Copyright versus the cloud

What will replace the personal computer in the post-PC era? According to Gartner, it will not be the smartphone, or the tablet, or any device in particular. Instead, the analyst company predicts, the PC will be replaced by the ‘personal cloud’ as the centrepiece of our digital lives, as soon as 2014.

“No one device will be the primary hub,” Gartner research vice president Steve Kleynhans said recently. “Rather, the personal cloud will take on that role.”

Gartner defines ‘personal cloud’ as cloud-based services that allow users to store, synchronise, stream and share content, using multiple connected devices such as smartphones, media tablets, televisions and PCs, over the Internet. Examples include Netflix, Google Apps, Amazon Music, Microsoft SkyDrive and Apple’s iCloud.

Speaking at a recent conference in Singapore, Kleynhans’s colleague Andrew Johnson explained that online backup and synchronisation services have been available for some time, but personal cloud services are defined by cross-platform access.

See also: How to secure an employee’s personal cloud in the workplace

“What distinguishes the personal cloud from what came before is its ability to store, synchronise, stream and share as needed, allowing consumers greater flexibility in choosing devices and platforms,” he said. Johnson predicted that, by the end of 2013, ‘personal cloud’ services will be integrated into 90% of all new consumer devices.

This trend is guaranteed to impact businesses. Just as employees are accessing work documents from their personal mobile devices today, in future those documents will inevitably work their way onto personal clouds.

A number of suppliers now offer what could be described as the business equivalent of a personal cloud, such as Box.net and SkyDox. Others are working to make consumer cloud hosting services more suitable for business use, such as AppSense, which recently launched a free encryption tool for use with Dropbox.

Many complex and powerful technologies are now available in the cloud, from Amazon’s new workflow automation tool to StormMQ’s message-queuing service. However, it could be that the most useful and disruptive cloud technology of the coming years is simply file sharing.

But this technology is also in danger of becoming collateral damage in one of the most far-reaching corporate lobbying campaigns of recent times.

SOPA & PIPA

Late last year, two pieces of legislation were introduced in the US that were aimed at combating online piracy. The Stop Online Piracy Act (known as SOPA) and Protect Intellectual Property Act (PIPA) soon attracted the attention of digital rights campaigners who argued that they overstepped the mark.

As well as proposing harsher penalties on frequent illegal downloaders, both bills attempted to increase the liability of intermediaries such as Internet service providers, hosting providers, search engines and payment processors, whose services may be used in the course of online piracy.

SOPA, for example, proposed that these service providers could be ordered to block any foreign (i.e. outside the US) website found to be “committing or facilitating” intellectual property infringement. There was no precise definition of what ‘facilitating’ means, so it left open the possibility that a cloud storage service could be cut off simply because a user uploaded material that infringed copyright.

By all accounts, SOPA and PIPA were the result of heavy lobbying on the part of groups representing the entertainment industries, which stand to lose the most from piracy. These groups are reportedly frustrated by the existing US law governing intellectual property online – the Digital Millennium Copyright Act – which exempts intermediaries from direct liability.

But while the entertainment industry has a justifiable complaint against online piracy, SOPA and PIPA were panned as excessive.

“If your brother had taken a photograph and you put it up online, but he then asked you to take it down, under SOPA and PIPA an ISP would have to be proactive [in taking it down] otherwise they would be exposed to liability,” explains Conor Ward, a partner at law firm Hogan Lovells and chair of the Cloud Industry Legal Forum.

The bills were both scrapped following protests that included a blackout by online encyclopedia Wikipedia. But they revealed the extent to which the entertainment industry could influence US lawmakers to place greater liability on Internet intermediaries.

European picture

In Europe, the EU E-Commerce Directive asserts that ‘information society service providers’, such as ISPs or cloud providers, have limited liability for what their customers do.

This has been upheld in recent judgments in the European Court of Justice. For example, in a case between Belgian royalties collection agency SABAM and an ISP called Scarlet, the ECJ ruled that ISPs cannot be obliged to install equipment that detects and blocks pirated material.

As in the US, if a rights holder informs an ISP that they are hosting copyrighted material, can point to where it is being stored and has a court order to back it up, the ISP is obliged to take it down, and mostly they are happy to cooperate.

However, the Anti-Counterfeiting Trade Agreement (ACTA), a proposed treaty to harmonise piracy laws around the world, could increase the liability of intermediaries to block or take down infringing material, although as the agreement covers all kinds of counterfeit goods the language is not specific to the Internet.

For example, Article 8 asserts that “Each [country] shall provide that…its judicial authorities have the authority to issue an order against a party to desist from an infringement [or] to a third party over whom the relevant judicial authority exercises jurisdiction to prevent goods…entering into the channels of commerce.”

The Council of the European Union had endorsed ACTA back in 2008. However, the treaty has now been referred to the ECJ following vocal public opposition.

In the UK, meanwhile, a significant recent case concerned giant telco BT. In October last year, the High Court ordered the company to block its customers from accessing a site called Newzbin2.

“Users and operators of Newzbin 2 infringe copyright on a large scale, and in particular infringe the copyrights of the studios in large numbers of their films and television programmes,” said Mr Justice Arnold in his ruling. He ordered BT to block the site using an application called Cleanfeed, normally used to block child pornography.

