Cloud computing’s a term you hear a great deal these days. Wikipedia defines it as follows: ‘The delivery of computing and storage capacity as a service to a community of end recipients...Cloud computing entrusts services with a user’s data, software and computation over a network. There are three types of cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)...Cloud computing relies on sharing of resources to achieve coherence and economies of scale similar to a utility (like the electricity grid) over a network (typically the Internet).’
Still lost? Well think of the most common form of cloud computing, which is where a company like Google or Amazon offers you the option of storing all your data on its resources, in other words in the ‘cloud’. The provider’s resources may consist of a number of data centres that are located in different countries. There are cost savings because you don’t need to invest in expensive hardware, you don’t need to employ people to do maintenance, and you don’t need to get updates. One of the consequences of allowing your data to be stored in the cloud is that your data may be transferred across national boundaries.
On 12 July 2012 there was a report in Business Day entitled ‘Cloud Computing Poses Legal Minefield for Consumers.’ But, although the article spoke on a number of occasions about the intellectual property law issues posed by cloud computing, it failed to identify them. The closest it came was to say that ‘consumers are still not aware that they may be infringing copyright violations.’ None the wiser, but still intrigued, I did some research and found a paper written by a US lawyer called Peter H Kang entitled ‘Intellectual Property and Legal Issues Surrounding Cloud Computing’. Kang gives a number examples of the issues he sees arising.
For starters, there’s apparently been a rush of cloud computing patent applications, in other words patent applications that seek to protect inventions that somehow involve cloud computing. An obvious consequence of this is that there will be considerable licensing activity relating to these patents. Another is that there will, almost inevitably, be a certain amount of patent litigation in relating to infringements, real or perceived. And there may well be difficulties in enforcement in cases where the infringer’s data centres are outside of the country where the patent is registered.
Kang makes the point that many of these patents will be business method patents, a highly controversial area of patent law. In the recent landmark case of Bilski v Kappos, the US Supreme Court held that business methods can be patented provided that they claim more than abstract ideas or mathematical algorithms. In the process, the court rejected the old ‘machine or transformation test’ applied by the US courts - which said that a process was only patentable if it worked with a specific machine or transformed a substance from one state to another - saying that the test was no longer appropriate in the Information Age. The court also confirmed that there are three major exceptions to patent eligibility in the USA – laws of nature, physical phenomena and abstract ideas. Cloud computing patent applications that are for business methods will, therefore, have to be drafted very carefully to avoid unduly abstract processes (in South Africa there has never been a case on business method patents, but the Patents Act does say that a scheme, rule or method for doing business ‘as such’ cannot be patented).
Kang makes the point that cloud computing providers may well need to sub-contract, with the result that data will in fact be stored by third parties. This, he says, may raise security issues. It may, he argues, also raise issues of confidentiality: someone might argue that you haven’t kept trade secrets confidential where you’ve used cloud computing and your data has been stored with someone with whom you have no privity of contract; and there may be an argument that your confidential information relating to an invention that you have applied to patent ceased to be confidential when you put it in the cloud, with the result that it effectively became part of the prior art.
Moving on to trade marks, Kang says that there are already a number of trade marks incorporating the term ‘cloud computing’ out there, which obviously means that the term can no longer be monopolised. And, on the issue of copyright, he suggests that if data relating to a single work is split up and stored in different locations in the cloud, there may be questions of whether the work is fixed in a material form ( a requirement for copyright protection), since the cloud is an undefined set of machines from which the work would need to be perceived, reproduced or otherwise communicated. And Kang points out that there may again be jurisdiction issues – for example, if the infringing work is stored on servers located abroad, can you sue for infringement in your country?
Finally Kang raises some general legal issues that may arise: will it be possible to get an order in discovery-type proceedings for the production of documents that are stored abroad; if it is accepted that the cloud is not secure, can it be argued that the attorney/client privilege has been waived in relation to documents stored there; will there be difficulties in working out which country’s data privacy law applies to data stored in the cloud?
Its fascinating stuff, but you can’t help thinking that Kang is merely scratching the surface – as cloud computing grows, so will the number of IP and other legal issues it raises.