What Was Discussed? Recap of the Emerging Law and Policy Issues in Cloud Computing Event

By TAP Staff Blogger

Posted on April 5, 2010


On March 12, 2010, the Berkeley Center for Law and Technology hosted a conference entitled Emerging Law and Policy Issues in Cloud Computing at Berkeley Law School. The conference featured a wide range of experts including legal academics, local and federal government officials, corporate executives, and legal practitioners.  Presenters were divided across five topically-distinct panels and an introductory background presentation.

Tutorial: What is cloud computing? - Professor Brian Carver of the Berkeley School of Information began the day with an overview of cloud computing.  At the conclusion of his presentation, Professor Carver foreshadowed much of the day’s discussion by saying that while the technology behind cloud computing is not new, the policy issues that must be dealt with in a world of increased cloud reliance are.  Those novel policy concerns would be highlighted and debated throughout the day.

Podcast of Brian Carver’s presentation
Accompanying slides

Regulatory & Jurisdictional Issues - The first panel addressed the novel regulatory challenges that occur in the cloud from the perspective of a cloud user, a cloud provider, a private citizen, and a government prosecutors.  Rich Sauer, associate general counsel at Microsoft discussed the challenges faced by cloud providers attempting to navigate multiple, often contradictory, national regulatory schemes.  Conflicting regulatory requirements and uncertain jurisdiction are problems that, in Mr. Sauer’s opinion, “are going to get worse before they get better.”  Professor Michael Geist of the University of Ottawa furthered the discussion of the international idiosyncrasies of cloud environments by noting that privacy concerns are both culturally and contextually-determinant.  Professor Geist noted that Canadian citizens have an aversion to other governments (particularly the U.S. Government) accessing personal data.  Professor Geist used the Canadian example to suggest that most people, regardless of citizenship, tend to trust their own governments with personal data more than they would trust a foreign government. 

Podcast of Regulatory & Jurisdictional Issues panel: part 1; part 2
Accompanying slides: .
• Duane Valz, Chadbourne & Park LLP (moderator) - pdf
• Michael Geist, University of Ottawa, Faculty of Law - pdf
• Barbara Lawler, Intuit - pdf
• Rich Sauer, Microsoft - pdf
• Adam Miller, California Department of Justice - pdf

Privacy & Security - Next, the second panel delved deeper into the examination of the privacy concerns that occur in the cloud.  Professor Thomas Fetzer of the University of Mannheim Law School examined the theoretical roots of privacy in Europe and concluded that the core principal of EU privacy policy is that individuals must be able to control personal data at all times.  This principle, Professor Fetzer argued, is outmoded in a world of constant information flow and should be replaced with a privacy policy of disclosure, transparency, and self-determination.  The call for more disclosure was echoed, albeit with caveats, by Michelle Dennedy of Oracle.  Ms. Dennedy encouraged cloud providers to disclose security architecture and security breaches to consumers, but only when doing so will not create liability risks or further security breaches.

Podcast of Privacy & Security panel: part 1; part 2
Accompanying slides:
• Paul Schwartz, BCLT & Berkeley Law - pdf
• Thomas Fetzer, Univ of Mannheim Law School - pdf
• Alan Raul, Sidley Austin LLP - pdf

Policy Panel: Consumer Protection, Data Portability and Competition - The third panel provided two distinct outlooks on the government’s role in protecting consumer expectations in the cloud: one outlook from the government’s perspective and one from the academic viewpoint.  Carl Settlemyer of the Federal Trade Commission and Lydia Parnes, formerly with the FTC, discussed the FTC’s role in policing cloud activity.  Both panelists agreed that the FTC investigates only the most egregious examples of deception and unfairness.  Professor Jason Schultz of Berkeley Law School and Professor Randal Picker of the University of Chicago Law School discussed the extent to which the location of data on the cloud should affect legal determinations and the degree to which cloud providers should be required to permit data portability.

Podcast of Policy Panel: Consumer Protection, Data Portability and Competition panel
Accompanying slides: Daren Orzechowski, White & Case LLP (moderator) - pdf

Following a panel devoted to obtaining the best deal for a client seeking to move data to the cloud (Practitioners Panel: The Art of The Deal: podcast; accompanying slides), the final panel of the day addressed Intellectual Property Issues in the Cloud.  Professor Pam Samuelson of Berkeley Law described the range of possible uses of IP in the cloud.  Analyzing the full scope of possible outcomes, from having little effect on IP rights to a large erosion of user rights, Professor Samuleson’s presentation demonstrated the unknown future of the value of intellectual property protection of assets in the cloud.  In conclusion, Professor Samuelson predicted that the cloud will lead to new, creative uses of IP laws.  Jule Sigall of Microsoft agreed with Professor Samuelson’s assessment and noted that one potentially creative use of IP laws may occur within the cloud itself: copyright rules may become virtualized, resulting in adjudication of disputes within the cloud environment.

Podcast of Intellectual Property Issues in the Cloud panel
Accompanying slides:
• Pam Samuelson, BCLT & Berkeley Law - pdf
• Jule Sigall, Microsoft - pdf
• Lee Van Pelt, Van Pelt, Yi & James LLP - pdf


Conference summary provided by Jonas Anderson, Microsoft Research Fellow, Berkeley Center for Law & Technology at Berkeley Law School.