Will the Cloud survive regulation ?

cloudprivacyA complaint made by The Electronic Privacy Information Centre to the US Federal Trade Commission could lead to Google online services being closed down. They want Google shut off until Google adopts procedure and standards for safeguarding confidential information. The Financial Times reported:

In a 15-page complaint to the FTC, the Electronic Privacy Information Center (Epic) said recent reports suggested Google did not adequately protect the data it obtained. It cited vulnerabilities that revealed users’ data in its Gmail webmail service, Google Docs online word processing and spreadsheets and in Google Desktop, which can index users’ information held on their hard drives.

European privacy laws are much more stringent than UK privacy laws:

“In the European Union, a user basically has the right to be informed about how data are used (notice requirement), and to prevent any use he does not agree to (consent requirement). In short, and a bit simplified: Without consent use is forbidden. In essence, this mechanism resembles to any other Intellectual Property rights (such as Copyright, Patent and Trademark rights).

The U.S. do not have a framework similar to the European one. As a general rule, whoever has unrestricted access to data “owns” it and may use the data to the extent as such use is not forbidden.”

It remains to be seen whether this will result in providers of cloud services having to  to restrict or change their service based on the country in which the service is being used.. To a certain extent we have already seen a form of this with the restrictions Google have had to impose on UK YouTube viewers because of an inability to agree terms with the Performing Rights Society (PRS). The end result of such restrictions across all clouds could well result in Cloud that are accessible in some countries but not others. 

For more stringent regulations such as  SOX and HIPAA , the way Cloud can move and backup information means that  there may be instances where information can have more than one legal location at the same time. This could be potentially disastrous and they way this may be analysed may not be just from the cloud information store but form the Router up. One can imagine a court scenario in which routing tables and IP headers are produced as artifacts to prove the legal status or jurisdiction of where data has or does reside. This could lead to new laws which could force cloud providers to check user data or impose restrictions based on country of origin. This is likely to become more and more of a reality and in fact we can start to see some of this happening right now. Examples are the UK government forcing ISP’s to keep all email data and specialised hardware such as the CopyRouter with deep packet inspection of data.

Once could argue that without such stringent measures, the  legal uncertainties to the the status of information in the cloud may actually end up preventing businesses and companies actually deploy applications and services to the Cloud which would not be good for anyone involved in Cloud Computing.