  
  10. 10. “Cloud  CompuBng”  –  Deployment  Models     Private  Cloud     Used  solely  by/operated  solely  for  the  organizaBon     Community  Cloud     Used  by/operated  for  mulBple  organizaBons  Bed  to  a  “specific   community”  with  “shared  concerns”     Public  Cloud     Owned  by  CSP  providing  cloud  services  to  the  public     Hybrid  Cloud     ComposiBon  of  2  or  more  disBnct  clouds  “bound  together  by   standardized  or  proprietary  technology  that  enables  data  and   applicaBon  portability”     ®  
  11. 11.    “Cloud  CompuBng”  –  DefiniBon  in  a  Nutshell          A  fully-­‐scalable  service  for  processing  and  storing   data  using  third-­‐party  shared  resources,  soQware   and  informaBon  accessible  over  a  network  (i.e.  the   Internet),  and  provided  to  computers  and  other   devices  on-­‐demand:     Usually  subscripBon-­‐based     May  be  pay-­‐per-­‐use     Even  free!   ®  
  12. 12. Why  the  Cloud  Model?     A  “Perfect  Storm”     •  Economics  -­‐  IT  capital  cost  pressures  pushing  for  beKer   ROI   •  More  for  Less  -­‐  Technological  InnovaBon  is  permipng:   »  BeKer  communicaBons  bandwidth  availability   »  Improved  microprocessor/bus  speeds   »  Increased  storage  capabiliBes   •  “Virtualiza,on”  –  easier  for  CSPs  to  maximize   infrastructure  for  the  services  provided  and  offload  much   IT  management   ®  
  13. 13. The  Legal  ConsideraBons  in  Cloud   CompuBng:    More  Than  A  Drizzle…     Security  &  Privacy     Contractual  ConsideraBons     Intellectual  Property     E-­‐Discovery  &  LiBgaBon     Ethical  ConsideraBons  for  Lawyers   ®  
  14. 14. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Data  in  the  “Cloud”  harder  to  protect   •  •  •  Is  a  “mulB-­‐tenant”  architecture  –  data  stored  on  a  virtual  server  that   shares  same  physical  server  with  other  virtual  servers   Security  dependent  upon  configuraBon  of  the  virtual  servers  and  API   vulnerabiliBes   Geographic  distribuBon  concerns  –  the  “cloud”  knows  no  boundaries     Breach  harder  to  detect  &  manage   •  •  •  CSP  may  use  third-­‐party  providers  for  elements  of  the  service   Audit  trail  across  mulBple  plamorms  not  necessarily  integrated   Geographic  distribuBon  concerns  remain   ®  
  15. 15. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy   Think  that  3rd   parBes  are  not   looking  for   YOUR  data?     THINK  AGAIN…   ®  
  16. 16. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy    Stengart  v.  Loving  Care  Agency,  Inc.,  990  A.2d  650  (2010)   company  policy  claiming  it  owned  all  informaBon  on  its   computers  NOT  enough  to  permit  retenBon  of  aKorney-­‐client   privileged  emails    N.J.  Appellate  Division  reversed  Superior  Court’s  order     ordered  employer  and  its  counsel  to  turn  over  ALL  email   communicaBons  between  plainBff  and  her  counsel  AND  delete   same  for  hard  drives     Ordered  hearing  on  sancBons    Point:  aKorney-­‐client  privilege  “substanBally  outweigh[s]”   employer’s  enforcement  of  its  own  policies     ®  
  17. 17. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy    City  of  Ontario  v.  Quon,  130  S.Ct.2619  (2010)  –  9-­‐0  decision   holding  City  did  NOT  violate  police  employees’  4th   Amendment  rights  by  searching  text  messages  on  city-­‐owned   pagers      SCOTUS  rev’d  9th  Circuit     found  search  to  be  “reasonable”  because    moBvated  by   legiBmate  work-­‐related  purpose  &  not  excessive  in  scope     Rejected  9th  Circuit’s  “least  intrusive”  means  approach  (i.e.  use   less  intrusive  methods  to  determine  proper  use  of  pagers)    BUT…did  not  address  employee  privacy  expectaBons   when  using  employer  computers   ®  
