04 November 2012

Cloud Computing, RIP

The Department of Justice is now arguing that you have no property rights whatsoever to your data if you use cloud storage:
Yesterday, EFF, on behalf of its client Kyle Goodwin, filed a brief proposing a process for the Court in the Megaupload case to hold the government accountable for the actions it took (and failed to take) when it shut down Megaupload's service and denied third parties like Mr. Goodwin access to their property. The government also filed a brief of its own, calling for a long, drawn-out process that would require third parties—often individuals or small companies—to travel to courts far away and engage in multiple hearings, just to get their own property back.

Even worse, the government admitted that it has accessed Mr. Goodwin's Megaupload account and reviewed the content of his files. By doing so, the government has taken a significant and frightening step. It apparently searched through the data it seized for one purpose when its target was Megaupload in order to use it against Mr. Goodwin, someone who was hurt by its actions but who is plainly not the target of any criminal investigation, much less the one against Megaupload. This is, of course, a bald attempt to shift the focus to Mr. Goodwin, trying to distract both the press and the Court from the government's failure to take any steps, much less the reasonable steps required by law, to protect the property rights of third parties either before a warrant was executed or afterward. And of course, if the government is so well positioned that it can search through Mr. Goodwin's files and opine on their content—and it is not at all clear that this second search was authorized—presumably it can also find a way to return them. .

But in addition, the government's approach should terrify any user of cloud computer servicesnot to mention the providers.  The government maintains that Mr. Goodwin lost his property rights in his data by storing it on a cloud computing service.  Specifically, the government argues that both the contract between Megaupload and Mr. Goodwin (a standard cloud computing contract) and the contract between Megaupload and the server host, Carpathia (also a standard agreement), "likely limit any property interest he may have" in his data.  (Page 4). If the government is right, no provider can both protect itself against sudden losses (like those due to a hurricane) and also promise its customers that their property rights will be maintained when they use the service. Nor can they promise that their property might not suddenly disappear, with no reasonable way to get it back if the government comes in with a warrant. Apparently your property rights "become severely limited" if you allow someone else to host your data under standard cloud computing arrangements. This argument isn't limited in any way to Megaupload -- it would apply if the third party host was Amazon's S3 or Google Apps or or Apple iCloud.  
(emphasis original)

So basically, if a prosecutor decides to go after one person using a cloud service, then they could take down the entire service, and if you do not like it, tough, you have no property rights.

Having your property seized at the whim of a prosecutor is antithetical to the very idea of the rule of law.

Still bullish on cloud storage?

H/t Ecop at the Stellar Parthenon BBS.


Post a Comment