Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Cloudy legal issues ...

53 views
Skip to first unread message
Message has been deleted
Message has been deleted

Mark Goodge

unread,
Apr 11, 2013, 10:00:02 AM4/11/13
to
On Thu, 11 Apr 2013 13:30:01 +0100, Jethro_uk put finger to keyboard and
typed:

>Hypothetically ...
>
>A company starts to offer a service on the web for file storage, and
>possibly a cloud based service of some description. It's free to
>register, and their T&Cs are quite anodyne with no mention of payment, or
>fees.
>
>The site runs along quite happily for a while, and builds a non-trivial
>userbase, some of whom (their mistake, I admit) find themselves relying
>on it. For example they have uploaded all their photos to it, and deleted
>the originals.
>
>Then, one day, the site emails all it's registered users, and announces
>that from a certain date, it will cost £x/year to continue to use the
>site, payable in advance. Any data held in unupgraded accounts will be
>deleted after that date.
>
>1) Would the users have any comeback in law ? OFT ?

I very much doubt it.

>2) Would the physical siting of the servers (UK, EU, US ?) have any
>bearing on any legal position.

Almost certainly not.

>3) If a person did lose valuable data through this event, would they have
>any recourse in law ?

There might possibly be a valid claim if they were prevented from accessing
their data while the site was still free, so that they had no opportunity
to copy it back to their local storage. Even that is likely to be a long
shot, though, I would have thought.

>Personally, I would have **** all sympathy with anyone stupid enough to
>rely on a cloudy provider as their *sole* provider. But if history has
>taught us anything, it's that there is never any shortage of idiots.

I have precisely that amount of sympathy with anyone who even has the
concept of a "sole" provider, even if it's one they're paying for. The
howls of pain when, for example, Fotopic went bust and Megaupload was shut
down and some customers lost the only copies of their data is merely more
proof of how foolish people can be.

>This question was prompted by a water-cooler discussion with some
>Facebook fanbois, who tried to tell me that "Facebook couldn't do that",
>and didn't like my assertion that (a) Yes they can, and (b) I suspect it
>could happen one day.

They certainly can. I suspect they won't, at least not as long as their
current business model is working. And by the time it stops working, all
the fanbois will have moved on to the next big thing anyway.

Mark
--
Please take a short survey on salary perceptions: http://meyu.eu/am
My blog: http://mark.goodge.co.uk

David McNeish

unread,
Apr 11, 2013, 2:00:04 PM4/11/13
to
On Apr 11, 1:30 pm, Jethro_uk <jethro...@hotmailbin.com> wrote:
> Hypothetically ...
>
> A company starts to offer a service on the web for file storage, and
> possibly a cloud based service of some description. It's free to
> register, and their T&Cs are quite anodyne with no mention of payment, or
> fees.
>
> The site runs along quite happily for a while, and builds a non-trivial
> userbase, some of whom (their mistake, I admit) find themselves relying
> on it. For example they have uploaded all their photos to it, and deleted
> the originals.
>
> Then, one day, the site emails all it's registered users, and announces
> that from a certain date, it will cost £x/year to continue to use the
> site, payable in advance. Any data held in unupgraded accounts will be
> deleted after that date.
>
> 1) Would the users have any comeback in law ? OFT ?
> 2) Would the physical siting of the servers (UK, EU, US ?) have any
> bearing on any legal position.
> 3) If a person did lose valuable data through this event, would they have
> any recourse in law ?

You may wish to (hypothetically) add that the site was originally
operated by company A, which went into liquidation, and company B
bought the assets (i.e. the data) and are now offering the different
type of service. At best I suspect the users may have a claim for
breach of contract by company A (if there was any contract).

Neil Williams

unread,
Apr 11, 2013, 1:50:01 PM4/11/13
to
Jethro_uk <jeth...@hotmailbin.com> wrote:

> Personally, I would have **** all sympathy with anyone stupid enough to
> rely on a cloudy provider as their *sole* provider. But if history has
> taught us anything, it's that there is never any shortage of idiots.

If you have important data, always back it up. Though in my case for
things like photos I can see me going the way of the cloud being primary
storage, and me having a local physical backup, rather than the other way
round as it is at present.

> This question was prompted by a water-cooler discussion with some
> Facebook fanbois, who tried to tell me that "Facebook couldn't do that",
> and didn't like my assertion that (a) Yes they can, and (b) I suspect it
> could happen one day.

I suspect it won't unless something significant happens with their
advertising revenue. However, they can (and do) offer added premium
services from time to time, e.g. promoted posts.

Neil
--
Neil Williams in Milton Keynes, UK. Put first name before the at to reply.

steve robinson

unread,
Apr 11, 2013, 3:20:02 PM4/11/13
to
Company b only own the assets they do not own the data

David McNeish

unread,
Apr 11, 2013, 5:15:09 PM4/11/13
to
On Apr 11, 8:20 pm, "steve robinson" <st...@colevalleyinteriors.co.uk>
wrote:
> David McNeish wrote:

> > You may wish to (hypothetically) add that the site was originally
> > operated by company A, which went into liquidation, and company B
> > bought the assets (i.e. the data) and are now offering the different
> > type of service. At best I suspect the users may have a claim for
> > breach of contract by company A (if there was any contract).
>
> Company b only own the assets they do not own the data

The assets include a copy of the data and whatever rights company A
had to use that data, surely? They don't, of course, own the copyright.

steve robinson

unread,
Apr 11, 2013, 6:20:09 PM4/11/13
to
They may have a right to use the data if its within the contract,
however they will not own the data. Cloud storage is a virtual lockup
that you rent, instead of storing physical items you store 1's and 0's

Chris R

unread,
Apr 11, 2013, 6:55:01 PM4/11/13
to

>
>
> "steve robinson" wrote in message
> news:xn0igpgs...@reader80.eternal-september.org...
These analogies are not usually useful when considering legal questions.
Data is not a form of property and cannot be owned or transferred. It can
only be disclosed, copied, processed or deleted. What can or cannot be done
with it is defined by contract (and certain specific legal rules such as
data protection and intellectual property) and not by property law.
--
Chris R

========legalstuff========
I post to be helpful but not claiming any expertise nor intending
anyone to rely on what I say. Nothing I post here will create a
professional relationship or duty of care. I do not provide legal
services to the public. My posts here refer only to English law except
where specified and are subject to the terms (including limitations of
liability) at http://www.clarityincorporatelaw.co.uk/legalstuff.html
======end legalstuff======


steve robinson

unread,
Apr 12, 2013, 4:05:09 AM4/12/13
to
I disagree Chris, i think my analogy is spot on

1) I stated they wont own the data(under UK law) which is correct, no
one owns data in the physical sense its not something you can pick up
although as a product you can create it
2)What is cloud storage? the clue is in the name, a storage facility
you deposit your documentation, files, photographs etc either optically
or electronically.