  18. 18. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Compliance  with  privacy  and  security  laws  and   regulaBons  no  longer  a  domes-c  maGer       Trans-­‐border  flow  of  private  informaBon  may  trigger  obligaBons     U.S.  laws  far  LESS  restricBve  than  other  countries  (parBcularly  the   European  Union)     Liability  for  breach  depends  upon  who  controls  the  data   versus  mere  data  processors     Many  data  privacy  laws  pre-­‐date  cloud  compuBng  capability   ®  
  19. 19. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Some  DomesBc  ConsideraBons:   •  •  •  •  •  Graham  Leach  Bliley  Act  -­‐  Financial  insBtuBons  must  have  policies/ procedures  in  place  to  protect  “non-­‐public  personal  financial   informaBon”  from  improper  disclosure   HIPAA/HITECH  Act  –  “Covered  enBBes”  required  to  noBfy  affected   persons  of  breach  of  unencrypted  “personal  health  informaBon”   FTC  Safeguards  Rule  –  Financial  insBtuBons  required  to  have    wriKen   security  plan  regarding  customer’s  private  informaBon   FTC  Red  Flags  Rule  –  InsBtuBons  holding  credit  accounts  must  have   wriKen  idenBty  theQ  program   Stored  CommunicaBons  Act  -­‐  protecBon  from  disclosure  for  emails  and   other  private  data  that  are  in  such  electronic  storage   ®  
  20. 20. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     Some  InternaBonal  ConsideraBons   •  EU  Data  ProtecBon  DirecBve  95/46/EC  –  no  transfer  of  data  to   countries  OUTSIDE  the  EU  unless  they  offer  an  “adequate  level  of   protecBon”  OR  where  excep-ons  apply...like  the  U.S.  Safe  Harbor  List   •  U.S.  Department  of  Commerce  negoBated  a  safe  harbor  framework   with  the  European  Commission  to  “bridge”  differences  in  privacy   protecBon  with  EU  member  states   •  CerBfying  to  the  “safe  harbor”  will  assure  that  EU  organizaBons  know   that  your  company  provides  "adequate"  privacy  protecBon   ®  
  21. 21. The  Legal  ConsideraBons  in  Cloud   CompuBng:  Security  &  Privacy     MUST  understand  the  CSP  operaBonal  model  to  facilitate   compliance  with  applicable  privacy  and  security  laws/ regulaBons  (especially  interna-onally  stored  data)     REVIEW  CSP  privacy  policy  AND  security  procedures  for   conBnuity  with  exisBng  company  procedures  &  guidelines  (i.e.   audit/reporBng  requirements,  security  breach  noBficaBons)     IDENTIFY  and  SPECIFY  data  security  controls  at  the  soQware   level  (i.e.  encrypBon,  firewalls),  as  well  as  physical  security   ®  
  22. 22. The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     Different  contractual  consideraBons  from   outsourcing  model   •  •  •  LocaBon  of  service/data  NOT  fixed,  but  distributed   CSP  owns  the  technology,  NOT  the  user/company   Contracts  normally  NOT  negoBable     Risk  allocaBon  far  more  difficult  to  address   •  •  •  No  tradiBonal  soQware  “license”  –  is  an  access  model   LiKle  to  no  indemnity/infringement  protecBon  from  CSP   LimitaBon  of  liability  may  not  cover  anBcipated  risk   ®  
