There has been much discussion about the issue of cloud computing (where you upload, store and access your data at an online service owned or operated by others). The issue of privacy and cloud computing is important, because millions of consumers use cloud computing services such as Web-based e-mail, online photo or video databases, or Internet calendar services. And governments are beginning to use the services, too.
Last week, the General Services Administration announced that it “is the first federal agency to move email to a cloud-based system agencywide.” Capital Business reports: “Federal officials said they hope that GSA’s shift will encourage more federal organizations to embrace cloud computing for e-mail and other applications.” Last month, the Office of Management and Budget announced: “We are reducing our data center footprint by 40 percent by 2015 and shifting the agency default approach to IT to a cloud-first policy as part of the 2012 budget process.” Last year, Google said that the city of Los Angeles had begun switching 34,000 employees to the company’s cloud services.
One important privacy question involves the fact that the physical location of the “in the cloud” server where the data is housed could be in any country and subject to the laws of the host country, which could be less protective of the data than the United States’ laws.
In an opinion column at the Star, internet law expert Michael Geist examines WikiLeaks and noted the question of where the company hosting the Web site is located:
One of the most noteworthy developments was Amazon’s decision to abruptly stop hosting the Wikileaks site hours after U.S. Senator Joe Lieberman exerted political pressure on the company to do so. Amazon is best known for its e-commerce site, yet it is also one of the world’s leading cloud computing providers, offering instant website hosting to thousands of companies and websites. […]
After Amazon pulled the plug, Wikileaks quickly shifted to a European host, demonstrating how easily sites can shift from one cloud provider to another. Although it seems counter-intuitive to consider the physical location of cloud computing equipment when discussing services that by their very definition operate across borders in the “cloud”, the Wikileaks-Amazon incident provided an important reminder that location matters when it comes to cloud computing.
The notion of cloud forum shopping is relatively new, but likely to become more important as legal rules have a direct effect on cloud services and public confidence in them.
For more information: The World Privacy Forum released a report (pdf) last year on cloud computing, “Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing.” The National Institute of Standards and Technology has a site about cloud computing. Last year, in a New York Times op-ed, Harvard Law Professor Jonathan Zittrain also wrote about privacy and cloud computing, noting that the cloud “comes with real dangers.”