Cloud storage is a reasonably new phenonemon domestically, i cant find
any case law in the UK that clearly defines how such infomation should
be dealt with in such situations. This will in the future pose problems
both from a juristiction POV and commercial POV.

As we move to the cloud something many of the larger IT and software
companies are pushing for, the issue of 'ownership' of data will need
to be resolved as will the right to retrieve it and thier right to
delete it.











Roland Perry

unread,
Apr 12, 2013, 4:10:02 AM4/12/13
to
In message
<148693955387394674.215032we...@news.individual.
net>, at 18:50:01 on Thu, 11 Apr 2013, Neil Williams
<wensl...@pacersplace.org.uk> remarked:
>> This question was prompted by a water-cooler discussion with some
>> Facebook fanbois, who tried to tell me that "Facebook couldn't do that",
>> and didn't like my assertion that (a) Yes they can, and (b) I suspect it
>> could happen one day.
>
>I suspect it won't unless something significant happens with their
>advertising revenue. However, they can (and do) offer added premium
>services from time to time, e.g. promoted posts.

If you are talking about the isolated issue of Facebook starting to
charge for access to an individual's own data (eg photos and movies you
have uploaded) then that does seem a fairly distant prospect at the
moment.

But they have made significant and repeated changes[1] to their T&C, and
product offering, in order to be able to make more use of your data to
attract their audience, and with advertising revenue an issue from their
fastest growing platform (mobile) it's only a matter of time before
various forms of charging do get introduced. In particular, I'd predict
"Fan" pages to be repositioned as (paid-for) advertising, sooner rather
than later.

[1] Not all of which add features. Withdrawing the ability to opt out of
Public Search would be an example of "fewer features" causing a change.
--
Roland Perry

Roland Perry

unread,
Apr 12, 2013, 4:20:11 AM4/12/13
to
In message
<804d26ee-d822-48a3...@j14g2000vbk.googlegroups.com>, at
19:00:04 on Thu, 11 Apr 2013, David McNeish <davi...@gmail.com>
remarked:
>You may wish to (hypothetically) add that the site was originally
>operated by company A, which went into liquidation, and company B
>bought the assets (i.e. the data) and are now offering the different
>type of service. At best I suspect the users may have a claim for
>breach of contract by company A (if there was any contract).

Claims against liquidated companies are not a particularly effective way
to obtain compensation.
--
Roland Perry

Roland Perry

unread,
Apr 12, 2013, 4:30:03 AM4/12/13
to
In message <xn0igq91...@reader80.eternal-september.org>, at
09:05:09 on Fri, 12 Apr 2013, steve robinson
<st...@colevalleyinteriors.co.uk> remarked:
>As we move to the cloud something many of the larger IT and software
>companies are pushing for, the issue of 'ownership' of data will need
>to be resolved as will the right to retrieve it and thier right to
>delete it.

The authorities have been grappling with the Data Protection issues
surrounding cloud-based systems, and not entirely for the benefit of the
data subjects; companies and public authorities need clarity on their
responsibilities under DP law when buying cloud-based products.

Any discussion of "ownership" of the data is an entirely different
matter, and something that is dealt with entirely by contract; with a
side order of "copyright" law when it comes to providers of [mainly
free] public services making use of 'your' data.
--
Roland Perry

steve robinson

unread,
Apr 12, 2013, 5:45:02 AM4/12/13
to
Roland Perry wrote:

> In message <xn0igq91...@reader80.eternal-september.org>, at
> 09:05:09 on Fri, 12 Apr 2013, steve robinson
> <st...@colevalleyinteriors.co.uk> remarked:
> > As we move to the cloud something many of the larger IT and software
> > companies are pushing for, the issue of 'ownership' of data will
> > need to be resolved as will the right to retrieve it and thier
> > right to delete it.
>
> The authorities have been grappling with the Data Protection issues
> surrounding cloud-based systems, and not entirely for the benefit of
> the data subjects; companies and public authorities need clarity on
> their responsibilities under DP law when buying cloud-based products.

I would go further, its something we all need to look into.
>
> Any discussion of "ownership" of the data is an entirely different
> matter, and something that is dealt with entirely by contract; with a
> side order of "copyright" law when it comes to providers of [mainly
> free] public services making use of 'your' data.

The ops senerio was from my understanding a paid service, not something
along the lines of the free offerings from the likes of virginmedia, BT
Iomega etc.

The average punter in the street wouldnt realise they dont own the
data stored on other peoples servers and could possibly lose access to
it in the ops senerio.

Shows the gulf between the law and new technology is still as wide as
ever.




Roland Perry

unread,
Apr 12, 2013, 6:15:02 AM4/12/13
to
In message <xn0igqbj...@reader80.eternal-september.org>, at
10:45:02 on Fri, 12 Apr 2013, steve robinson
<st...@colevalleyinteriors.co.uk> remarked:
>> > As we move to the cloud something many of the larger IT and software
>> > companies are pushing for, the issue of 'ownership' of data will
>> > need to be resolved as will the right to retrieve it and thier
>> > right to delete it.
>>
>> The authorities have been grappling with the Data Protection issues
>> surrounding cloud-based systems, and not entirely for the benefit of
>> the data subjects; companies and public authorities need clarity on
>> their responsibilities under DP law when buying cloud-based products.
>
>I would go further, its something we all need to look into.

