Those are two extremely serious questions that everyone who is storing data in the cloud should start asking.
What would happen to your business or ministry or hobby if the feds seized the server of your cloud provider and you had to fight in court to get your data back?
How would you cope with this situation:
Megaupload is a cloud provider who stands accused of essentially being a storehouse of pirated videos. Their servers were seized by the federal government. That means the data of every user was also seized.
The way things are shaping up, if you want to get any of your data back you are going to make a few trips into federal court to request it. You’ll only get it back after the feds review all the content to make sure it isn’t illegal.
That is exactly the place that one particular user finds himself. He claims that his files stored on Megaupload are high school athletic videos created by him, not copies of movies belonging to the studios. He is heading to federal court to see if some methodology can be negotiated where he gets his data back. Looks like any plan he is able to develop would require review of all his files first.
If your cloud provider gets tangled up with the government for whatever reason, would you have a problem if you could not access any of your data for a few months while ownership and access was sorted out?
More background
I saw this issue when John Bredehoft pointed it out in his post Questions on data ownership – just what the cloud providers need.
The Electronic Frontier Foundation is taking the lead on this. They point out the unsettling position taken by the government:
The government maintains that {the individual involved} lost his property rights in his data by storing it on a cloud computing service. Specifically, the government argues that both the contract between Megaupload and {the individual} (a standard cloud computing contract) and the contract between Megaupload and the server host, Carpathia (also a standard agreement), “likely limit any property interest he may have” in his data.
That position, if it stands, means you don’t even own your data that is stored in the cloud. If you are able to get it back, doing so well require working through a court procedure that is not yet defined.
Wired magazine has another article on the issue Megaupload Case Has Far-Reaching Implications for Cloud-Data Ownership Rights.
Good background and explanation of the implications there. Key paragraph:
And even if a system is put in place for users to get back their files, it’s likely the data would first need to be reviewed by the government or a third party to determine if any of the data infringed copyrights, says EFF attorney Julie Samuels, because the government would oppose returning such data to account holders.
That paragraph concludes with an understatement:
But this raises serious issues about property rights and privacy at a time when more and more people are using the cloud.
Um, yeah. I’d say it’s fairly serious if there’s a possibility you don’t really own your data and you might have to go through a long process to get the data back if your provider gets in trouble.
On a more practical level, what if your provider goes out of business?
How would you get back data if you don’t own it?
Just to make the CPAs in the audience more nervous, let me construct a scenario. Consider that companies in bankruptcy have their assets liquidated. Let’s say a few petabytes of data are amongst their remaining assets. Said asset could be auctioned off to generate some money for the vendors. Your tax files could legally become someone else’s property. They can do with that property what they wish.
Maybe I just don’t understand. Maybe there are issues involved that Wired and EFF don’t understand. Still, it looks like a few more questions need to be asked about cloud storage.
Perhaps the issue is overstated.
Regardless, it sure seems to me that at an absolute minimum you should have a backup of your data that is stored in the cloud. Survival of your business or ministry hangs on ready access to your data.