Cloud Computing Issues – Why still there is hesitation in the Clouds?

cloud-computing-threats

Cloud Computing is the latest trend which has emerged onto the foray of cyberspace. Cloud Computing in simple parlance connotes the usage of computing resources to deliver sensitive information as a service over a network. Usage of the term “sensitive” in the above mentioned is for the sole purpose of highlighting pertinent issues related to protection of such classified information. From a legal standpoint Cloud Computing is the latest manifestation of a transnational environment within which a law enforcement agency has to operate in order to uphold the minimum threshold of individual privacy.

cloud-computing-threats

ADDRESSING THE ISSUE

Cloud computing being relatively a new concept and phenomenon has no specific definition attributed to it. Taking the aforesaid into consideration the author suggests that Cloud Computing be defined as the usage of technology which allows a user to make use of a shared pool of computing resources via a network access. These resources can include within its ambit various software applications, servers, storage and networks. Furthermore as far as the common trend goes there is always a third party which regulates and maintains these servers, applications, or networks, and for the sheer convenience of the users the users can access them on the internet without having to download software or store the data on their own computers.

One of the major issues associated with Cloud Computing is the issue of privacy and the obligation upon the Cloud Computing providers to keep information private at all costs. Given the fact that Cloud providers often handle massive amounts of personal data from thousands of users it is of utmost importance that there should be a mechanism in place initiated by the Cloud provider for managing such humongous amount of data of varied users.

Another noteworthy issue which has to be taken into consideration at this juncture is the issue of jurisdictional conflicts which arise subsequent to a breach of duty or obligation on part of the Cloud provider. The amorphous nature of the collection of servers, applications, and data that makes up “the cloud” lends itself to potential jurisdictional conflicts. The issue of jurisdiction is important because of the presence of disparity among the privacy laws across jurisdictions of various countries. For the better understanding of the issue in hand the author purports an example. For example in India post 26/11 attacks on Mumbai under the Information Technology Act, 2000 the government has a broad latitude to intercept any suspicious electronic data that comes through the country.                                                                                                                                                                                                                                                                     Such broad latitude of power conferred on the government by way of the legislation is troublesome for some users due to the unclear demarcation between suspicious and non-suspicious data. This is in sharp contrast to the scenario in the European Union where the Data Protection Directive puts stringent standards on the collection of electronic data by the government and by any other entity.

The Privacy Issue

Cloud Computing providers are subject to certain legal ramifications as under the Information Technology Act, 2000. For the purposes of the Act, every such provider of Cloud Computing automatically qualifies the description of an “intermediary” as postulated in Section 2(1)(w) of the Act,2000. Even though not explicitly stated so, such an inference can be drawn from the very fact that the moment these providers start providing various services in the context of Cloud Computing, the said service providers are providing services pertaining to electronic records.

Furthermore the said service providers, with respect to particular electronic records, store, transmit or retain the said particular electronic records on their cloud networks, and hence, such service providers are intermediaries. It is pertinent to note that under the Information Technology Act, 2000 various cybercrimes have been defined under which any crime committed which falls within the ambit of electronic data would mechanically include Cloud Computing as Cloud Computing is an intermediary for all purposes under the Act, 2000. One of the most interesting features in the Information Technology Act, 2000 that one needs to appreciate is in the context of onus of proof. In the context of Cloud Computing the current law provides that the onus of proving a violation of the regulatory mechanism as envisaged in the Act, 2000 lies on the accused unlike in other circumstances where the onus always lies on the prosecution. Once accused of having violated the code of conduct as postulated in the Act, 2000 a service provider will have to bring forth proof of the fact that he has indeed exercised due diligence while discharging its obligations under the Act.

Moreover it is in the same context that it is to be taken into due consideration that with the advent of huge storage that is happening on Cloud Computing, Cloud Computing service providers can also be called upon by the law enforcement agencies so as to provide relevant information for the purposes of dealing with any cyber security incident or for investigation of any cybercrime activity. In case of failure the said service provider will attract potential legal liability under the Act. As per the provisions of the Information Technology (Amendment) Act, 2000 it has been categorically stated that for the purposes of maintaining national security the law enforcement agencies have been vested with the power to intercept, block, decrypt and monitor all electronic transmission. A power of such nature and vast latitude on the grounds of maintaining national security is an issue of concern which needs to be addressed in the subsequent time to come.

Noteworthy is the fact that Section 43,65,66,72 of the Information Technology Act, 2000 deals with penalties pertaining to the breach and misuse of data in India. Section 43 of the Act contemplates that that a consumer is insured of damages to the computer or the computer system. It foresees civil liability for actions including but not limited to unauthorized copying, extraction, database theft and digital profiling. Further Section 65 protects consumers from any incident of tampering of computer source documents. The applicability of the Section unless otherwise specified in the Act is limited to intentional actions such as concealing, destroying, or altering of computer source code. Section 66 and Section 72 of the Act deals with computer hacking which results in the alteration/misuse of data and breach of confidentiality and privacy of a person’s material respectively.

 

Leave a Reply

Your email address will not be published. Required fields are marked *