It's been an active topic at International and Intergovernmental
meetings since at least 2010, although I see little domestic debate
about the issues. So if you want to look into it at the level where it
will help at all, you'd need to take yourself off to some meetings in
Paris, Geneva etc.

>> Any discussion of "ownership" of the data is an entirely different
>> matter, and something that is dealt with entirely by contract; with a
>> side order of "copyright" law when it comes to providers of [mainly
>> free] public services making use of 'your' data.
>
>The ops senerio was from my understanding a paid service, not something
>along the lines of the free offerings from the likes of virginmedia, BT
>Iomega etc.

Whether you pay for it or not doesn't affect the issue, unless you claim
that not paying means you don't have a contract - and with no contract
there's nothing to enforce on the supplier.

>The average punter in the street wouldnt realise they dont own the
>data stored on other peoples servers

Depends what you mean by "own". In the copyright sense, and allowing the
service provider to republish and sell, there has been quite a bit of
publicity about the pitfalls.

>and could possibly lose access to it in the ops senerio.

That's a "Quality of Service" issue, and most unlikely you'll get any
concrete guarantees from anyone.

>Shows the gulf between the law and new technology is still as wide as
>ever.

It's widening all the time.
--
Roland Perry

steve robinson

unread,
Apr 12, 2013, 6:40:09 AM4/12/13
to
Roland Perry wrote:

> In message <xn0igqbj...@reader80.eternal-september.org>, at
> 10:45:02 on Fri, 12 Apr 2013, steve robinson
> <st...@colevalleyinteriors.co.uk> remarked: >>> As we move to the
> cloud something many of the larger IT and software >>> companies are
> pushing for, the issue of 'ownership' of data will >>> need to be
> resolved as will the right to retrieve it and thier >>> right to
> delete it.
> > >
> > > The authorities have been grappling with the Data Protection
> > > issues surrounding cloud-based systems, and not entirely for the
> > > benefit of the data subjects; companies and public authorities
> > > need clarity on their responsibilities under DP law when buying
> > > cloud-based products.
> >
> > I would go further, its something we all need to look into.
>
> It's been an active topic at International and Intergovernmental
> meetings since at least 2010, although I see little domestic debate
> about the issues. So if you want to look into it at the level where
> it will help at all, you'd need to take yourself off to some meetings
> in Paris, Geneva etc.

Agreed
>
> > > Any discussion of "ownership" of the data is an entirely different
> > > matter, and something that is dealt with entirely by contract;
> > > with a side order of "copyright" law when it comes to providers
> > > of [mainly free] public services making use of 'your' data.
> >
> > The ops senerio was from my understanding a paid service, not
> > something along the lines of the free offerings from the likes of
> > virginmedia, BT Iomega etc.
>
> Whether you pay for it or not doesn't affect the issue, unless you
> claim that not paying means you don't have a contract - and with no
> contract there's nothing to enforce on the supplier.

Its one possible view, it depends how the supply is made stand alone
service , add on freebie from your isp provider

>
> > The average punter in the street wouldnt realise they dont own the
> > data stored on other peoples servers
>
> Depends what you mean by "own". In the copyright sense, and allowing
> the service provider to republish and sell, there has been quite a
> bit of publicity about the pitfalls.
>
'own' in the way the average man in the street would percieve it,
'its my data i created it it belongs to me ' which is somewhat
different to the legal definitions

RJH

unread,
Apr 12, 2013, 3:40:02 AM4/12/13
to
Quite. We looked at using Prezi at work, but their 'hold' on our data
was too onerous:

"With respect to Public User Content, you hereby do and shall grant to
Prezi (and its successors, assigns, and third party service providers) a
worldwide, non-exclusive, perpetual, irrevocable, royalty-free, fully
paid, sublicensable, and transferable license to use, reproduce, modify,
create derivative works from, distribute, publicly display, publicly
perform, and otherwise exploit the content on and in connection with the
manufacture, sale, promotion, marketing and distribution of products
sold on, or in association with, the Service, or for purposes of
providing you with the Service and promoting the same, in any medium and
by any means currently existing or yet to be devised."

http://prezi.com/terms-of-use/#toc4.3

Rob

Scion

unread,
Apr 12, 2013, 7:05:09 AM4/12/13
to
Jethro_uk put finger to keyboard:

> Hypothetically ...
>
> A company starts to offer a service on the web for file storage, and
> possibly a cloud based service of some description. It's free to
> register, and their T&Cs are quite anodyne with no mention of payment,
> or fees.
>
> The site runs along quite happily for a while, and builds a non-trivial
> userbase, some of whom (their mistake, I admit) find themselves relying
> on it. For example they have uploaded all their photos to it, and
> deleted the originals.
>
> Then, one day, the site emails all it's registered users, and announces
> that from a certain date, it will cost £x/year to continue to use the
> site, payable in advance. Any data held in unupgraded accounts will be
> deleted after that date.
>
> 1) Would the users have any comeback in law ? OFT ?
> 2) Would the physical siting of the servers (UK, EU, US ?) have any
> bearing on any legal position.
> 3) If a person did lose valuable data through this event, would they
> have any recourse in law ?
>
> Personally, I would have **** all sympathy with anyone stupid enough to
> rely on a cloudy provider as their *sole* provider. But if history has
> taught us anything, it's that there is never any shortage of idiots.
>
> This question was prompted by a water-cooler discussion with some
> Facebook fanbois, who tried to tell me that "Facebook couldn't do that",
> and didn't like my assertion that (a) Yes they can, and (b) I suspect it
> could happen one day.

Not quite the same, but a computer service company recently went bust.
Companies that were paying them for data storage services were not given
the opportunity to recover their data. One day they had access, the next
day they did not.

The administrators then sent demands for additional payments, totalling
nearly £1m, (small firms reputedly asked for £5k each, large firms asked
for very much more) to allow access for a one-week period.

