Consumer Drawbacks of Cloud-Delivered Content

Privacy, Reliability, Security Issues

Jim BurgerDow Lohnes

PLLC

2

Introduction

• Contractual Issues: Privacy, Reliability, Security

• Cloud-Based Services and the Fourth Amendment

• Copyright Issues in Cloud Computing – New Developments

3

Contractual Issues: State Law

• Where is data physically stored/processed?

• What state law controls? E.g., CA law provides more privacy protection

• Where are your customers? E.g., EU e-Privacy Directive (US-EU Safe Harbor Framework)

4

Contractual Issues: Privacy/Reliability Terms

• PrivacyWhat are the cloud provider’s obligations

to ensure privacy of customer data?What terms apply to third party access

(e.g., notice)?

• Reliability (SLA)What are acceptable service levels?Will the cloud provider have alternative

services during scheduled downtime or provide compensatory “credit?”

5

Contractual Issues: Security/Exit Terms

• Security/RiskObligations to ensure security of customer

data?Provider comply with national or industry

standards for data security?Allocation of breach risk?Cloud provider have cyber insurance?

• ExitExit scenario?Provider obligations to find/transition to

alternate provider?

6

Contractual Issues – 2011 Developments

• Live up to security or privacy promises or risk litigation or FTC action.

• Dropbox facing two class actions alleging it failed to follow its own privacy and security policies.

• FTC increasingly active. Recent settlements with Twitter, Facebook, and Google for allegedly deceptive data and/or privacy policies.

7

Cloud-Based Services and the Fourth Amendment

• Consumer expectation of privacy in the cloud?

• Physical world – Constitution says: people should be secure from unreasonable search – need a judge to issue a warrant for your home PC

• Judges confused in the digital world• But ECPA allows mere subpoena to

cloud provider to access confidential information

8

United States v. Warshak

• 6th Circuit Federal Court of Appeals declared warrantless search of email servers unconstitutional

• “…subscriber enjoys a reasonable expectation of privacy in the contents of emails that are stored with, or sent or received through, a commercial ISP”

• Subscriber agreement didn’t defeat that expectation when it stated that the ISP would only access content to protect its own service.

• But what about documents or pro-subpoena subscriber agreements?

9

Copyright Issues in Cloud Computing:Storage of User Material in Cloud-Based “Lockers

• Capitol Records, Inc (EMI) v. MP3tunes: Modest victory for locker/cloud providers

• Three important issues addressed: DMCA safe harbor, public performance right, and secondary infringement

• MP3tunes provided a service allowing users to search for free MP3s and “side load” these into their lockers. EMI claimed contributory/vicarious infringement. MP3tunes claimed DMCA safe harbor

10

Copyright Issues in Cloud Computing

• Viacom v. Youtube and Veoh held locker providers must take down infringing content only when provided with specific URLs or ‘red flags’

• MP3tunes held provider still has no obligation to investigate general allegations of infringement; high bar remains for red flag

• But provider obligated to take down material traceable to specific URLs

• MP3tunes held not to have “red flag” knowledge

11

Copyright Issues in Cloud Computing

• Cartoon Network, et al. v. CSC Holdings, Inc. (Cablevision): public performance right not infringed when provider maintained separate copies of files stored by each user. No redundant files “deduplification,” so no performance to the public

• Inefficient use of server space for locker providers• MP3tunes: Deleting redundant data not same as using a

“master copy;” does not infringe public performance right as long as copy played back to user is exactly same as that uploaded by the user

• Favorable holding, but inconsistent logic. How is deleting redundant data any different from deduplifying?

12

Copyright Issues in Cloud Computing

• MP3tunes out of safe harbor because failed to meet obligation to remove files in user lockers traceable to EMI-provided URLs

• MP3tunes committed contributory infringement because it knew of these files and contributed materially to users’ infringement by failing to terminate infringers’ accounts

• Providers should be vigilant about terminating accounts with such users

13

Conclusion

• Hopefully sunrise for providing consumers cloud computing services

• But potential legal pitfalls remain

Thank you,Jim Burger