Tweet
Keir Thomas – Thu Dec 2, 1:31 pm ET
When the Wikileaks "cablegate" scandal broke last week, those behind the whistle-blowing Website found their servers under heavy load. No surprise there, of course, but an additional DDoS hack attack didn't help.
To remedy the situation, Wikileaks did what anybody else would do by renting some elastic space in the cloud to take up the strain. They chose Amazon Web Services, which, although initially unperturbed by the move, yesterday removed Wikileaks' material without an explanation or apology. It appears Amazon came under political pressure to do so.
{...}
It boils down to what cloud providers consider to be objectionable material. Most service agreements are a little vague on this point, perhaps deliberately so. Amazon's Web Services Customer Agreement says the following, which is wildly open to interpretation and could theoretically let them remove just about anything:
11.2. Applications and Content. You represent and warrant: [...] (iii) that Your Content (a) does not violate, misappropriates or infringes any rights of us or any third party, (b) does not constitutes defamation, invasion of privacy or publicity, or otherwise violates any rights of any third party, or (c) is not designed for use in any illegal activity or to promote illegal activities, including, without limitation, use in a manner that might be libelous or defamatory or otherwise malicious, illegal or harmful to any person or entity, or discriminatory based on race, sex, religion, nationality, disability, sexual orientation, or age;
Even if the service agreements were crystal clear about what is and isn't acceptable content, there will be many borderline cases that could fall either way. Anybody using cloud services could potentially be at the mercy of unaccountable arbiters within the organization.
{...}
Where does their legal liability start and stop? Bearing in mind that cloud computing is a radically different prospect compared to simple Web hosting, will cloud computing need its own set of laws and regulations? Will the wise IT manager wait until various lawsuits have proved what is or isn't acceptable when it comes to the cloud?
The other issue raised is how easily cloud services will hand over material to government agencies when requested. Keeping a server computer within your premises allows property rights that prevent law enforcement getting their hands on it without significant hassle. How much hassle would law enforcement agencies need to go through to get Amazon to roll over?
Could law enforcement agencies deliberately cause disruption for a business by getting the cloud service to deactivate or suspect their account? It isn't hard to imagine, is it?
{...}
There's a risk of navel gazing here, but following all logical and legal paths is something anybody involved in a migration to cloud computing will have to do. If not, they could be left very red-faced.
At the moment, it feels like we're at the beginning of the beginning of understanding the nature of cloud computing. Only the brave would dive in at this point in time.
Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com and his Twitter feed is @keirthomas.
http://www.pcworld.com/search?qt=Keir+Thomas&s=d
When the Wikileaks "cablegate" scandal broke last week, those behind the whistle-blowing Website found their servers under heavy load. No surprise there, of course, but an additional DDoS hack attack didn't help.
To remedy the situation, Wikileaks did what anybody else would do by renting some elastic space in the cloud to take up the strain. They chose Amazon Web Services, which, although initially unperturbed by the move, yesterday removed Wikileaks' material without an explanation or apology. It appears Amazon came under political pressure to do so.
{...}
It boils down to what cloud providers consider to be objectionable material. Most service agreements are a little vague on this point, perhaps deliberately so. Amazon's Web Services Customer Agreement says the following, which is wildly open to interpretation and could theoretically let them remove just about anything:
11.2. Applications and Content. You represent and warrant: [...] (iii) that Your Content (a) does not violate, misappropriates or infringes any rights of us or any third party, (b) does not constitutes defamation, invasion of privacy or publicity, or otherwise violates any rights of any third party, or (c) is not designed for use in any illegal activity or to promote illegal activities, including, without limitation, use in a manner that might be libelous or defamatory or otherwise malicious, illegal or harmful to any person or entity, or discriminatory based on race, sex, religion, nationality, disability, sexual orientation, or age;
Even if the service agreements were crystal clear about what is and isn't acceptable content, there will be many borderline cases that could fall either way. Anybody using cloud services could potentially be at the mercy of unaccountable arbiters within the organization.
{...}
Where does their legal liability start and stop? Bearing in mind that cloud computing is a radically different prospect compared to simple Web hosting, will cloud computing need its own set of laws and regulations? Will the wise IT manager wait until various lawsuits have proved what is or isn't acceptable when it comes to the cloud?
The other issue raised is how easily cloud services will hand over material to government agencies when requested. Keeping a server computer within your premises allows property rights that prevent law enforcement getting their hands on it without significant hassle. How much hassle would law enforcement agencies need to go through to get Amazon to roll over?
Could law enforcement agencies deliberately cause disruption for a business by getting the cloud service to deactivate or suspect their account? It isn't hard to imagine, is it?
{...}
There's a risk of navel gazing here, but following all logical and legal paths is something anybody involved in a migration to cloud computing will have to do. If not, they could be left very red-faced.
At the moment, it feels like we're at the beginning of the beginning of understanding the nature of cloud computing. Only the brave would dive in at this point in time.
Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com and his Twitter feed is @keirthomas.
http://www.pcworld.com/search?qt=Keir+Thomas&s=d