The move toward cloud computing has numerous benefits, including a place to back up your organization’s most important files and offering access to such files from any mobile device. Indeed, the growing stability and reliability of cloud-computing technologies has been one of the unsung underpinnings of the success of the iPad/tablet market, for they (thus far?) offer comparatively little storage space. Moreover, if that portable device gets lost, sat-on, or stolen, the donor list and the iTunes library are not lost with the device.
But cloud computing does carry some security risks, especially for organizations that feel compelled to rent space on third-party servers. For example, though upkeep of the network isn’t your concern in such a contract, if that third party gets subpoenaed by law enforcement for what’s on its servers, your organization’s data can be caught in the dragnet. As recent developments in the Megauploads case, getting legal and legitimate files back out of that cloud service can be tricky and time consuming.
Sites like Megauploads (and the more tame ‘iCloud’) are often called ‘cyberlockers’ because they offer storage space for files that subscribers can access and share via links to those files and temporary passwords. The legal issue with Megauploads (and many other such sites) was that customers willfully uploaded copyrighted material (especially movies and music) to share − violating copyright laws. And Megauploads was at least complicit, if not encouraging, this illicit trade. Certainly Megauploads profited from subscriptions and advertising: the CEO Kim Dotcom earned some $42 million last year.
According to the US Department of Justice, at its peak a year or so ago, Megauploads was making a gross income of some $175 million, and creating about 4% of all internet traffic. The larger problem, though, is the fact that most of that traffic was indeed legal and legitimate − something the DOJ does not deny. How to extricate all the legally posted files from the pirated ones sitting on Megauploads’s servers? The DOJ doesn’t really want to deal with that.
Instead the Electronic Frontier Foundation has stepped in to try to stop the data either from being deleted or simply being locked away in a holding pen. The EFF is working with Carpathia Hosting Incorporated to create the service Megaretrieval to offer opportunities to work through them to get to the original Megauploads servers.
How can nonprofit organizations or small businesses avoid such a tangled web? The easiest, and most expensive, solution is to develop your own cloud through a bank of servers. If authorities show up with a warrant, you can then deal with them directly. As such a private server farm is not practical for most nonprofits, Thomas Trappler (Director of Software Licensing at UCLA) encourages organizations to read the fine print of their contracts. Find out the history of the service you are hiring to see if it has a checkered past. Also see how (or if ) the cloud service tries to partition the materials of its many clients.
The service provider certainly should provide you with information about how it would deal with legal concerns and how it will work with you if any subpoenas or court-ordered injunctions were sent to its offices. “To reduce the risks that come with this decreased control [of hiring a third-party service], it’s important to determine in advance what your cloud provider’s standard policies are regarding such legal requests. If the cloud provider does have such a policy in place, and it aligns with your needs, then negotiate to have that policy codified in the contract.”
The admixture of files on a data farm complicates ownership rights and legal claims to be sure. Even with the Megauploads case, though, remember that the huge preponderance of cloud computing is legal and legitimate. It offers many advantages, even though you want to be sure to have done your research to keep your organization’s files secure and accessible.