consumer drawbacks of cloud-delivered content privacy, reliability, security issues jim burger dow...
TRANSCRIPT
Consumer Drawbacks of Cloud-Delivered Content
Privacy, Reliability, Security Issues
Jim BurgerDow Lohnes
PLLC
2
Introduction
• Contractual Issues: Privacy, Reliability, Security
• Cloud-Based Services and the Fourth Amendment
• Copyright Issues in Cloud Computing – New Developments
3
Contractual Issues: State Law
• Where is data physically stored/processed?
• What state law controls? E.g., CA law provides more privacy protection
• Where are your customers? E.g., EU e-Privacy Directive (US-EU Safe Harbor Framework)
4
Contractual Issues: Privacy/Reliability Terms
• PrivacyWhat are the cloud provider’s obligations
to ensure privacy of customer data?What terms apply to third party access
(e.g., notice)?
• Reliability (SLA)What are acceptable service levels?Will the cloud provider have alternative
services during scheduled downtime or provide compensatory “credit?”
5
Contractual Issues: Security/Exit Terms
• Security/RiskObligations to ensure security of customer
data?Provider comply with national or industry
standards for data security?Allocation of breach risk?Cloud provider have cyber insurance?
• ExitExit scenario?Provider obligations to find/transition to
alternate provider?
6
Contractual Issues – 2011 Developments
• Live up to security or privacy promises or risk litigation or FTC action.
• Dropbox facing two class actions alleging it failed to follow its own privacy and security policies.
• FTC increasingly active. Recent settlements with Twitter, Facebook, and Google for allegedly deceptive data and/or privacy policies.
7
Cloud-Based Services and the Fourth Amendment
• Consumer expectation of privacy in the cloud?
• Physical world – Constitution says: people should be secure from unreasonable search – need a judge to issue a warrant for your home PC
• Judges confused in the digital world• But ECPA allows mere subpoena to
cloud provider to access confidential information
8
United States v. Warshak
• 6th Circuit Federal Court of Appeals declared warrantless search of email servers unconstitutional
• “…subscriber enjoys a reasonable expectation of privacy in the contents of emails that are stored with, or sent or received through, a commercial ISP”
• Subscriber agreement didn’t defeat that expectation when it stated that the ISP would only access content to protect its own service.
• But what about documents or pro-subpoena subscriber agreements?
9
Copyright Issues in Cloud Computing:Storage of User Material in Cloud-Based “Lockers
• Capitol Records, Inc (EMI) v. MP3tunes: Modest victory for locker/cloud providers
• Three important issues addressed: DMCA safe harbor, public performance right, and secondary infringement
• MP3tunes provided a service allowing users to search for free MP3s and “side load” these into their lockers. EMI claimed contributory/vicarious infringement. MP3tunes claimed DMCA safe harbor
10
Copyright Issues in Cloud Computing
• Viacom v. Youtube and Veoh held locker providers must take down infringing content only when provided with specific URLs or ‘red flags’
• MP3tunes held provider still has no obligation to investigate general allegations of infringement; high bar remains for red flag
• But provider obligated to take down material traceable to specific URLs
• MP3tunes held not to have “red flag” knowledge
11
Copyright Issues in Cloud Computing
• Cartoon Network, et al. v. CSC Holdings, Inc. (Cablevision): public performance right not infringed when provider maintained separate copies of files stored by each user. No redundant files “deduplification,” so no performance to the public
• Inefficient use of server space for locker providers• MP3tunes: Deleting redundant data not same as using a
“master copy;” does not infringe public performance right as long as copy played back to user is exactly same as that uploaded by the user
• Favorable holding, but inconsistent logic. How is deleting redundant data any different from deduplifying?
12
Copyright Issues in Cloud Computing
• MP3tunes out of safe harbor because failed to meet obligation to remove files in user lockers traceable to EMI-provided URLs
• MP3tunes committed contributory infringement because it knew of these files and contributed materially to users’ infringement by failing to terminate infringers’ accounts
• Providers should be vigilant about terminating accounts with such users