Cloud computing legal issues


Published on

legal issues in cloud computing,cloud computing and law,cyberlaw and cloud computing in india,prashant mali,cloud computing issues,cloud computing security

Published in: Technology, Business
  • Be the first to comment

Cloud computing legal issues

  1. 1. ISACA
  2. 2.
  3. 3. Legal Issues in Cloud Computing Liability LawCompliance Copyright Data Portability
  4. 4. Why Cloud Computing• Cloud Computing services offer lowbarrier to entry and easy scalingpossibilities.• Easy “click-wrap agreements”• Agility/ Flexibility of Technology• Always ON – ubiquitous• Real Time Information and Immediatefeedback
  5. 5. Compliance of Cloud Computing• Auditing requirements Many contracts impose auditing possibilities that include physical inspection how can these auditing requirements be complied with when geographically decentralized cloud services are used?• Applicable Law & Competent court If outside own country, any litigation can become prohibitively expensive . .• What happens in case of bankruptcy of the cloud computing service provider?
  6. 6. Compliance as per The IT Rules, 2011• The intermediary shall observe following due diligence while discharging his duties, namely : ―• (1) The intermediary shall publish the rules and regulations, privacy policy and user agreement for access or usage of the intermediary’s computer resource by any person.• (2) Such rules and regulations, terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, modify, publish, transmit, update or share any information that ….• If such hosting reported action to be taken in 36 hours• FACTS : Drop Box , Rapid Share, Gmail Storage contains infinite pornography, pirated s/w , songs etc
  7. 7. Law for Cloud Computing Service• Cloud computing service providers are intermediary as per The IT Act, 2000• S2(1)(w) "Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes;
  8. 8. Indemnity Issues in Cloud Computing We and our licensors shall not be responsible for any service interruptions, including, without limitation, power outages, system failures or other interruptions, including those that affect the receipt, processing, acceptance, completion or settlement of any payment services. (...)Neither we nor any of our licensors shall be liable to you for any direct, indirect, incidental, special, consequential or exemplary damages, including, but not limited to, damages for loss of profits, goodwill, use, data or other losses (...)Who will indemnify the Customer or the user ?
  9. 9. Agreement Clauses in Cloud Service• ”You are utilizing a shared disk model and we cannot RISK the chance your third party may interfere with other clients using the same platform”.• What happens to risk mitigation ?
  10. 10. Legal Liability of Cloud Providers• Including India many jurisdictions, cloud providers can be held liable for the illegal data they may be hostingEscape Routes• no liability for services that “consist of” the storage of electronic information under the condition that the provider has No knowledge or awareness of illegal nature.• ..and removes or blocks illegal data when it does gain knowledge or become aware of illegal nature• Liability protection does not prevent so-called injunctions, which can be as costly and timeconsuming
  11. 11. Loss Of Location in Cloud Computing• With Indian Investigation agencies, Loss of location is likely to cripple cybercrime investigations at a very early stage.• The Budapest Convention on Cybercrime already features a legal principle which overrules location as a legal connecting factor: Consent. Article 32 of the Budapest Convention states:• Article 32 – Trans-border access to stored computer data with consent or where publicly available• India not a Signatory to Convention on Cybercrime
  12. 12. Letter rogatory an option• The Interpol can take necessary follow up steps for this the local police issues letters rogatory under the provisions of Section 166 A Cr PC.
  13. 13. Data Portability on Cloud• Who is really managing my company’s sensitive information?• What are their internal security practices? How well do they handle incident response?• How reliable is the infrastructure that provides the service?• Are they prone to service outages?• How can my service provider recover my cloud stuff?• What is H/W & S/W Portability of my DATA ?
  14. 14. Copyright Issues for Data on Cloud• Cloud storage as offered by and other providers like Dropbox do offer some of the features of file sharing that a recent court ruling found illegal.• RIAA v/s LimeWire.(Recording Industry Association of America)• RIAA?? which took NAPSTER DOWN)
  15. 15.
  16. 16.
  17. 17. Thank Youprashant.mali@cyberlawconsulting.comMobile : 09821763157