According to Peter Bradwell, a campaigner for UK digital freedoms charity the Open Rights Group, trade bodies representing the entertainment industry have been holding regular meetings with the Department for Culture, Media and Sport and Internet intermediaries to discuss possible voluntary anti-piracy measures.

“DCMS has been hosting roundtables every couple of months with trade bodies and a set of intermediaries: that might be ISPs in one meeting, or search engines in another,” he claims. “The problem we see with that kind of relationship is who is going to speak about the rights of users and consumers? Who is there to ensure that proposals will be proportionate, and that there will be regard for due process?”

Meanwhile, US supporters of SOPA and PIPA have said that the scrapping of the bills was merely a setback. Republican representative and SOPA author Lamar Smith said the House Judiciary Committee “remains committed to finding a solution to the problem of online piracy that protects American intellectual property and innovation”.

It seems, then, that the entertainment lobby will continue to push for more legal liability for Internet intermediaries. And if employees are using cloud-based file storage sites for work documents, the possibility of those sites being blocked or taken down for reasons of copyright becomes a concern for CIOs.

Blocking the cloud?

The possibility that anti-piracy measures might impact cloud storage providers came into relief in January 2012, when the US Department of Justice shut down an online file-hosting service called Megaupload.

According to the indictment of the site’s founder, Kim Dotcom, and his colleagues, however, Megaupload was no ordinary file-hosting service. They were, it alleges, “engaged in criminal copyright infringement and money laundering on a massive scale with estimated harm to copyright holders well in excess of $500 million and reported income in excess of $175 million”.

The intent of a file-hosting service will affect how law enforcement authorities will handle copyright infringement. If the main purpose of the site appears to be supporting piracy to drive ad revenues, they are much more likely to intervene than if piracy is an accidental by-product of the service.

If employees are going to use cloud file-sharing services to move documents between devices, their employer would do well to advise against using explicitly infringing sites. It might also be a reason to provide an internal alternative, or to appoint an approved external cloud file-sharing service, lest employees select their own and choose unwisely.

However, as W Kuan Hon, a solicitor and consultant to the Cloud Computing Legal Research Project at Queen Mary, University of London, points out, the case of Megaupload shows that cloud storage providers – and by extension their customers – are not just exposed to the law, but to the way in which it is enforced.

When Megaupload was shut down, all the files that had been hosted on it were taken offline. A number of Internet users have claimed that they had been using the site for legitimate purposes, including work, and that their files are now unavailable (Kim Dotcom even claimed that US officials from the Department of Justice and the Senate had used the site to store files).

“This is an issue not so much about the legislation as the indiscriminate manner in which it might be enforced,” says Hon. She points to previous examples in which indiscriminate law enforcement might have affected cloud users. In 2004, for example, hosting provider Rackspace was ordered to hand over log files relating to a customer called Indymedia. It could not find the log files in question, so shut down the customer’s entire account in order to give the FBI a copy.

“That affected other clients because they didn’t have time to pinpoint exactly which server was concerned,” says Hon.

Takedown notices on cloud providers might therefore expose their other customers to undue risk, she says. “There’s an aggregation risk with shared infrastructure.”

Investment effects

Placing greater legal liability for piracy on Internet intermediaries may well have some impact on cloud computing users and customers, but the effect on the industry is arguably already being felt.

The Internet industry, and by extension public cloud computing, have been built on the assumption of limited liability. It is not clear exactly what would happen should the situation change – it could be that it leads to different kinds of Internet technology – but the current uncertainty is likely to stifle investment.

A recent study by Josh Lerner, a professor at Harvard Business School, analysed the impact on cloud investment of a lawsuit between the TV station Cartoon Network and cable TV operator Cablevision.

The dispute concerned a service that Cablevision was developing that would allow customers to record TV programmes on remote servers hosted in its own data centre. In 2007, Cartoon Network argued that if a customer used the service to record one of its programmes, Cablevision would be infringing on its copyright – and a District Court judge agreed.

However, that ruling was overturned on appeal, a decision that was welcomed by cloud providers. “If the court had found Cablevision guilty of direct infringement, [cloud providers] storing consumers’ legally acquired entertainment media in the Internet cloud could have faced the same claims,” said attorney James Burger at the time.

Professor Lerner’s study found that venture capital investment in cloud computing shot up after the original ruling was overturned, presumably because VCs saw that it was a legally viable model. The inverse of that finding would be that increased liability for cloud providers would dissuade investment.

According to Simon Wardley, a researcher at CSC’s Leading Edge Forum, the chilling effect of a tightening piracy regime on cloud and Internet investment is not just an issue for companies today: “Future industries will use the Internet and cloud computing as components, like today’s industries use electricity. So when investment capital goes off looking for somewhere safer to operate, it doesn’t just affect the Internet and cloud but also all the future industries that aren’t here to represent themselves.”

In that light, risking the cloud and Internet industries, by placing undue liability in their hands, in order to protect music and DVD sales seems shortsighted. Or, as technology publisher Tim O’Reilly put it at the South By Southwest conference in March 2012: “Policymakers need to focus on protecting the future from the past, instead of protecting the past from the future.”

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics

Public Cloud