Tag Archives: cloud computing

Proposed “Cloud Computing Act of 2012”

Sen. Amy Klobuchar has introduced a new bill, the “Cloud Computing Act of 2012” (S.3569), that purports to “improve the enforcement of criminal and civil law with respect to cloud computing.”

The Cloud Computing Act seeks to amend 18 USC 1030 by purporting:

  • It is a separate offense to have unauthorized access (including exceeding the authorized access) to a cloud computing account, or even conspiring to have unauthorized access.
  • Defining “cloud computing account” as “information stored on a cloud computing service that requires a password or similar information to access and is attributable to an individual”
  • Defining “cloud computing service” as a service that “enables convenient, on-demand network access to a shared pool of configurable computing resources (including networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or interaction by the provider of the service.”
  • The losses are (1) the value of the loss of use, information, or aggregated loss to 1 or more persons; or (2) the product obtained by multiplying the number of cloud computing accounts accessed by $500.”

As a reminder, 18 USC 1030, a person who acts or conspires to act in violation of the Act is to be

  • (1) fined or imprisoned for not more than 10 years or both, when the conviction does not occur after another offense under the section; or
  • (2) fined or imprisoned for not more than 20 years or both, when the conviction occurs after another offense

 

The problems with this proposed bill are alarming due to the vagueness of the definitions.  In employment, I can see this Act (if it goes through) being used against employees.

For example, say if your authorized access is limited to “work” use.  If an employee uses the computer network to go to a social network, how would this pan out?  The employee, in this case, uses a password to get into the network of the employer.

Or say that authorized access is limited to using email for work purposes only.  What if the employee sends a personal email or an email to an attorney using the work email?  The email account is, after all, protected by a password and it is in the alleged protected network of the employer.

Or say that authorized access is limited to accessing the email at work.  Yet, the employee and other employees, and say even management, use their smartphones to keep up with work.

I can see potential issues in employment law, where the situation does not arise out of the purported intent of the Act.  None of these cases involve a person getting into a network or service to steal information.  None of these cases involve a disgruntled employee accessing information they are not supposed to have access to.

It is my guess that if the Act gets through, there will be a need for a lot of updates on employee policies, manuals, and trainings.

3 Comments

Filed under Pending Legislation, technology

Ethics and Cloud Computing

I came across this post regarding ethics and the use of cloud computing by attorneys.  The post is as follows:

The Massachusetts Bar Association has issued an ethics opinion concluding that lawyers may use cloud services to store and synchronize digital files containing client information, provided the lawyer takes reasonable measures to ensure that the service’s terms of use and data-privacy policies are compatible with the lawyer’s professional obligations. However, lawyers should not use cloud services for clients who expressly request that their documents not be stored online and lawyers should not store “particularly sensitive” information in the cloud without first obtaining the client’s express consent, the opinion says.

MBA Ethics Opinion 12-03 was drafted by the MBA’s Committee on Professional Ethics and approved by the association’s House of Delegates on May 17, 2012. The MBA is not the official lawyer-discipline board in the state, so its ethics opinions are advisory only.

Even so, the MBA’s opinion adds to the growing and unanimous list of lawyer-ethics panels that have concluded that lawyers may ethically use cloud applications and services, provided they take reasonable precautions to protect the confidentiality and security of the data. (See our earlier post: Two New Legal Ethics Opinions Suggest Clear Skies Ahead for Cloud Computing.)

This brings to 11 the number of states that have ruled on the ethics of cloud computing. In addition to Mass., the other opinions are:

Notably, all of these states agree that the use of cloud computing is ethical.

via Mass. Joins Other States in Ruling that Cloud Computing is Ethical for Lawyers.

Leave a comment

Filed under attorneys, courts