Cloud Computing is a new paradigm in the evolution of Information Technology, as its one of the biggest revolution in the field of information technology to have taken place in the recent times2. The underlying notion of cloud computing was in existence way back in the 60’s wherein computing was done by large mainframe computers wherein a single machine served many users, however, it was in 2000 when after the dot com bubble Amazon played a key role in the development of Cloud Computing by modernizing the existing data centers and increasing its usage capacity. Then lately the idea was seen in the IBM Smart Cloud framework to support Smarter Planet in 2011 wherein cloud computing is a one of the underlying concepts. Therefore, cloud computing with the advancement of technology has become more profound and gained depth.
Cloud Computing is a computing service which involves a galaxy of computers and other gadgets which stores, forwards, processes and transmits the data into a computer and which may further be processed in another and retained in another system by sharing resources such as software storage services in a cloud that maybe connected through internet despite being separated by vast geographical distance. It is similar to LAN (Local Area Network wherein a computer network interconnects computers in a limited area) but has a wide coverage which enables users to access systems using a web browser irrespective of their physical location.
ADVANTAGES AND DISADVANTAGES
One of the major advantages of cloud computing is that it can be customized according to one’s necessity and so any back-up information can be arranged easily as most cloud service providers use open sourced API software that is interoperable and where portability is not an issue. This method is highly cost effective as it reduces the budget which is usually spent on security and infrastructure, thereby, facilitating any complex transaction in a cost effective manner. Even though cloud computing is a very effective and technologically advanced mode there are certain risks and disadvantages attached to it. Due to the presence of huge computing resources and humongous amount of data which is being shared has made cloud environment a lucrative target for hacker. It has major security issues involved as the data or information is usually saved on the internet which may attract unwanted misuse of the information which is saved3.
Furthermore, the cloud computing environment has raised various privacy concerns as well because consumers believe that they have lost control on the data which they have stored in the cloud4. The major privacy issues in cloud computing are:
In the current cloud services usually the data is exposed on a machine which is owned and operated by an organization which is different from the data owner himself in an unencrypted form which raises the chances of such private data being misused5. Thus, establishing the lack of user control in cloud computing which leads to the unauthorized use of the information saved. Therefore, there is a need for strong regulatory regime to combat these privacy issues.
CURRENT STATUS IN INDIA
In India as there is no separate legislation which exclusively deals with cloud computing or the legal issues attached to it, which establishes the lack of a strong regulatory regime in India with respect to cloud computing6. And moreover, the global and distributed nature of the cloud computing environment has made it more complex and difficult to ensure that all laws and regulations are applicable to a given case and complied with7. Therefore, it can be seen that laws relating to cloud computing is very limited in its applicability due to its very nature of the environment. However, inferences can be made from the existing legislations and be applied to the given circumstances.
PROVISIONS UNDER INFORMATION TECHNOLOGY ACT, 2000
In India it is the Information Technology Act, 2000 which remotely deals with the issue of privacy in cloud computing. Section 72 of the Information Technology Act, 2000 lays down the penalty for breach of confidentiality and privacy. This section is one of the few provisions which are applicable in mitigating the breach of privacy with an imprisonment up to 2 years and fine up to Rupees 1 lakh. This provision safeguards the privacy interests which if breached is awarded with punitive damage thereby, is a deterrent in nature. Apart from Section 72 we have Section 80 of the IT Act, 2000 which deals with the search and seizure of computer data on connected systems if there is reasonable justification to do so. Recently, the concept of due diligence requirements has been prescribed by the Information Technology (Intermediaries Guidelines) Rules 2011. The cyber law due diligence requirements are for all the companies and intermediaries wherein they have an obligation to ensure that privacy is maintained and respected in the cloud. There should be proper measures taken by the intermediaries to maintain and safeguard all that is stored in the cloud from unauthorized access to such information. In particular they need to put more emphasis on the cloud services which deals with monetary transactions. And if the cloud service providers fail to provide or observe due diligence then they will be vulnerable to legal actions.
RIGHT TO INFORMATION VERSUS RIGHT TO PRIVACY
Another major issue with respect to privacy in general is the authority of the government to intercept and monitor any person and his whereabouts, which is contrary to the right mentioned under Article 21 of the constitution. Similarly, under section 69 of the Information Technology Act, 2000, the Government has the authority to monitor as well as decrypt any information shared through a computer resource in the cloud. Therefore, the government may tend to infringe upon the right to privacy as specified under Article 21. However, in order to alleviate the possible effects on fundamental rights additional safeguards and conditions have to be followed in order to safeguard the privacy interests. In this respect the Court in Secretary General, Supreme Court vs. Subhash Chandra Agarwal8 noted that as regards to right to information vis-à-vis right to protect privacy, fine balancing requirements are required between the government entities and individuals. Thus, in my opinion there is a need for careful consideration of issues of privacy, data chain authentication and security procedures needs to be looked into and modified in accordance with the changes required as per the specific circumstance.
It can be seen that the laws regarding cloud computing and privacy issues attached to it are still evolving as there has not been much exposure to these situations in India as compared to other developed nations. Many countries have managed to ensure that the data in the cloud is protected by implementing certain geographical restrictions which disallows cross border data interchange9. This has helped in putting a check on the data which is being saved in the cloud from unwarranted access and usage. Thus, in light of the existing regulations around the world to protect privacy it is seen that there is serious lack of regulation and the government herein is ought to take steps in future to mitigate such threats. Therefore, in India a separate cloud computing law is needed to govern the cyberspace and bring in homogeneity in its administration.