Thursday 29 July 2010
The effect of cloud computing on our legislative and regulatory world has long been a sub-interest of sorts for me. I have long been fascinated by the ways in which a truly dynamic, multiparty compute environment will challenge laws that assume that electronic assets behave the same as their paper or celluloid brethren–static, not easily duplicated and stored on the owner’s premises. The gap between the cloud and the current state of legislation is serious. Now an increasing number of lawyers are sharing their opinions about cyber crime, privacy rights, and what the law allows and disallows in the cloud. Each and every post or article I’ve read so far has been enlightening–and not always in a good way.
For example, take CNET’s recent coverage of a panel on the effects of cloud computing on cyber crime at Symantec’s Norton Cyber Crime Day. Matthew Parrella, chief of the computer hacking and intellectual property unit at the U.S. Attorney’s Office, noted that “hacking” PCs by inserting software into the system by various means is being replaced by a new threat. From an employment law perspective, I have not seen much, if anything on the subject. For example, Connecticut’s wage and hour laws require employers to keep track of various records of the employee including hours worked, etc.
The days of tracking down software counterfeiters in other countries who are selling counterfeit CDs are numbered, as companies increasingly distribute software and store data online via hosted computing services, Matthew Parrella, an assistant US attorney based in San Jose, California, said at Symantec’s Norton Cyber Crime Day. That model of importation of software is becoming obsolete because we’re seeing on the horizon cloud computing where so many of these operations are pushed from a user’s PC or a user’s computer onto Google Docs or Salesforce.com. Looking ahead five years, “I’m thinking the attack is going to be on cloud-computing centres”, said Parrella, chief of the computer hacking and intellectual property unit at the US Attorney’s Office.
The immediate threat will be attacks to steal data from the servers they are stored on, either remotely or by an insider or someone who gains access to the datacentre. Parrella spends a lot of time prosecuting counterfeit-software cases, as well as trade-secret theft. His office also has been tracking a botnet for a long time that has grown to include 100,000 or so compromised computers. Businesses have opened on a Monday morning only to discover that so much money has been stolen since employees went home on Friday that they are no longer solvent and there is no record on their systems of the activity, Peterson said. Schroder also said he gets a fair share of cases involving phishing attempts and email extortion cases in which someone’s life is threatened if someone do not pay money to the hired killer.