See http://tinyurl.com/d3mv2x8 or http://preview.tinyurl.com/d3mv2x8

So, cloud services can and do suddenly stop working, with potentially
nasty consequences.

steve robinson

unread,
Apr 12, 2013, 7:25:09 AM4/12/13
to
The hold on your data is not always an issue depending what yuor
actually keeping stored its the issue of access to the infomation ,
retreival and your option to completly remove it

Roland Perry

unread,
Apr 12, 2013, 7:40:02 AM4/12/13
to
In message <xn0igqd4...@reader80.eternal-september.org>, at
11:40:09 on Fri, 12 Apr 2013, steve robinson
<st...@colevalleyinteriors.co.uk> remarked:
>> > The average punter in the street wouldnt realise they dont own the
>> > data stored on other peoples servers
>>
>> Depends what you mean by "own". In the copyright sense, and allowing
>> the service provider to republish and sell, there has been quite a
>> bit of publicity about the pitfalls.
>>
>'own' in the way the average man in the street would percieve it,
>'its my data i created it it belongs to me ' which is somewhat
>different to the legal definitions

Yes, they understand that they should sit up and take notice when an
organisation like Instagram says:

"you agree that a business or other entity may pay us to display
your username, likeness, photos (along with any associated
metadata), and/or actions you take, in connection with paid or
sponsored content or promotions, without any compensation to
you."

But that doesn't say anything about keeping the data safe for ever,
which is a completely different aspect of the relationship with them.
--
Roland Perry

Chris R

unread,
Apr 12, 2013, 7:45:02 AM4/12/13
to

>
>
> "Roland Perry" wrote in message news:dMw+BZhL...@perry.co.uk...
It probably is time to consider making information a form of property,
though that would be a major departure from most existing legal systems. We
really need remedies "in rem", i.e. rights to the information itself
independent of who is holding it, whether we have a contract with them and
whether they are able or willing to perform the contract. If someone has my
car, I can claim it back from them even though I have no contract with them,
they got it quite lawfully and I don't know how they came to have it. But if
they have my proprietary information, I have no way of compelling them to
return or deleted unless I have a contract with them or I can prove that
they or someone else has done something wrong in acquiring it, and if they
go bust, I probably have no remedy.

Roland Perry

unread,
Apr 12, 2013, 7:55:02 AM4/12/13
to
In message <kk8phn$vrv$3...@dont-email.me>, at 12:05:09 on Fri, 12 Apr
2013, Scion <a...@nospam.invalid> remarked:
>cloud services can and do suddenly stop working, with potentially
>nasty consequences.

Welcome to the free market. There may come a point when regulators or
the industry itself would act over such things, and introduce an
ABTA/ATOL type of scheme. But the tide has been flowing in the opposite
direction for the last 20 years towards "Buyer beware" when it comes to
telecoms and associated ICT services.

I've just finished doing a tender for a 6-figure (annually) project
that's essentially providing the framework for a global teleworking
network (for a small and closed user group) and I insisted on bidding on
the basis of "no cloud services", not even cloud-comms like Skype.

That's a bit more aimed at the security/confidentially issues than the
quality and continuity of service, but all aspects play a part.

Ironically, a teleconference with the client last week almost collapsed
because they were unable to provide the promised Skype video call and we
ended up making a phone call to an old-fashioned conference-bridge.
--
Roland Perry
Message has been deleted

steve robinson

unread,
Apr 12, 2013, 8:20:02 AM4/12/13
to
Agreed , however because its thier data they believe (wrongly) they
ultimatly own it

steve robinson

unread,
Apr 12, 2013, 8:25:02 AM4/12/13
to
Agreed

Chris R

unread,
Apr 12, 2013, 8:45:02 AM4/12/13
to

>
>
> "August West" wrote in message news:87r4igr...@news2.kororaa.com...
>
>
> The entity calling itself Roland Perry wrote:
> >
> > In message <kk8phn$vrv$3...@dont-email.me>, at 12:05:09 on Fri, 12 Apr
> > 2013, Scion <a...@nospam.invalid> remarked:
> >>cloud services can and do suddenly stop working, with potentially
> >>nasty consequences.
> >
> > Welcome to the free market. There may come a point when regulators or
> > the industry itself would act over such things, and introduce an
> > ABTA/ATOL type of scheme. But the tide has been flowing in the
> > opposite direction for the last 20 years towards "Buyer beware" when
> > it comes to telecoms and associated ICT services.
>
> Especially whn you consider that many law firms (who almost totally lack
> in-house techical expertise) are outsourcing their IT to "the clould".
> The obvious risks inherent in this model scare me.
>
> How happy would you be to know that your case files, containing legally
> privileged information, are out there in "the cloud", in storage owned
> and operated by a company with whom you have no relationsip?
>
Do you know of any who are doing this with unencrypted information, though?
Most firms I have come across are aware of the issue, but it shouldn't be a
problem so long as you have client-side encryption and backups elsewhere.
The SRA says we can't use outsourced providers without contract terms
allowing the SRA to enter the supplier's premises at any time and inspect
the data - try getting Google to amend its terms and conditions - but I
don't know if anyone is taking that seriously.
--
Chris R


David McNeish

unread,
Apr 12, 2013, 9:00:05 AM4/12/13
to
On Apr 12, 9:20 am, Roland Perry <rol...@perry.co.uk> wrote:
> In message
> <804d26ee-d822-48a3-9db9-35315caf6...@j14g2000vbk.googlegroups.com>, at
> 19:00:04 on Thu, 11 Apr 2013, David McNeish <david...@gmail.com>
> remarked:
>
> >You may wish to (hypothetically) add that the site was originally
> >operated by company A, which went into liquidation, and company B
> >bought the assets (i.e. the data) and are now offering the different
> >type of service. At best I suspect the users may have a claim for
> >breach of contract by company A (if there was any contract).
>
> Claims against liquidated companies are not a particularly effective way
> to obtain compensation.

Quite. Company B hasn't acquired any obligations (if they ever
existed) to continue to provide free access to the data or allow
customers to retrieve backups from the servers.
Message has been deleted
Message has been deleted

Ian Jackson

unread,
Apr 12, 2013, 8:20:02 AM4/12/13
to
In article <iZadnZ-_tvppb_rM...@brightview.co.uk>,
Chris R <inv...@invalid.munge.co.uk> wrote:
>It probably is time to consider making information a form of property,
>though that would be a major departure from most existing legal systems. We
>really need remedies "in rem", [...]

