[Year 12 SofDev] cloud computing

Christophersen, Paula P christophersen.paula.p at edumail.vic.gov.au
Fri Mar 23 14:23:09 EST 2012


Dear colleagues

This came across my desk today - interesting.
In the cloud, your data can get caught up in legal actions
Legitimate users of Megaupload's service have learned this lesson the hard way
By Thomas J. Trappler
March 20, 2012 10:58 AM ET
Computerworld - We all know that the data we rely on to run our businesses can be subject to subpoena and other government actions. Such actions create additional risks when that data is in the cloud<http://www.computerworld.com/s/topic/158/Cloud+Computing>.
With cloud computing, data from multiple customers is typically commingled on the same servers. That means that legal action taken against another customer that is completely unrelated to your business could have a ripple effect. Your data could become unavailable to you just because it was being stored on the same server as data belonging to someone else that was subject to some legal action. For example, a search warrant issued for the data of another customer could result in your data being seized as well.
The news earlier this year about Megaupload<http://www.computerworld.com/s/article/9223557/Feds_charge_7_in_massive_case_against_Megaupload_online_piracy_ring>, a cloud file storage and viewing service, provides a real, if extreme, example of how a customer could lose access to its data in the cloud. The federal indictments against the individuals behind Megaupload<http://www.justice.gov/opa/pr/2012/January/12-crm-074.html> on multiple charges, including racketeering and criminal copyright infringement, resulted in law enforcement agencies seizing more than $50 million of Megaupload's assets. These actions were intended to stop any nefarious activities and collect evidence to be used in the case against Megaupload.
The catch is that a lot of people were using Megaupload for legitimate purposes<https://www.eff.org/cases/megaupload-data-seizure>. When the government took action against the alleged bad guys, those legitimate users also lost access to their data. It's a textbook example of how technology continues to outpace the law's ability to address the new questions that arise with cloud computing. For example, who is responsible for returning data to legitimate users?
With Megaupload essentially shut down, legitimate users couldn't retrieve their data directly<http://www.computerworld.com/s/article/9223856/Megaupload_user_content_safe_for_two_more_weeks> as in the past. The government wouldn't release any data while it temporarily had custody of it to gather evidence, and when it was finished with that, it didn't want responsibility for sorting and returning data. Instead, it directed legitimate users to the two infrastructure-as-a-service providers used by Megaupload. The IaaS providers claimed that they had provided only raw infrastructure and never had access to customer data, and so they pointed customers full circle back to Megaupload. The Electronic Frontier Foundation<https://www.eff.org/> has now stepped in to help sort out this mess<https://www.eff.org/cases/megaupload-data-seizure>.
How could a legitimate Megaupload customer have avoided getting caught up in this? Thoroughly vetting a cloud provider's background and business practices before using its service would be a good first step in most cases. Additionally, you could ensure that your contract obligates the cloud provider to effectively partition customer data. That way, there's at least a chance that law enforcement could seize a bad guy's data without touching yours.
Other columns by Thomas Trappler
*         In the cloud, your data can get caught up in legal actions </s/article/9225340/In_the_cloud_your_data_can_get_caught_up_in_legal_actions_?source=toc>
*         In the cloud, a data breach is only as bad as your contract</s/article/9224317/In_the_cloud_a_data_breach_is_only_as_bad_as_your_contract?source=toc>
*         When your data's in the cloud, is it still your data?</s/article/9223479/When_your_data_s_in_the_cloud_is_it_still_your_data_?source=toc>
*         Cloud adviser: Where's your data?</s/article/9222627/Cloud_adviser_Where_s_your_data_?source=toc>
*         Making sure your cloud provider can protect your data as promised</s/article/9222057/Making_sure_your_cloud_provider_can_protect_your_data_as_promised?source=toc>
*         Where there are clouds, there's lightning (and other cloud disaster tips)</s/article/9221326/Where_there_are_clouds_there_s_lightning_and_other_cloud_disaster_tips_?source=toc>
*         Why physical security matters, even in the cloud</s/article/358043/Why_physical_security_matters_even_in_the_cloud?source=toc>
*         The Cloud Contract Adviser: Making sure your information is secure</s/article/9217604/The_Cloud_Contract_Adviser_Making_sure_your_information_is_secure?source=toc>
*         The Cloud Contract Adviser: Know your provider's infrastructure</s/article/9216786/The_Cloud_Contract_Adviser_Know_your_provider_s_infrastructure?source=toc>
*         The Cloud Contract Adviser: Service-level agreements</s/article/9216037/The_Cloud_Contract_Adviser_Service_level_agreements?source=toc>

Paula Christophersen
ICT Curriculum Manager
Victorian Curriculum and Assessment
Authority
(03) 9651 4378


Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Early Childhood Development.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/sofdev/attachments/20120323/8798c5ac/attachment.html 


More information about the sofdev mailing list