  23. 23.    The  Legal  ConsideraBons  in  Cloud  CompuBng:       Contractual  ConsideraBons   Don’t  think  third  parBes  are  “looking”?    THINK  AGAIN…   “Just  as  a  sender  of  a  leKer  to  a  business  colleague  cannot  be  surprised   that  the  recipient’s  assistant  opens  the  leKer,  people  who  use  web-­‐based   email  today  cannot  be  surprised  if  their  communica9ons  are  processed   by  the  recipient’s  ECS  provider  in  the  course  of  delivery.  Indeed,  “a   person  has  no  legi9mate  expecta9on  of  privacy  in  informa9on  he   voluntarily  turns  over  to  third  par9es.”  Smith  v.  Maryland,  442  U.S.  735,   743-­‐44  (1979).”  (emphasis  added)   Google  MoBon  to  Dismiss,  In  re  Google  Gmail  Li-ga-on,  Case  No.  5:13-­‐ md-­‐02430-­‐LHK  (N.D.  Ca.)   ®  
  24. 24. The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     JurisdicBon   •  Governing  law/Venue  always  favors  the  CSP     LimitaBons  of  Liability   •  Usually  no  liability  for  damages  whatsoever  (data   deleBon,  corrupBon,  failure  to  access,  etc.)     Limited  to  No  Warranty   •  •  “AS-­‐IS”  or  “as  available”   No  warranty  that  service  uninterrupted/error-­‐free  –   limited  to  SLA,  which  may  be  inadequate   ®  
  25. 25. The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     TerminaBon   •  •  •  CSPs  usually  reserve  right  to  terminate  unilaterally   Data  portability  in  event  of  terminaBon?  Avoid  “lock-­‐in”   What  is  CSP  goes  bankrupt?       Service  Level  Agreement  (“SLA”)   •  Usually  rely  upon  service  credits  in  event  of  specified   period  of  downBme,  BUT  credits  mean  liKle  when  the   service  is  down!     AudiBng/compliance?   ®  
  26. 26.    The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons   Google  Apps  Examples:   “Representa,ons.  …Google  warrants  that  it  will  provide  the  Services  in   accordance  with  the  applicable  SLA.”   “Disclaimers.  EXCEPT  AS  EXPRESSLY  PROVIDED  FOR  HEREIN,  NEITHER   PARTY  MAKES  ANY  OTHER  WARRANTY  OF  ANY  KIND,  WHETHER  EXPRESS,   IMPLIED,  STATUTORY  OR  OTHERWISE,  INCLUDING  WITHOUT  LIMITATION   WARRANTIES  OF  MERCHANTABILITY,  FITNESS  FOR  A  PARTICULAR  USE  AND   NONINFRINGEMENT.  GOOGLE  MAKES  NO  REPRESENTATIONS  ABOUT  ANY   CONTENT  OR  INFORMATION  MADE  ACCESSIBLE  BY  OR  THROUGH  THE   SERVICE.  THE  SERVICE  IS  NEITHER  DESIGNED  NOR  INTENDED  FOR  HIGH   RISK  ACTIVITIES.  CUSTOMER  ACKNOWLEDGES  THAT  THE  SERVICES  ARE  NOT   A  TELEPHONY  SERVICE  AND  THAT  THE  SERVICES  ARE  NOT  CAPABLE  OF   PLACING  OR  RECEIVING  ANY  CALLS,  INCLUDING  EMERGENCY  SERVICES   CALLS,  OVER  PUBLICLY  SWITCHED  TELEPHONE  NETWORKS.     ®  
  27. 27.    The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons    Google  Apps  Examples:    “Limita,on  on  Indirect  Liability.  NEITHER  PARTY  WILL  BE  LIABLE  UNDER  THIS     AGREEMENT  FOR  LOST  REVENUES  OR  INDIRECT,  SPECIAL,  INCIDENTAL,   CONSEQUENTIAL,  EXEMPLARY,  OR  PUNITIVE  DAMAGES,  EVEN  IF  THE  PARTY   KNEW  OR  SHOULD  HAVE  KNOWN  THAT  SUCH  DAMAGES  WERE  POSSIBLE  AND   EVEN  IF  DIRECT  DAMAGES  DO  NOT  SATISFY  A  REMEDY.”      “Limita,on  on  Amount  of  Liability.  NEITHER  PARTY  MAY  BE  HELD  LIABLE   UNDER  THIS  AGREEMENT  FOR  MORE  THAN  THE  AMOUNT  PAID  BY   CUSTOMER  TO  GOOGLE  DURING  THE  TWELVE  MONTHS  PRIOR  TO  THE  EVENT   GIVING  RISE  TO  LIABILITY.    “Governing  Law.  This  Agreement  is  governed  by  California  law,  excluding  that   state’s  choice  of  law  rules.  FOR  ANY  DISPUTE  RELATING  TO  THIS  AGREEMENT,   THE  PARTIES  CONSENT  TO  PERSONAL  JURISDICTION  IN,  AND  THE  EXCLUSIVE   VENUE  OF,  THE  COURTS  IN  SANTA  CLARA  COUNTY,  CALIFORNIA.  “   ®  