I'm sympathetic to this argument but it would require a lot of work to
figure out exactly how it would work. Also at the moment any attempt
to do this risks being hijacked by the copyright control freaks.

--
Ian Jackson personal email: <ijac...@chiark.greenend.org.uk>
These opinions are my own. http://www.chiark.greenend.org.uk/~ijackson/
PGP2 key 1024R/0x23f5addb, fingerprint 5906F687 BD03ACAD 0D8E602E FCF37657

Stuart A. Bronstein

unread,
Apr 12, 2013, 10:55:02 AM4/12/13
to
"Chris R" <inv...@invalid.munge.co.uk> wrote:

> It probably is time to consider making information a form of
> property, though that would be a major departure from most
> existing legal systems. We really need remedies "in rem", i.e.
> rights to the information itself independent of who is holding
> it, whether we have a contract with them and whether they are
> able or willing to perform the contract. If someone has my car,
> I can claim it back from them even though I have no contract
> with them, they got it quite lawfully and I don't know how they
> came to have it. But if they have my proprietary information, I
> have no way of compelling them to return or deleted unless I
> have a contract with them or I can prove that they or someone
> else has done something wrong in acquiring it, and if they go
> bust, I probably have no remedy.

There are no laws protecting trade secrets? What other kind of
proprietary factual information might need protection?

This reminds me of a big dispute right now in the US - can someone
protect by patent things in nature (for example because they were the
first to discover them) and thus prevent others from even
investigating or experimenting with the item unless a licence fee is
paid? I'm not so sure that would be a good idea.

--
Stu
http://DownToEarthLawyer.com

Chris R

unread,
Apr 12, 2013, 11:10:02 AM4/12/13
to

>
> "Jethro_uk" wrote in message news:7dU9t.4234$364....@fx26.fr7...
> If you're using Google (or any US based provider) then that's the least
> of your worries. A much more real worry is that the US government shouts
> "PATRIOT" and points at your data, which the provider happily serves up
> (without telling you).
>
> Or, they shout "PATRIOT", point at your provider and shut their servers
> down with no warning.
>
> Neither situation is covered by Safe Harbour.

If you were defending terrorism suspects, then yes, that would be a concern.
Though if you are using client-side encryption and back-ups elsewhere, it's
really no different to any other situation, such as mysterious foreign
powers burgling your office or intercepting your email. If they can read
your encrypted data you're in trouble anywhere. I imagine firms with
high-risk clients are aware of the risks. And I would expect the US courts
to be pretty hot on attorney-client privilege, if you could get your case
before them. Most of us don't have data anywhere near interesting enough for
anyone to want to make much effort to access it; we are just sensitive to
professional obligations of confidentiality, including as against the
employees of our IT suppliers. In reality the risks are no more than they
are with cleaners and plumbers visiting your office, but because it's new
and hi-tech everyone gets more concerned about it.
--
Chris R


Stuart A. Bronstein

unread,
Apr 12, 2013, 10:35:02 AM4/12/13
to
"steve robinson" <st...@colevalleyinteriors.co.uk> wrote:

> Cloud storage is a reasonably new phenonemon domestically, i
> cant find any case law in the UK that clearly defines how such
> infomation should be dealt with in such situations. This will in
> the future pose problems both from a juristiction POV and
> commercial POV.

I haven't had occasion to look at the Terms of Use of any cloud
storage company. But the ones I have looked at (e.g. twitter,
craigslist) require the user to essentially licence any rights he has
to the site. I suspect that, with respect to cloud storage, the
terms of use could have a huge effect on how the law deals with this
kind of thing.

--
Stu
http://DownToEarthLawyer.com
Message has been deleted

Stuart A. Bronstein

unread,
Apr 12, 2013, 11:25:02 AM4/12/13
to
August West <aug...@kororaa.com> wrote:
> Stuart A. Bronstein wrote:
>>
>> There are no laws protecting trade secrets?
>
> Scots Law recognises an obligation, arising ex lege, not to
> divulge information given in confidence. (Lord Advocate v
> Scotsman Publications Ltd 1988 SLT 490.) But it's not entirely
> clear what the nature, and limits, of this obligation are, or
> even what the remedies for breach are...

If you'd ever like some ideas, the law on trade secrets is pretty
well developed here - at least in California.

--
Stu
http://DownToEarthLawyer.com
Message has been deleted

steve robinson

unread,
Apr 12, 2013, 11:40:02 AM4/12/13
to
Thats ok if the outscourced providers server systems are UK based and
controlled, rented rackspace in a far off land is so easy to keep under
the auspies of the SRA

Roland Perry

unread,
Apr 12, 2013, 12:05:23 PM4/12/13
to
In message <xn0igqfq...@reader80.eternal-september.org>, at
13:20:02 on Fri, 12 Apr 2013, steve robinson
<st...@colevalleyinteriors.co.uk> remarked:
>Agreed , however because its thier data they believe (wrongly) they
>ultimatly own it

And we are back at: what does "own" mean. Yes they have many rights over
its use, but if they foolishly entrust it someone who doesn't have a
bullet-proof service level agreement then they can't complain if the
*copy of* the data they uploaded is lost. After all, if the data was
that important, they still have the original.
--
Roland Perry

Roland Perry

unread,
Apr 12, 2013, 12:10:02 PM4/12/13
to
In message <87r4igr...@news2.kororaa.com>, at 13:10:02 on Fri, 12
Apr 2013, August West <aug...@kororaa.com> remarked:
>> Welcome to the free market. There may come a point when regulators or
>> the industry itself would act over such things, and introduce an
>> ABTA/ATOL type of scheme. But the tide has been flowing in the
>> opposite direction for the last 20 years towards "Buyer beware" when
>> it comes to telecoms and associated ICT services.
>
>Especially whn you consider that many law firms (who almost totally lack
>in-house techical expertise) are outsourcing their IT to "the clould".
>The obvious risks inherent in this model scare me.
>
>How happy would you be to know that your case files, containing legally
>privileged information, are out there in "the cloud", in storage owned
>and operated by a company with whom you have no relationsip?

