Tag Archives: cloud

Proposed “Cloud Computing Act of 2012”

Sen. Amy Klobuchar has introduced a new bill, the “Cloud Computing Act of 2012” (S.3569), that purports to “improve the enforcement of criminal and civil law with respect to cloud computing.”

The Cloud Computing Act seeks to amend 18 USC 1030 by purporting:

  • It is a separate offense to have unauthorized access (including exceeding the authorized access) to a cloud computing account, or even conspiring to have unauthorized access.
  • Defining “cloud computing account” as “information stored on a cloud computing service that requires a password or similar information to access and is attributable to an individual”
  • Defining “cloud computing service” as a service that “enables convenient, on-demand network access to a shared pool of configurable computing resources (including networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or interaction by the provider of the service.”
  • The losses are (1) the value of the loss of use, information, or aggregated loss to 1 or more persons; or (2) the product obtained by multiplying the number of cloud computing accounts accessed by $500.”

As a reminder, 18 USC 1030, a person who acts or conspires to act in violation of the Act is to be

  • (1) fined or imprisoned for not more than 10 years or both, when the conviction does not occur after another offense under the section; or
  • (2) fined or imprisoned for not more than 20 years or both, when the conviction occurs after another offense

 

The problems with this proposed bill are alarming due to the vagueness of the definitions.  In employment, I can see this Act (if it goes through) being used against employees.

For example, say if your authorized access is limited to “work” use.  If an employee uses the computer network to go to a social network, how would this pan out?  The employee, in this case, uses a password to get into the network of the employer.

Or say that authorized access is limited to using email for work purposes only.  What if the employee sends a personal email or an email to an attorney using the work email?  The email account is, after all, protected by a password and it is in the alleged protected network of the employer.

Or say that authorized access is limited to accessing the email at work.  Yet, the employee and other employees, and say even management, use their smartphones to keep up with work.

I can see potential issues in employment law, where the situation does not arise out of the purported intent of the Act.  None of these cases involve a person getting into a network or service to steal information.  None of these cases involve a disgruntled employee accessing information they are not supposed to have access to.

It is my guess that if the Act gets through, there will be a need for a lot of updates on employee policies, manuals, and trainings.

3 Comments

Filed under Pending Legislation, technology

Criminal liability for illegal content stored in the cloud

A verdict against Megaupload in the US would mean other cloud storage providers can be held criminally liable for illegal content stored by customers on their networks, a lawyer representing the shuttered file-sharing site said.

Prosecutors in the US have accused Megaupload and seven people associated with the company, including founder Kim Dotcom, of copyright infringement, aiding and abetting copyright infringement, wire fraud and money laundering. The US has started proceedings to extradite them from New Zealand to the US, where they hope to put the company on trial.

It would be the first time a provider of cloud storage services had been charged with criminal copyright infringement in the US, said lawyer Ira Rothken, who will represent Megaupload if the case comes to trial.

The cases against the music file-sharing services Grokster and Napster were both civil cases, meaning they were brought by aggrieved parties, such as the record companies, as opposed to the state. Civil cases generally require a lower burden of proof, making them easier to prove.

via Megaupload lawyer says case could affect other storage services | Computerworld New Zealand.

Leave a comment

Filed under Uncategorized

Clouding The Issue

New rules could complicate firms’ use of online data storage

For lawyers struggling to cut costs and boost efficiency, Internet-based data storage and client service has been a popular alternative. But those who have their heads in the clouds when it comes to client confidentiality concerns may get a wake-up call by the American Bar Association.

The ABA’s Commission on Ethics 20/20 has issued proposed changes to the Model Rules of Professional Conduct designed to remind lawyers of the need to safeguard client confidentiality when engaging in “cloud computing,” a phrase that refers to storing, managing and processing data on remote Internet servers rather than on a personal computer.

Continue reading

Leave a comment

Filed under electronic discovery