Cloud Computing Regulations and Law - Term Paper Example

Cloud Computing Regulations and Law Increased use of cloud computing has led to a need for its regulation by US federal government. Some of the concerns that have arisen include data security issues and data breach issues. Major cloud computing privacy concerns includes forced government disclosure, the retention of data, its transfer, and access. Also included is the location of the data in terms of the server’s physical location and its accessibility. In order to cope with the above concerns of cloud computing the federal government as well as the state government have seen the need to come up with laws and regulations that govern the use of cloud computing. The laws attempt to regulate how a cloud provider protects a clients' data, as well as ensure the customer follows the required steps when storing information in the cloud. The legislations also attempt to take into account whether the cloud providers must give notice if there is a security breach. This paper attempts to describe the laws or regulations that the US government has put in place, their impact on the cloud computing industry and future actions to be taken to improve on the laws (Jay et al.). Electronic Communications Privacy Act (ECPA) This act was passed in 1986. The Act was written to protect account holders who were using third-party service providers, to receive and send communication. Other methods included outsourcing computing tasks such as processing and storing enormous amounts of data. Under this act, searches and seizures on electronic cloud network are also covered. This part of the law is known as the Stored Communication Act (SCA).Types of network service providers according to SCA include the electronic communications service (ECS) and the remote computing service(RCS). ECS considered a server that provides users with the ability to receive or send electronic communications whereas RCS is the provision to the public of computer or processing server by means of electronic communication service. Under the Act, the government can have the authority to compel a provider to reveal information through a search warrant, if the communication has been held by an ECS less than 181 days. However, if the ECS has kept the information for more than 181 days, disclosure of the said information can be obtained by a court order, a warrant, or administrative subpoena. In addition, communication in an RCS can be compelled by a court order, warrant or administrative subpoena without taking the duration into consideration. ECPA may give an answer for emails intended to be a communication between parties. The problem is how to take into account a document the user does not expect to share with someone but wants to store it in the cloud in order to create room for his computer; or access the data from another machine. According to the department of justice, the ECPA is well positioned to address such issues. Google does not agree, purporting that cloud computing is an ECS requiring a warrant from the law enforcement agents. This act has also been accused of creating uncertainty to both law enforcement agencies and service providers thus being referred to as a frame of confusing standards(Gabriel). The Fourth Amendment The Fourth Amendment was designed in such a manner that the issuance of a warrant or subpoena depended on whether the provider of the information had intended the information to be private. For example taking of an individual envelope to a public park without revealing its contents is not a crime. However, if one makes a deliberate effort to explain the contents of the envelope to the public the privacy interest its contents are lost. To remedy the problems, the court recognized the use of various levels of data storage. The use password was also taken into consideration as a sufficient measure to conceal information. In the above case, the analysis of reasonableness for warrants and subpoenas depends highly on the court's description of the container (Orin). The foreign intelligence surveillance act Further the regular search subpoenas or warrants, enforcement agents from us government can also make use of the Foreign Intelligence Surveillance Act (FISA) warrants. FISA warrants are mainly concerned with foreign intelligence gathering where the reason for issuance of the warrant is dependent on domestic sources. The act determines whether surveillance is being conducted internally or externally in the united states. Geographical differences that are associated with cloud computing may result in making a distinction not clear. Foreign companies and government might refuse to use cloud providers with us storage centers so as to prevent the us gathering procedures associated with FISA. Under the Act, federal agencies can make use National security letters(administrative subpoenas) to gather foreign intelligence hence can request client information from other third parties or cloud providers. The letters contain a none disclosure clause that prohibits the cloud providers from revealing to their clients or customers that their data is being investigated by US federal government. This has raised concerns with customers who are not from the USA; for example Canada has a policy that does not allow the use of American based hosting services in IT projects in the public sector. Presenting cloud information as evidence in court National security officials, as well as law enforcement, agents have an issue in giving information stored by the cloud before the court. The problem is brought about by two major factors: the difficulty of accessing the information stored in the cloud, and the hoe easy it is to satisfy the evidence requirements needed in courts (Gabriel). The ease of accessing information stored in the cloud The ease with which cloud data can be obtained by law enforcement agents depends to a large extent on the practices of the service provider. That is, the duration taken to keep copies of files and procedures on retaining deleted files on their domain. This is determined by the cloud providers extent of liability in law. Encryption by both the users and service providers also inhibit access to data stored in the cloud. Chain of custody problems Nicole in her commentary asserts that, cloud computing causes rare forensic problems, including the gathering of admissible digital evidence, its conservation, and the final expert analysis of such information. For the case of a tangible good such as a gun the item is meticulously gathered. Additionally, it could be tagged, bagged, tested and stored in the law enforcers’ evidence chambers or safe awaiting trial. However, this is not the case with cloud computing evidence if it is to be used to prove a case beyond reasonable doubt .In the case of digital evidence the law enforcement agency has to keep track of the physical evidence, for instance, a memory chip. As well, the intangible or digital evidence(mail messages stored on the flash disk). Recommendations The simplification of the Electronic communication privacy act(ECPA). This is because a great extent of individuals, governments, and businesses rely on cloud service providers. Make it law that every service provider possess technology that enables them to collect data for management information when needed (Vineeth). The legislation would save the law enforcement agencies a lot of time, therefore, assist in solving many more cyber crime cases. Assist the law enforcement agents the Congress should also enact a law requiring cloud service providers to produce tools needed to preserve data kept in their cloud banks. Conclusion Having examined the impact of laws and regulations on cloud computing, it is evident that the laws enacted undoubtedly have a direct impact on cloud computing. Legislation such as The Foreign Intelligence Surveillance Act (FISA), which allows the US federal government to gain access to cloud data both from within and without its borders should be revised (Gabriel). Mistrust arising from such laws has been evidenced by the kind of protective legislations enacted by a country such as Canada to protect its digital data. As a consequence, the United States of America is losing in much-needed revenue arising from loss of investment from scared investors such as Canada. Work cited Kesan, Jay P., Carol M. Hayes, and Masooda N. Bashir. "Information Privacy and Data Control in Cloud Computing: Consumers, Privacy Preferences, and Market Efficiency." Washington and Lee Law Review 70.1 (2013): 341-472. ProQuest. Web. 16 Apr. 2015. Black, Nicole. "Commentary: Legal Loop: Florida Bar on the Ethics of Cloud Computing." Daily RecordFeb 18 2013. ProQuest.Web. 16 Apr. 2015 . Narayanan, Vineeth. "Harnessing the Cloud: International Law Implications of Cloud-Computing." Chicago Journal of International Law 12.2 (2012): 783-809. ProQuest. Web. 16 Apr. 2015. "Evidence obtained Pursuant to Foreign Intelligence Surveillance Act could be used for Domestic Criminal Prosecution."Computer and Internet Lawyer 24.5 (2007): 24-5. ProQuest. Web. 16 Apr. 2015. Schlabach, Gabriel R. "PRIVACY IN THE CLOUD: THE MOSAIC THEORY AND THE STORED COMMUNICATIONS ACT." Stanford law review 67.3 (2015): 677-721. ProQuest. Web. 16 Apr. 2015. Kerr, Orin S. "THE FOURTH AMENDMENT AND THE GLOBAL INTERNET." Stanford law review 67.2 (2015): 285-329. ProQuest.Web. 16 Apr. 2015 Kerr, Orin S. "THE FOURTH AMENDMENT AND NEW TECHNOLOGIES: CONSTITUTIONAL MYTHS AND THE CASE FOR CAUTION."Michigan law review 102.5 (2004): 801-88. ProQuest. Web. 16 Apr. 2015. Read More