Very unhappy, but in the UK at least, I can sue the solicitor for any
breaches which occur. At that point it's his insurance company's
problem.
--
Roland Perry

Norman Wells

unread,
Apr 12, 2013, 11:20:02 AM4/12/13
to
Stuart A. Bronstein wrote:

> This reminds me of a big dispute right now in the US - can someone
> protect by patent things in nature (for example because they were the
> first to discover them) and thus prevent others from even
> investigating or experimenting with the item unless a licence fee is
> paid? I'm not so sure that would be a good idea.

It's a universal principle of patent law throughout the world that
patents can only be granted for things that are both novel and involve
an inventive step. That of course excludes mere discoveries. However,
it depends on what exactly the patent is attempting to claim.

For example, a novel and unobvious method of extracting an active
ingredient from a plant might be patentable, as may its formulation or
use as a pharmaceutical product to treat a particular condition.

These principles ensure that whatever was known before cannot be
protected by patent, and that no-one can be excluded from doing anything
that had previously been done.

Chris R

unread,
Apr 12, 2013, 11:40:02 AM4/12/13
to

>
>
> "Stuart A. Bronstein" wrote in message
> news:XnsA1A05041A9091s...@130.133.4.11...
>
> "Chris R" <inv...@invalid.munge.co.uk> wrote:
>
> > It probably is time to consider making information a form of
> > property, though that would be a major departure from most
> > existing legal systems. We really need remedies "in rem", i.e.
> > rights to the information itself independent of who is holding
> > it, whether we have a contract with them and whether they are
> > able or willing to perform the contract. If someone has my car,
> > I can claim it back from them even though I have no contract
> > with them, they got it quite lawfully and I don't know how they
> > came to have it. But if they have my proprietary information, I
> > have no way of compelling them to return or deleted unless I
> > have a contract with them or I can prove that they or someone
> > else has done something wrong in acquiring it, and if they go
> > bust, I probably have no remedy.
>
> There are no laws protecting trade secrets? What other kind of
> proprietary factual information might need protection?

I agree that there would be a whole lot of issues to solve (and I am using
"proprietary" in a very broad sense), the greatest of which would be to
define what is "my" data. What makes it mine? I don't know. We're not
talking about creativity and intellectual property; perhaps it needs to be a
relative right, in the sense that my right to my bundle of documents and
photographs is better than that of the cloud provider with whom I have
deposited it, just as if I had deposited a physical bundle in a safe deposit
box. Someone else may have a better right, for instance if I have stolen the
bundle or breached someone's IP, but the repository clearly doesn't own the
information and should be obliged to take reasonable care of it and to
return it on request, just as a bailee would. If my property gets lost or
destroyed, I have to fall back on contractual remedies; but if a random
third party gets hold of it, I can demand it back. They can't copy it or use
it without my permission.

I think that is reasonably coherent as far as cloud services and things like
Facebook go. It gets harder when you have effectively published the data or
allow people to replicate and process it. You seem to come across free
speech issues. Publication and copying probably have to be dealt with in the
intellectual property rules, rather than through "ownership" of data will
stop so perhaps my right needs to be confined to situations in which I
provide a body of data to a third party to look after it and all process it
for me in the expectation that I would be able to access it and get it back
when required.
>
> This reminds me of a big dispute right now in the US - can someone
> protect by patent things in nature (for example because they were the
> first to discover them) and thus prevent others from even
> investigating or experimenting with the item unless a licence fee is
> paid? I'm not so sure that would be a good idea.
>
It's been happening in the US for years, of course, and the rest of the
world has had to begin to fall into line with considerable reluctance: we
always understood patentability to depend on invention, not discovery.
Message has been deleted

Stuart A. Bronstein

unread,
Apr 12, 2013, 1:15:02 PM4/12/13
to
"Chris R" <inv...@invalid.munge.co.uk> wrote:
>> "Stuart A. Bronstein" wrote
>>
>> There are no laws protecting trade secrets? What other kind of
>> proprietary factual information might need protection?
>
> I agree that there would be a whole lot of issues to solve (and
> I am using "proprietary" in a very broad sense), the greatest of
> which would be to define what is "my" data. What makes it mine?

As I understand it, the law in the UK is that copyright can cover
factual information based on effort to discover the information
rather than it being something that is based on creativity. Is
that incorrect?

I recall a discussion here a while ago about trivia. In the USA
the underlying facts in a compilations of trivia cannot be
protected by copyright, but in the UK it may be protected was my
understanding at the time. Wouldn't that be one way to "own"
information?

> Publication and copying probably have to be dealt with in the
> intellectual property rules, rather than through "ownership" of
> data will stop so perhaps my right needs to be confined to
> situations in which I provide a body of data to a third party to
> look after it and all process it for me in the expectation that
> I would be able to access it and get it back when required.

I agree that there is a technical difference between owning data
and owning intellectual property rights in data. But from a
practical standpoint I don't see much of a difference.

>> This reminds me of a big dispute right now in the US - can
>> someone protect by patent things in nature (for example because
>> they were the first to discover them) and thus prevent others
>> from even investigating or experimenting with the item unless a
>> licence fee is paid? I'm not so sure that would be a good
>> idea.
>>
> It's been happening in the US for years, of course, and the rest
> of the world has had to begin to fall into line with
> considerable reluctance: we always understood patentability to
> depend on invention, not discovery.

The lower courts in the US have agreed with that in a case now
before the US Supreme Court. The discoverer of a gene that can
cause breast cancer patented it, and has been very aggressive in
suing others who want to do anything at all with the gene - even
other scientific research. Let's hope they reach the right
decision.

