Transcript
Page 1: Cloud computing legal issues

ISACA 2012

www.cyberlawconsulting.com

Page 2: Cloud computing legal issues

www.cyberlawconsulting.com

Page 3: Cloud computing legal issues

Legal Issues in Cloud ComputingLiability

Law

Data PortabilityCopyright

Compliance

www.cyberlawconsulting.com

Page 4: Cloud computing legal issues

Why Cloud Computing • Cloud Computing services offer low barrier to entry and easy scaling possibilities.

• Easy “click-wrap agreements”

• Agility/ Flexibility of Technology

• Always ON – ubiquitous

• Real Time Information and Immediate feedback

www.cyberlawconsulting.com

Page 5: Cloud computing legal issues

Compliance of Cloud Computing• Auditing requirements Many contracts impose auditing possibilities that include physical inspection how can these auditing

requirements be complied with when geographically decentralized cloud services are used?

• Applicable Law & Competent court If outside own country, any litigation can become

prohibitively expensive . .• What happens in case of bankruptcy of the cloud computing service provider?

www.cyberlawconsulting.com

Page 6: Cloud computing legal issues

Compliance as per The IT Rules, 2011 • The intermediary shall observe following due diligence while

discharging his duties, namely : ―• (1) The intermediary shall publish the rules and regulations,

privacy policy and user agreement for access or usage of the intermediary’s computer resource by any person.

• (2) Such rules and regulations, terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, modify, publish, transmit, update or share any information that ….

• If such hosting reported action to be taken in 36 hours

• FACTS : Drop Box , Rapid Share, Gmail Storage contains infinite pornography, pirated s/w , songs etc

www.cyberlawconsulting.com

Page 7: Cloud computing legal issues

Law for Cloud Computing Service• Cloud computing service providers are intermediary

as per The IT Act, 2000• S2(1)(w) "Intermediary" with respect to any

particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes;

www.cyberlawconsulting.com

Page 8: Cloud computing legal issues

Indemnity Issues in Cloud ComputingWe and our licensors shall not be responsible for

any service interruptions, including, withoutlimitation, power outages, system failures or other

interruptions, including those that affect the receipt,processing, acceptance, completion or settlement of

any payment services. (...)

Neither we nor any of our licensors shall be liable toyou for any direct, indirect, incidental, special,

consequential or exemplary damages, including,but not limited to, damages for loss of profits,

goodwill, use, data or other losses (...)Who will indemnify the Customer or the user ?

Page 9: Cloud computing legal issues

Agreement Clauses in Cloud Service

• ”You are utilizing a shared disk model and we cannot RISK the chance your third party may interfere with other clients using the same platform”.

• What happens to risk mitigation ?

www.cyberlawconsulting.com

Page 10: Cloud computing legal issues

Legal Liability of Cloud Providers• Including India many jurisdictions, cloud providers can

be held liable for the illegal data they may be hosting

Escape Routes• no liability for services that “consist of” the storage of electronic

information under the condition that the provider has No knowledge or awareness of illegal nature.

• ..and removes or blocks illegal data when it does gain knowledge or become aware of illegal nature• Liability protection does not prevent so-called injunctions, which can be as costly and timeconsuming

www.cyberlawconsulting.com

Page 11: Cloud computing legal issues

Loss Of Location in Cloud Computing

• With Indian Investigation agencies, Loss of location is likely to cripple cybercrime investigations at a very early stage.

• The Budapest Convention on Cybercrime already features a legal principle which overrules location as a legal connecting factor: Consent. Article 32 of the Budapest Convention states:

• Article 32 – Trans-border access to stored computer data with consent or where publicly available

• India not a Signatory to Convention on Cybercrime

www.cyberlawconsulting.com

Page 12: Cloud computing legal issues

Letter rogatory an option

• The Interpol can take necessary follow up steps for this the local police issues letters rogatory under the provisions of Section 166 A Cr PC.

www.cyberlawconsulting.com

Page 13: Cloud computing legal issues

Data Portability on Cloud• Who is really managing my company’s sensitive

information? • What are their internal security practices? How

well do they handle incident response? • How reliable is the infrastructure that provides

the service? • Are they prone to service outages? • How can my service provider recover my cloud

stuff?• What is H/W & S/W Portability of my DATA ?

www.cyberlawconsulting.com

Page 14: Cloud computing legal issues

Copyright Issues for Data on Cloud

• Cloud storage as offered by Box.net and other providers like Dropbox do offer some of the features of file sharing that a recent court ruling found illegal.

• RIAA v/s LimeWire.(Recording Industry Association of America)• RIAA?? which took NAPSTER DOWN)

www.cyberlawconsulting.com

Page 15: Cloud computing legal issues

www.cyberlawconsulting.com

Page 16: Cloud computing legal issues

www.cyberlawconsulting.com

Page 17: Cloud computing legal issues

[email protected] : 09821763157 www.facebook.com/cyberlawconsultant

www.cyberlawconsulting.com

Thank You


Top Related