Information Technology Reference
In-Depth Information
emerges where users can be aggrieved due to any number of reasons (such
as termination of service, loss of data, privacy of personal data), because
there is no legal regulation and supervision in terms of the qualifications of
cloud computing service providers, such as adequate infrastructure, capital,
and qualified personnel, among others).
There may be interruptions in the services of large-scale companies
including major cloud service providers such as Microsoft, Google, Yahoo,
BlackBerry and Amazon [9]. However, cloud service providers do not bear
any liability for the losses and return of information in the cloud system in
the event of interruptions in services or termination of service by the
provider (see, for example, Microsoft Online Privacy Statement) [8]. There
is often no clarity in the agreements with regard to the duration of the
waiting time for a system to be reactivated and to resume operating in the
event of a disaster.
Certain terms of service state that the service provider may use, change,
adapt, record, recreate, distribute and monitor the content with the aim of
improving its service quality (see, for example, Google Terms of Service or
Microsoft Terms of Service) [10], [11]. Certain end-user license
agreements (EULA have a statement stipulating that all license rights (right
of duplication, transfer, publication and storing) are permanently assigned to
the service provider (to provide services) [12]. It appears that the scope of
authorization obtained by the service providers in order to provide their
services is far too broad [13].
During any investigation of digital evidence, data located in the same
environment which is not related with the illegal act in question become
accessible and files not related with any criminal offense are changed in
structure, which may lead to the emergence of new legal problems.
Furthermore, although some EULAs clearly state that deleted information
may not at the same time be deleted from the information environments (see
Google Privacy Policy) [14], there is no information available regarding
when a complete deletion process might be accomplished.
3
Legal Liabilities of Cloud Service Providers
3.1
Legal Environment Regarding Cloud Computing in the USA
Unlike the EU, the US has no comprehensive law protecting the privacy of personal
information and limiting the transfer of data to other countries. However, data that can
be classified as sensitive is addressed in federal law, and certain limitations are
imposed on such data because of the need for privacy [15]. Sensitive data include four
domains: personal information collected from those under the age of 13, personal
information collected by financial institutions about their clients, healthcare
information collected by healthcare institutions about their patients, and information
collected by the credit bureaus regarding the credit history of their clients.
Search WWH ::




Custom Search