US Judgement could stall the cloud  

New York District Court Judge, William H Pauley III, has ruled that US 4thAmendment rights do not apply to data held by 3rdparties, which means all cloud data is `fair game’

  • 10 years ago Posted in

Now here is a good example of why the law – and legal experts in particular – should not be allowed within 100 miles of anything to do with technology, at least until it has matured and is fairly stable and well understood.

A story has emerged from the USA about New York District Court Judge, William H Pauley III. On December 27th, he issued a ruling that would seem to remove the right provided in the 4thAmendment of the US Constitution to own one’s own data, if that data is then being held by a third party.

This ruling resulted from a case brought by the American Civil Liberties Union (ACLU) about the legality of the US National Security Agency’s (NSA) wholesale collection of cellphone metadata. There have been several cases brought by the ACLU about this matter, and the results could have a serious impact on how the rest of the world views US data security – and the efficacy of using US-based or owned cloud services providers.

Judge Pauley’s ruling – that the NSA actions are constitutional  - are at odds with another ruling from Washington, D.C. federal-court Judge Richard J. Leon, who ruled that even the subset of NSA surveillance involving collection of metadata on cellphone calls was likely to have violated the 4thAmendment.

So at present there is not even a clear-cut trend in legal rulings on which cloud service businesses can form a sensible opinion of how secure their data may be if held by a US company.

Judge Pauley’s ruling, of course, is by far the most worrying for any business operating in the cloud, or planning to do so. It is not over-stating the case that he could, in just one ruling, have removed the cornerstone of all cloud service provision – namely that data is held (even if temporarily) by cloud service providers.

Indeed, even businesses that believe they do not use any US-owned or based service providers, may find that their data is `held’ on a US service of some kind simply by being in transit through it. This would make a nonsense of all cloud services. Cloud storage services would, at a stroke, become fair game for any Government Agency at the very least, and probably any other business with the wit and skills to break in.

It also, as US commentators such as John Moffett have pointed out here, created a bizarre inconsistency. He asks an obvious question: `would Judge Pauley have ruled similarly about bank safety deposit box contents? Essentially you have turned your papers and possessions over to a "third party" if you store them in a bank safety deposit box’.

This legal situation still has a long way to run before it is resolved, but it is to be hoped that Judge Pauley’s ruling does not hold, or if it does its then its remit is restricted to just New York State. It will mean that global businesses operating in the cloud, even if that is only using cloud storage for back up purposes, will need to ensure that they only use service providers – including communications network service providers – that have no operations or land-fall in New York State, or any other state that adopts such a ruling.

In fact, it would be best for cloud services users to try and avoid any US-based or owned CSPs until it is resolved. That suggestion, of course, extremely easy to make. Its implications in terms of running or using cloud services are, however, of vital importance. No business wants to have its data at risk as a function of law or Government policy, and if Judge Pauley cannot see the risk his ruling has created– single-handedly bringing an multi-billion Dollar business to a grinding halt - then he maybe should be given some guidance.

And multi-billion only concerns the business use of cloud services. Role in the consumer mobile phone market and the impact could devastating, especially if no serious thought is then given to what might constitute `data’.

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.