The age of the personal hard drive is ending, and the shared clouds are rising. What does this mean for your data security?
If you save information onto a personal hard drive or data key, there are no ambiguities about that data’s ownership or restrictions on its storage. However, the nature of cloud storage involves a very different scenario. Because remote server space is being rented to you, your data is effectively under the governance of the hosting client – itself bound by the laws of its home nation and every country it trades in. All of this raises a number of interesting (and as yet unresolved) questions about competing rights over cloud-hosted data.
A Crackdown on Cloud Servers
Earlier this year, the Chinese government ruled that indigenously hosted cloud storage fell within its “territory”, before declaring supremacy over this content and its future regulation. While presented to the public as an anti-pornography move (huge amounts of porn have historically been stored on Chinese cloud servers), the subsequent crackdown saw cloud services closed en masse, and vast databases of user information being permanently deleted. From a country that had already banned Dropbox, Google Drive and iTunes, the closure of these services was perhaps unsurprising. However, it clearly illustrates the unresolved tensions between cloud storage services and the states that accommodate their servers.
Copyrighting the Cloud?
In democratic nations, cloud-hosted data is governed by the overlapping regulations of contract, copyright and confidentiality. Yet given the unresponsiveness of legal systems and the pre-cloud origins of most copyright law, it’s unsurprising that legislature offers little definitive guidance on cloud storage. Since many cloud-hosted services are based in America, the Digital Millennium Copyright Act of 1998 and the Electronic Communications Privacy Act are commonly referenced despite their obvious inadequacies. Individual states also have differing legal regimes, yet even Massachusetts’ detailed regulations are ambiguous about the relative rights of users, hosting providers, and governing bodies. The UK’s Data Protection Act stipulates that client confidentiality must be preserved, yet the Law Society informs its own members that disclosure of cloud-hosted data may be required by law. Those two statements are clearly incompatible, especially as “required by law” is open to interpretation.
Who Is Top Dog? Client, Cloud Provider or State?
Although cloud-hosted information is ultimately bound by the laws of the state where that data is held, this could become highly complex if information happens to be mirrored in a foreign data centre. Judicial conflicts could also arise if the hosting provider is based overseas and bound by (potentially conflicting) laws to the ones governing foreign data centres. Until the law on cloud storage is unambiguously clarified by each nation state, hosting providers should offer customers a clearly-worded contract based on current legal precedent. Preferably written with guidance from legal experts, this should cover everything from regulatory compliance through to security standards. This way, consumers and small businesses will know exactly what can (and can’t) happen to their data when it’s hosted on the cloud.