Believe it or not, the greatest challenge facing cloud computing is only tangentially related to security. I’m talking, of course, about the law. Governmental institutions and lawmakers have proven time and again that they’re woefully behind the times, confused about just what cloud computing is – and what it entails.
It’s a complicated problem, and there’s no easy solution. Our society’s never seen anything like the cloud; our legal system has never had to change with the sort of rapidity demanded by modern technology. We’ve been playing catch-up for well over a decade, and that seems unlikely to change soon.
The problem is threefold.
First, there’s the fact that – compared to the rate at which new technology is developed and redesigned – regulatory agencies move painstakingly slowly. By the time they’ve addressed one group of legal issues, a whole new gallery has cropped up. Today, we see governments wrestling with the issues of privacy and data ownership, but tomorrow there’ll be some new issue they can’t quite wrap their heads around.
Second is that cloud computing (along with the Internet) is essentially a global technology. It knows no physical or political borders; a cloud in India will be at its core the same as a cloud in Florida. What this means is that, depending on where cloud data is stored, it’ll be subject to a set of completely different rules and regulations than those its owner is familiar with.
This is an issue that’s existed since the birth of the Internet, and it’s not going away anytime soon. If anything, we might eventually see the Internet – and by association, the cloud – fracture into a loose coalition of regional networks.
The cloud doesn’t just stretch across political borders, either. It breaks down legal ones, too. Although we admittedly have made strides in recent years, the collection of laws related to cloud computing are nevertheless still a confusing quagmire, one which not even the Justices of the Supreme Court seem capable of slogging through. Nowhere is this clearer than in two decisions the court made late this June:
On the one hand, the legal institution decided that cloud computing has brought about a paradigm shift in privacy law; in the Riley case, the court determined that police officers could not search through the contents of an arrestees cell phone without a warrant. In nearly the same breath, the Court also determined in the Aereo copyright case that the cloud was not a paradigm-shifting technology. In that particular case, Aereo’s service – which allows subscribers to watch free broadcast TV through remotely-stored content – was determined to be sufficiently similar to modern cable technology that it violated copyright law (they did not, however, explain how or why).
Two very similar cases saw two very different outcomes; the legal landscape surrounding cloud computing is confusing enough that not even one of the highest legal authorities in the country can navigate it effectively. In the latter case, it’s likely that Congress had something to do with the court’s decision – there were already laws governing cable and copyright; no such laws existed in the case of cell phone privacy. Outdated or no, those laws contributed significantly to the court’s ruling.
All right, enough doom and gloom. It’s fairly clear that cloud computing law isn’t exactly ideal right now. But what can we do to fix it?
How can we make it so that the law is no longer a barrier for cloud adoption?
The first step, I think, is to trash traditional patent law – at least where the web is concerned. If the recent slew of patent trolls that have been crawling out of the woodwork lately is any indication, our current system of software patents simply isn’t working. Rather than protecting content creators, patents are being used as a legal bludgeon for the competition; rather than encouraging innovators to develop new products, copyright law is effectively stymieing innovation. This needs to change – preferably as soon as possible.
Next, regulatory agencies need to start getting their act together, and make an effort to understand emerging technology. Far too many government officials are completely ignorant of how innovations such as the Internet and the cloud actually work; that SOPA came near as it did to succeeding should be a clear indication of this unpleasant truth. If this “old guard” school of lawmakers is unwilling (or unable) to adapt, then perhaps it’s time for new blood; time for some new faces.
Finally, once we’ve sorted out our internal issues, we can then turn our eyes to the global stage. It goes without saying that there needs to be some form of global standard for the cloud. Organizations such as IEEE are making a concerted push to make these standards a reality. Your own business should contribute to this push in whatever way it can – up to and including joining.
One of the greatest challenges facing cloud adoption is the oft-confusing legal landscape surrounding the cloud. Government and regulatory agencies are more often than not behind the times – and this needs to change. It’s high time organizations started taking their governments to task, otherwise, this problem isn’t going to be going away anytime soon.