  28. 28. The  Legal  ConsideraBons  in  Cloud  CompuBng:   Contractual  ConsideraBons     MUST  take  CSP  operaBonal  model  into  consideraBon  to   address  specific  points  of  impact  and  allocate  risk  –  KNOW   the  3P  providers     REVIEW  service  levels/credits  with  a  wary  eye  –  may  NOT  be   enough  to  cover  for  impact  of  downBme  on  business     MUST  address  data  export  capabiliBes  and  ensure   compaBbility  with  business  conBnuity  and  DR  plan     NEGOTIATE…NEGOTIATE…NEGOTIATE!   ®  
  29. 29. Weather  Brewing  on  the  Horizon:   Intellectual  Property    Intellectual  property  rights  and  the  “cloud”  more   difficult  to  address:   •  No  tradiBonal  license  model   •  “Legacy”  systems/soQware  –  connecBvity  to  the   “cloud”  may  not  be  consistent  with  exisBng  licenses   •  Possible  fixaBon  issues  due  to  distributed  architecture    Evolving  technology  means  the  law  is  desperately   trying  to  catch-­‐up    Trade  secrets  issues  –  inconsistent  with  cloud  model?   ®  
  30. 30. Weather  Brewing  on  the  Horizon:   Intellectual  Property    Copyright   •  Remote  storage  DVR  system  held  not  to  be  a  violaBon  of   U.S.  copyright  law  (See  Cartoon  Network  LP,  LLLP  v.  CSC   Holdings,  Inc.,  536  F.3d  121  (2nd  Cir.  2008),  cert.  den’d  129   S.Ct.  2890  (2009))   •  Aereo  (retransmission  of  over-­‐the-­‐air  broadcasts  to  mobile   devices)   •  Digital  Entertainment  Content  Ecosystem  (DECE)  –  a.k.a.   “Ultraviolet”  -­‐    purchase  content  once,  then  view  in  many   formats  and  on  many  devices  from  cloud-­‐based  account   ®  
  31. 31. Weather  Brewing  on  the  Horizon:   Intellectual  Property            Trade  Secrets  –  protecBons  may  be  more  limited!   Trade  secret  informaBon  stored  in  the  cloud  may  be  subject  to  loopholes   that  permit  unauthorized  third-­‐party  disclosure.  See  Sherman  &  Co.  v.   Salton  Maxim  Housewares,  Inc.,  94  F.Supp.2d  817  (E.D.  Mich.  2000)   (holding  that  the  Stored  CommunicaBons  Act  only  prohibits  the   disclosure  of  stored  communicaBons  where  the  disclosing  party  provides   an  “electronic  communicaBon  service”,  and  a  person  who  does  not   provide  such  a  service  "can  disclose  or  use  with  impunity  the  contents  of   an  electronic  communicaBon  unlawfully  obtained  from  storage."  (citaBon   omiKed)).   ®  
  32. 32. Weather  Brewing  on  the  Horizon:   Intellectual  Property     MUST  determine  how  IP  “creators”  in  organizaBon   would  be  using  CSP  services  and  where  stored     REVIEW  any  legacy  system  Be-­‐in  to  cloud  for  license   compliance     RETHINK  placing  trade  secret  informaBon  within  the   cloud  –  law  is  evolving  here   ®  
  33. 33. Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon    Discovery  of  electronically  stored  informaBon  (“ESI”)   drama-cally  more  difficult  in  the  cloud   •  Data  preservaBon/integrity  hard  to  manage   •  Data  may  be  housed  in  mul-ple  countries   •  CSPs  may  use  3P  providers      JurisdicBonal  issues   •  Enforceability  –  mulBple  countries  vs.  governing  law   •  Country  where  data  is  resident  in  computer  facility  –   governmental  access?   ®  
  34. 34. Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon     PreservaBon  is  KEY   •  Unlike  outsourced  soluBons,  users  may  not  know  what   infrastructure  they  are  using  or  the  physical  locaBon  of   data   •  CSP  may  be  able  to  retrieve  the  data,  but  NOT  know  where   your  data  is  for  the  purpose  of  a  liBgaBon  hold   •  CSP  may  use  third-­‐party  service  providers  for  elements  of   services  provided  to  the  user,  exacerbaBng  the  issue     Courts  may  NOT  disBnguish  servers  in  the  “cloud”   from  ones  in  direct  possession   ®  
