Privacy Concerns Make Moving into the Cloud a Murky Matter

The 6th Circuit Court of Appeals just recetly released a decision that has significant bearing on the privacy of stored email (and likely other materials) at ISPs and other cloud based providers. I am no expert in this area - but it has direct implications for the many considerations for moving networks and services into the cloud. For Network World's perspective click here.

Here is some juicy background on the conviction of Berkeley Premium Nutraceuticals' Steven Warshak, and others on federal fraud charges, who were ordered to forfeit $33 million in assets, including real estate, cars and bank accounts,in connection with convictions in a jury trial of conspiracy to commit money laundering, along with other fraud charges.

The matter was appealed and the appeal was dismissed. By dismissing the suit on procedural grounds, the court left unanswered the question of whether the Fourth Amendment requires the U.S. government to obtain warrants based on reasonable cause before it can compel e-mail service providers to secretly turn over a person's e-mail records. The absence of a warrant significantly lowers the threshold for access by the government and eliminates the defendants opportunity to defend (or even be aware of the investigation).

While this may be a non-issue for the average (legally compliant) guy/gal -- this seems to be a huge issue for professionals - lawyers, accountants, doctors, etc.- with an ethical (and legal) requirement for preserving confidentially of client information and communications.

This should also be an issue for employers, especially if they might have any concern or risk that employees may be engaged in activities that could turn into a financial/legal liability or, more likely, a black eye in the court of public opinion (example: think hosting or storing unauthorized, illicit or illegal content).

This judicial decision puts lawyers,accountants and health care providers on notice that if they store email in the cloud, it can be accessed by the government without notice. This sounds like solid grounds for "malpractice per se" if a case is made against a client of a professional based on email (or other materials) stored in the cloud.

And we haven't even touched on how cloud based electronic records will be maintained, produced, etc. for federal and state e-discovery requirements. The number and complexity of issues for moving services/technology into the cloud will be murky for a long while. Most cloud vendors are betting you will miss there issues (and related costs) in making your decision to abandon your email server. This is clearly a role for the trusted IT/business adviser to get educated and help navigate their clients through these issues.

Del.icio.us Digg It! Facebook Reddit StumbleUpon Technorati
Posted by Ben Yarbrough

2 comments:

Ben Wright said...

Ben: Knowing e-discovery (whether through the cloud or otherwise) is inevitable, I argue an enterprise can use technology proactively to make its e-records more benign. What do you think? --Ben
http://hack-igations.blogspot.com/2008/05/nix-smoking-gun-e-discovery.html

July 18, 2008 2:35 PM
Ben Yarbrough said...

Ben W. - Thank you for the comment. You make an intresting observation how email disclaimers might be used to shift the burden or risk away from the employer. I would analogize the sitaution to an employer implementing a "reporting chain or process" for sexual harrasment complaints. It helps - but can never eliminate all the exposure. An email disclaimer might also have no bearing in a lot of situatitons - but it might in some. Vendors seem to be pushing cloud services and asking customers to turn over control of all this information and the related systems. However, there is no prior appararent consideration for these issues. Do you think it is lack of attention or intentional avoidence in hopes of generating future services and revenue?

July 19, 2008 10:55 PM

Post a Comment

Subscribe to: Post Comments (Atom)