The purpose of this chapter is to examine the current legal environment of cloud computing. As the cloud platform continues to evolve, companies will find the need to address the business risks, particularly legal issues which will be of paramount concern. This chapter discusses the legal dimensions of cloud computing from the perspective of three L's: Location, Litigation, and Liability. Most of the current issues can be evaluated as part of one of these categories. Although the legal aspects of the cloud lag behind the business and technology side, prior case law is discussed as it applies to issues arising from various implementations of cloud computing applications. This discussion provides a road map for CIOs and other managers as they deal with emerging issues and legal ramifications of cloud computing. The chapter also provides direction for research in this realm.
TopLiterature Review
Very little academic work in the business and information technology (IT) literature has addressed issues related to cloud computing. This is due partly to the relatively short time in which cloud computing has been an issue for companies to consider. Some of the early work has addressed high-level issues related to emerging cloud technology as a platform for business operations (e.g.; Hayes, 2008). Fingar (2009) published one of the first books that addresses the business implications of cloud technologies. Some consulting firms have published work that addresses risks and legal implications of cloud computing (e.g.; Logan, 2009; Plummer, 2010; Bittman, 2011; Casper, 2011).
A massive amount of literature has emerged from the business and IT trade publications related to cloud computing in general. Cloud computing is a high-priority issue on the radar screen of most CIOs today. Most of the current popular press focuses on cost savings of cloud implementations, selection criteria for cloud vendors, and implications of cloud computing for the organization. Security also has been a significant issue that has been covered extensively in blogs, presentations, and publications. Only recently has this discussion turned to the legal aspects that should be considered (e.g., Nash, 2010; Golden, 2009). This is likely due to the lack of awareness and understanding of the potential legal impacts. More emphasis on the legal aspects are likely to emerge as the issues become more relevant and the technology develops.
The legal research on cloud computing is also in its infancy. Some research has appeared recently in the academic literature (e.g., Couillard, 2009; Forsheit, 2010; Robison, 2010; Ryan & Loeffler, 2010). As with the business and IT literature, much of the legal discussion is in the trade publications, blogs and presentations (e.g.; Mills, 2009; Pinguelo & Muller, 2011; Jaeger, Lin, Grimes & Simmons, 2009). Journal articles only recently have begun to shift from broad, overarching analyses of privacy issues to addressing more esoteric issues such as cloud computing’s interplay with Fifth Amendment law, the law of contracts, and copyright enforcement (Colarusso, 2011; Eisner & Oram, 2010; Melzer, 2011). Most journals still recognize cloud computing as a new and emerging technology, using terms such as “a coming storm” and “a new era,” and recognize that “the law cannot keep up with the pace of change in computer networking” (Robison, 2010; Tsilas, 2010). In short, legal research in this area has yet to reach the level of nuance and sophistication seen in some other areas.