Will Legal Issues Mar Cloud Computing?

Will Legal Issues Mar Cloud Computing?

By Anu Vaidyanathan

  • 19 Jul 2011

One of the latest intellectual property debates, amplified by Hollywood's attempt at glorifying geeks with the movie The Social Network, concerned Facebook. The Winklevoss twins are now challenging a decision at the San Francisco Federal Court of Appeals upholding a $65 million settlement from Facebook, claiming to have co-invented it and, therefore, wanting ownership, rather than settlements. Facebook, by itself, has more than 200 patents filed in various jurisdictions including India. Compared to the 500 million subscribers that Facebook has, mobile telephony boasting nearly 4.5 billion handsets is another mammoth in the intellectual property disputes. The latest patent infringement dispute between Apple and HTC has led HTC to make a symbolic payment of $5 per mobile phone to Microsoft for their android devices (perhaps just a move to show that it was cognizant of licensing procedures). Microsoft is reported to be making $150 million out of its android licences (while making a paltry $30 million from Windows phone revenues).

Speaking of a third industry (besides social networking applications and mobile telephony), Cloud computing, which is only five or six-year old in terms of widespread usage of the term that is still trying to establish a big market case, past the success of Amazon Web Services (whose latest outage caused major players like Reditt and Foursquare to crash), deserves some close attention to the legal issues which are likely to crop up from an IP perspective. In this article, I will discuss software patents, policy debates around data protection and indemnity, as it applies to cloud computing.

Software Patents are commonly a hot topic of debate. Having been a developer, I believe that software patents are a burden on innovation, as are copyrights which are eventually enforced. While there are efforts to control the quality of patents being granted in Europe and the USA, and the debate (specifically against business method patents) is now amplified, one cannot say the same for the Indian context. Being a practitioner of intellectual property, I have come to realise that software patents are a fact of life and they are here to stay. Additionally, given that most of the labour-intensive areas are in India (for software development), the only incentive for real innovation in terms of fostering product-based companies rather than another services company would be to really demystify what software patents are being to the table, in terms of a defence card. While there are tonnes of arguments against software patents, even the 'open source community' did not totally escape without a little taste of it, as evidenced by Red Hat versus DataTern where Red Hat ended up settling with DataTern, in order to allow their customers proceed with using their products without problems. Firestar Inc. (which later became DataTern) sued Red Hat, claiming that Red Hat had infringed one of its patents, which relates to a method for interfacing an object-oriented software application with a relational database, facilitating access to the database. DataTern contended that Hibernate, a JBoss product, infringed their patent.

In the case of Cloud computing, Microsoft filed a law suit against Salesforce.com in 2010, claiming that several of its granted patents had been infringed. One of the patents had to do with software updates. The bigger players (in terms of legal budgets) are always prone to trying to scare any reasonably successful company by dragging it through court, especially in new areas of technology. If Salesforce.com had been a PC manufacturer, this lawsuit (or any lawsuit) would have been less likely, as it wouldn't have threatened a bigger player's presence in the same market.

Policy Debates are imperative in this context to identify any problem that might arise with user privacy and evolving the law to keep pace with technological innovations. The European Union's Data Protection directive 95/46/EC has pre-dated the Internet. Till date, one does not find an enormous amount of jurisprudence around this directive, which is strange, given that almost all aspects of an individual's data is now online. When we introduce Cloud computing, there is an added problem of the user not having control over how the data will be handled by the Cloud services providers. But last week, the USA has put into motion two new bills the Location Privacy Protection Act and the Data Security and Breach Notification Act. The Location Privacy Protection Act requires that location-based service providers (such as Apple or Google) must obtain users' consent before sharing information about their locations with other parties. The Breach Notification Act requires that businesses and non-profits take measures to ensure security of sensitive data.

Richard Stallman came out and rubbished Cloud computing some time ago, stating that Google was more likely to hand over a consumer's personal record to the State than the consumer would by themselves, in case of contention. While this is an extreme view of the situation, it can be argued that by concentrating user data and services onto Cloud, it also becomes easier to regulate the use and dissemination of such data, as exemplified by the attempt with the Location Privacy Protection Act.

Indemnity becomes a very interesting consideration, especially when considering concepts such as multi-tenancy in the Cloud computing domain. Virtualisation, when first introduced for the enterprise, saw the advent of special licences for this environment. As early as 2005, Microsoft changed its licences for users who wanted to use its products (or many instances of one product) in a virtual environment. For example, the Windows Server licence, which was typically charged per processor, was modified enabling customers to create as many instances as they required while only paying for the number of virtual servers. This new model made further provisions for customers to migrate active instances across machines, without violating the licences in place. New products and services within Cloud computing should pay close attention to aligning themselves with what is provided in the licence(s) which are in place within their infrastructure, in order to steer clear of any implied indemnity.

Cloud computing is a relatively new sector in business and the discussions on policy in and around it are only beginning. While several established bodies such as the National Institute of Standards (NIST), the Open Cloud Consortium (OCCI) and the ISO Study Group for Standardization of Cloud Computing (SGCC) are actively trying to frame the debate around standards, a closer look at the legal issues surrounding Cloud computing is required to avoid a repeat of the problems within the mobile telephony sector, with a number of patent lawsuits.