--
Stu
http://DownToEarthLawyer.com

Chris R

unread,
Apr 12, 2013, 2:20:02 PM4/12/13
to

>
>
> "steve robinson" wrote in message
> news:xn0igql0...@reader80.eternal-september.org...
>
> Chris R wrote:
>
> >
> > >
> > >
> > > "August West" wrote in message
> > > news:87r4igr...@news2.kororaa.com...
> > >
> > >
> > > The entity calling itself Roland Perry wrote:
> > > >
> > > > In message <kk8phn$vrv$3...@dont-email.me>, at 12:05:09 on Fri, 12
> > > > Apr 2013, Scion <a...@nospam.invalid> remarked:
.. The SRA says we can't use outsourced providers
> > without contract terms allowing the SRA to enter the supplier's
> > premises at any time and inspect the data - try getting Google to
> > amend its terms and conditions - but I don't know if anyone is taking
> > that seriously.
>
> Thats ok if the outscourced providers server systems are UK based and
> controlled, rented rackspace in a far off land is so easy to keep under
> the auspies of the SRA

The obligation on solicitors is to have the term in the contract. It's up to
the SRA to attempt to enforce it! Of course they are not a party to the
contract, either.
--
Chris R


Chris R

unread,
Apr 12, 2013, 2:20:09 PM4/12/13
to

>
>
> "Jethro_uk" wrote in message news:ANV9t.5348$364....@fx26.fr7...
> It worries me no one gets this. Its nothing to do with what *your* data
> is about. It's everything to do with the fact that - irrespective of what
> you think your contract says - a US firm *will* hand over your data if
> asked. And the advice I have seen from legal eagles is that in such an
> event you have no immunity from being sued by anyone whose personal data
> is slurped.
>
> The only way to mitigate against this, is to ensure you only store
> properly encrypted data - something impossible if you're using Office365
> or similar. Which I would hope is SOP, but I doubt it.
>
> And you ignored the second (and more real risk, IMHO) that because a
> server farm is shut down under a PATRIOT takedown, you could lose (a)
> data and (b) a hosted service. This is harder to mitigate against.
>
> Remember, we are talking US *owned* companies. So if the server they want
> to shut is in Belgium, but owned by Microsoft - guess what ? It goes.

I didn't ignore it - any law firm (or business, for that matter) using
cloud hosting ought to be backing up their data independently and using
client-side encryption. It doesn't matter why your data centre goes down -
only that it does.

I don't know what you think anyone would be suing you for, however.
--
Chris R


Chris R

unread,
Apr 12, 2013, 2:25:02 PM4/12/13
to

>
>
> "Roland Perry" wrote in message news:bVXv3c+Z...@perry.co.uk...
Only if they have been negligent, and you can prove loss. Good luck trying
to get more than the deductible on the solicitor's insurance policy!
--
Chris R


Percy Picacity

unread,
Apr 12, 2013, 2:35:02 PM4/12/13
to
I am not convinced they would be interested in any 'privileges' of
non-citizens.


> Most of us don't have data anywhere near interesting enough for
> anyone to want to make much effort to access it; we are just sensitive to
> professional obligations of confidentiality, including as against the
> employees of our IT suppliers. In reality the risks are no more than they
> are with cleaners and plumbers visiting your office, but because it's new
> and hi-tech everyone gets more concerned about it.

Our secret services seem to have a considerable industry of
blackmailing young asians into working for them, and access to criminal
lawyer's records of such clients en masse would be quite useful to
them, I would have thought.


--

Percy Picacity

Chris R

unread,
Apr 12, 2013, 2:05:02 PM4/12/13
to

>
>
> "Stuart A. Bronstein" wrote in message
> news:XnsA1A04D1B828F7s...@130.133.4.11...
But even the most consumer-friendly and generous provider is unlikely to
commit to providing the service in perpetuity, so there will always be a
risk of it shutting down at some point.
--
Chris R


Mark Goodge

unread,
Apr 12, 2013, 4:45:02 PM4/12/13
to
On Fri, 12 Apr 2013 12:45:02 +0100, Chris R put finger to keyboard and
typed:

>It probably is time to consider making information a form of property,
>though that would be a major departure from most existing legal systems. We
>really need remedies "in rem", i.e. rights to the information itself
>independent of who is holding it, whether we have a contract with them and
>whether they are able or willing to perform the contract. If someone has my
>car, I can claim it back from them even though I have no contract with them,
>they got it quite lawfully and I don't know how they came to have it. But if
>they have my proprietary information, I have no way of compelling them to
>return or deleted unless I have a contract with them or I can prove that
>they or someone else has done something wrong in acquiring it, and if they
>go bust, I probably have no remedy.

But you can't "return" information in any meaningful sense analogous to
returning property. If I lend you my car, then while you have it I do not,
and when you have finished with it, you can return it to me. But if I tell
you that apples are currently on offer at the local supermarket, then not
only do I still have that information even after giving it to you but you
can't "unknow" it once you do know it.

The best you can do with information is promise to delete all non-human
records of it and/or promise not to make any use of it. But even those are
fraught with difficulty. If you have at any time transferred the
information electronically then there is no guarantee that it has not found
its way into some backup somewhere not of your making (eg, an ISP's nightly
snapshot of its servers, or a copy in a webmail account). And promising to
pretend that you don't know something when actually you do is little more
than a legal fiction in many cases. Maybe you'll pass on the opportunity to
get cheap apples, but if I inadvertently let slip that I've committed a
crime then I can't expect you to pretend that I haven't.

There are cases, of course, where the law does actually expect to act as if
you don't know something even if you should happen to be informed of it
(insider trading, for example), and even more where the law expects to you
take steps to avoid acquiring information, even inadvertently (insider
trading again, official secrets, spent criminal records, etc). But these
are exceptions to the general rule and the applicable laws do not work by
trying to treat information as if it were property.

That's one of the reasons that I dislike the concept of a "right to be
forgotten", which is beginning to make inroads into data protection
circles. The reality is that there is no, and cannot be, any such right in
the sense that the word "forget" is usually used. What there can be is a
right to have any data you have supplied to an organisation deleted from
their records, and possibly even a right to have the fact that you once
provided them with that data disregarded in future. But "disregarding" is
not the same as "concealing", and it seems to be to be fundamentally wrong
that there should be any general principle that an organisation can
routinely be expected to act as if something did not happen which actually
did happen.