  35. 35. Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon     SpoliaBon   •  Cloud  infrastructure  increases  spoliaBon  risk   •  Where  CSPs  use  3P  providers  –  greater  danger     Data  Integrity   •  Data  at  rest  –  MUST  be  free  from  corrupBon   •  How  to  ensure  NO  CHANGE  to  data  upon  hold?     Standard  CSP  agreements  do  NOT  account  for   possibility  of  ESI  preservaBon  by  default   ®  
  36. 36. Weather  Brewing  on  the  Horizon:     e-­‐Discovery  &  LiBgaBon    MUST  account  for  specific  CSP  model  and  viability  of   the  CSP  regarding  ability  to  comply  with  e-­‐discovery   and  liBgaBon  holds    DEMAND  accountability  for  handling  of  ESI   •  General  “cooperaBon”  clause   •  Acknowledge  compliance  with  liBgaBon  holds    STRONGLY  CONSIDER  a  separate  agreement   ®  
  37. 37. Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    Law  firm  use  of  CSPs  for  their  IT  needs  growing    ConsideraBons  are  more  delicate  for  law  firms  due  to   client  confidenBality  obligaBons,  privilege,  etc.    BoKom  line:  it  is  available,  but  is  it  ethical?   ®  
  38. 38. Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    Answer:    IT  DEPENDS    17  states  so  far:  Use  of  CSPs  for  storage  of  client  files  so  long   as  a  reasonable  standard  of  care  is  exercised,  BUT  differences:    Alabama,  Arizona,  California,  ConnecBcut,  Florida,  Iowa,  Maine,   MassachuseKs,  New  Hampshire,  New  Jersey,  Nevada,  New  York,  North   Carolina,  Oregon,  Pennsylvania,  Vermont  &  Virginia    BoKom  Line:        Use  DILIGENCE  and  COMPETENCE  exercising  reasonable  care    MUST  have  a  BASIC  understanding  of  the  technologies  used    Have  an  OBLIGATION  to  remain  current  on  the  technologies   ®  
  39. 39. Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    What  is  considered  a  “reasonable  standard  of  care”?     •  MUST  be  knowledgeable  about  CSP  handling  of  data     •  MUST  contract  with  CSP  to  preserve  confidenBality/security  of  data    Transposing  the  “reasonableness”  standard  from  “brick  &   mortar”  to  the  “cloud”  not  as  easy  as  you  may  think:   •  •  •  •  •  Security  –  client  confidenBality  requires  strong  contractual  protecBons   Backups  –  MUST  think  about  IaaS  infrastructure   Data  access  –  SLA  service  credit  should  NOT  be  sole  remedy   Portability  –  Transfer  of  data  in  event  of  terminaBon  crucial   Bankruptcy  of  CSP  –  how  to  account  for  possibility?   ®  
  40. 40. Weather  Brewing  on  the  Horizon:     Ethical  ConsideraBons  for  Lawyers    USE  COMMON  SENSE   •  Understand  how  the  CSP  will  handle  the  data   •  Don’t  be  afraid  to  ask  quesBons  –  arguably  have  a  duty  TO   ask  them!   •  Security  should  cover  both  soQware  capabiliBes  AND   physical  faciliBes    BoKom  Line:  LET’S  BE  CAREFUL  OUT  THERE!…   ®  
  41. 41. “Partly Sunny with a Chance of Rain”: Forecasting the Legal Issues in Cloud Computing   Q  &  A                                          Email:  tom.kulik@solidcounsel.com            LinkedIn:  hKp://www.linkedin.com/in/tkulik            TwiKer:  @LegaIntangibls            Google+:  hKp://gplus.to/TomKulik              Blog:  hKp://www.legalintangibles.com   ®  
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×