Information ownership in the cloud
7
Click here to load reader
-
Upload
cloud-legal-project -
Category
Technology
-
view
2.030 -
download
1
description
Slides for talk by Prof Chris Reed, Cloud Legal Project http://cloudlegalproject.org on who owns information in the cloud, at Cloud Computing: Legal, Organisational and Technological Issues conference, University of the West of England, on 23 February 2011, Bristol, UK.
Transcript of Information ownership in the cloud
Information Ownership in the Cloud
1
Chris ReedProfessor of Electronic Commerce Lawic
cl@
CC
LS
What is “Ownership”
• No physical property rights in informationBut customers may expect similar rights
• Three legal sources of ownershipIP rightsConfidentialityContract
• Customer/provider relationshipConfidentiality and contract are primary sourcesIP rights relevant to claims against third parties
• But need to be allocated in the customer/provider relationship
• All these are well-understood in normal computing usage
What is different about cloud computing?
• Provider makes processing technology and other information available to customer
Thus further information rights come into play• Provider• Third parties
• Copyright fragments ownership and creates uncertainty
Who owns information generated in the cloud?Particular problem of generation across jurisdictions
• Provider has ability to undertake data mining and produce metadata
Does customer have any rights to control exploitation?
Customer
Provider
Employee &Clientinformation
Licensedinformation
Licensedtechnology
Licensedinformation
Licensedtechnology
Billing data
Data mining
Customer owninformation
Metadata
Know how/Trade secret
Know how/Trade secret Processing
outputs
Customer
Provider
Employee &Clientinformation
Licensedinformation
Licensedtechnology
Licensedinformation
Licensedtechnology
Customer owninformation
Information inputs
Ownership of information inputs
•Ownership unchanged by placing in the cloudIP rights (mainly copyright/database) continue to subsist in software and dataThird party information and software
• Owned by providers• Use may be controlled by licence terms
•Service terms may modify thisProvider will require licence from customer to use information inputsProviders rarely ask for ownership rights in inputs
Customer
Provider
Billing data
Data mining
Metadata
Know how/Trade secret
Know how/Trade secret
Outputs and derived
informationProcessingoutputs
Information outputs
• IP rights uncertaintiesAuthorship
• Who? (customer/provider?)• Where?
Problem for database right
• Jurisdictional uncertaintiesIs the output created on the server?
• Differing national law approaches to IPRsFunctional/factual worksComputer-generated works
And which server was actually used?When is this a problem?
• Claims against third parties• Use by provider
Metadata – the great unknown
•Metadata is information about the customer’s use of the service
• Addition, deletion and generation of information• Use of software applications and databases
Generated by provider, thus IPRs owned by providerBut when relating to customer, metadata will be confidential
•Data miningProvider has ability to search customers’ information and extract further information from it
• Unless constrained by service termsGenerated by, and thus IPRs owned by, providerPotentially very valuable to third parties
Will metadata generation infringe customer’s rights?
•IP rightsLocation of copying/extraction determines applicable rightsTerms of provider’s licence to use customer information
•Confidential informationPrimary duty is to preserve confidentiality
• Aggregation and anonymisation can reduce this risk• But note development of reidentification technology
Secondary duty not to take unfair advantage of the information?
Customer concerns
•Secret use of “my” information•Risk of confidentiality breach
Carelessly including identifying informationCustomer identity can be deduced from metadata or mined data
•Revenue sharingProvider uses customer’s assets to make profits for itself
• Customer will want to share• But revenue from this may be implicitly included in cost
of service
Resolving the ownership conundrum
•All these issues can be addressed by appropriate service terms
But do current service terms even recognise the issues exist?If so, are they dealt with appropriately?Do customers have other expectations which need to be catered for?Effects of consumer protection law on service terms?
The limitations of service terms
•Little scope for individual negotiationProvider needs all users to be on same deal as to information ownership
•Hidden partiesOutsourcing and reselling of cloud capacity
•Differing national law effectsBut clouds transcend geography
A governance model
•Window of opportunity for cloud providers to establish a governance forum
Identify best practices for issues such as information ownershipLeading to coherent and consistent service terms across multiple cloud services
•Might be sufficient to forestall hasty national legislation
History tells us that first generation regulation of cyberspace is usually a failure!