Those drunken late night tweets and embarassing selfies were not created by
Twitter and Facebook, and it is not their problem if you[1] later regret
publishing them to the world. Giving you the right to prevent their future
re-publication (by deleting or hiding them) is one thing, but pretending
that they were never published at all is completely another.

[1] For any value of "you".

Mark
--
Please take a short survey on salary perceptions: http://meyu.eu/am
My blog: http://mark.goodge.co.uk

Roland Perry

unread,
Apr 13, 2013, 3:50:01 AM4/13/13
to
In message <87a9p3s...@news2.kororaa.com>, at 18:05:29 on Fri, 12
Apr 2013, August West <aug...@kororaa.com> remarked:
>>>How happy would you be to know that your case files, containing legally
>>>privileged information, are out there in "the cloud", in storage owned
>>>and operated by a company with whom you have no relationsip?
>>
>> Very unhappy, but in the UK at least, I can sue the solicitor for any
>> breaches which occur. At that point it's his insurance company's
>> problem.
>
>Well, yes, that's fine - if your only concern is financial damage, and
>not irrevocable exposure of personal information...

For which financial damages might be an acceptable remedy.
--
Roland Perry

Roland Perry

unread,
Apr 13, 2013, 5:45:05 AM4/13/13
to
In message <80rgm85ta1p0g9utk...@news.markshouse.net>, at
21:45:02 on Fri, 12 Apr 2013, Mark Goodge
<use...@listmail.good-stuff.co.uk> remarked:
>That's one of the reasons that I dislike the concept of a "right to be
>forgotten", which is beginning to make inroads into data protection
>circles. The reality is that there is no, and cannot be, any such right in
>the sense that the word "forget" is usually used.

It's just a catchy name, like "Bedroom tax" (which isn't a tax at all).

>What there can be is a right to have any data you have supplied to an
>organisation deleted from their records,

Which is all it means.

>Those drunken late night tweets and embarassing selfies were not created by
>Twitter and Facebook, and it is not their problem if you[1] later regret
>publishing them to the world.

There's at least some mileage in the idea that if you were very young,
you weren't able to properly give 'consent' to their [self] publication.

>Giving you the right to prevent their future re-publication (by
>deleting or hiding them) is one thing,

Which all that it means.

>but pretending that they were never published at all is completely
>another.

Indeed, another subject altogether.
--
Roland Perry

Chris R

unread,
Apr 13, 2013, 6:15:02 AM4/13/13
to

>
>
> "Mark Goodge" wrote in message
> news:80rgm85ta1p0g9utk...@news.markshouse.net...
I agree. Part of the reason we are struggling with this is that we are
trying to slot data into existing concepts, and it doesn't really work. I
don't think we are talking here about items of information, but about
organised collections of data. And there are a number of problems, which
could be addressed together or separately: (1) the main one under discussion
here, that i have provided "my" data to a third party for storage or
processing, or they have somehow acquired it (found my memory stick, for
instance, and stored the data); I don't have the data and I want it "back"
so I can use it; (2) similar, but my concern is that you don't retain it or
use it or publish it (data protection, duties of confidence, rights to
privacy); (3) that my work doesn't get copied and exploited (copyright and
IP). There is existing law, albeit imperfect, around (2) and (3) so it's (1)
that needs addressing. Or are there others?
>
> The best you can do with information is promise to delete all non-human
> records of it and/or promise not to make any use of it. But even those are
> fraught with difficulty. If you have at any time transferred the
> information electronically then there is no guarantee that it has not
> found
> its way into some backup somewhere not of your making (eg, an ISP's
> nightly
> snapshot of its servers, or a copy in a webmail account). And promising to
> pretend that you don't know something when actually you do is little more
> than a legal fiction in many cases. Maybe you'll pass on the opportunity
> to
> get cheap apples, but if I inadvertently let slip that I've committed a
> crime then I can't expect you to pretend that I haven't.

Again, I agree, but it's rather different when we are talking about an
organised set of data rather than items of information; and this is in my
category (2) rather than category (1). If I've stored my photos in the
cloud, my concern is probably to get access to them myself rather than
worrying about whether there might be deeply-buried copies somewhere (unless
they are photos of a particular kind, of course, but my life is not that
exciting). You can't "forget" that you've seen my photos but you can't do
anything useful if you don't have copies of them.
>
....
> That's one of the reasons that I dislike the concept of a "right to be
> forgotten", which is beginning to make inroads into data protection
> circles. The reality is that there is no, and cannot be, any such right in
> the sense that the word "forget" is usually used. What there can be is a
> right to have any data you have supplied to an organisation deleted from
> their records, and possibly even a right to have the fact that you once
> provided them with that data disregarded in future. But "disregarding" is
> not the same as "concealing", and it seems to be to be fundamentally wrong
> that there should be any general principle that an organisation can
> routinely be expected to act as if something did not happen which actually
> did happen.

Again, I agree. Several things bother me about the direction of data
protection. One is that I actually think moral disapproval in society is a
good thing, as it allows order in society short of having to take people to
court and lock them up. the idea that we should be prevented from knowing
that people have been convicted of crimes or screwed over their business
partners or didn't pay their debts is wrong (though i do think there should
be rehabilitation periods). Why shouldn't people who are lazy, incompetent
or dishonest find it more difficult to get jobs? And it flies in the face of
all sorts of other pressures - the public expect government and businesses
to know what's going on in minute detail at all times and to be able to
predict events, without retaining any information that might allow them to
do so.You delete someone's data, then they sue you and you have no evidence
to defend yourself.

I think the focus on having and storing data is wrong. I don't much care who
holds my personal data - and if you judge by their behaviours rather than
what they say, nor do most of the public. It's what they do with the data
that matters. trying to prevent data being held is just swimming against the
tide - before long everything will be recorded and cross-referenced in
minute detail and retained forever. I don't require a right to commit crimes
and get away it. I don't want my friends and neighbours knowing my income,
but it wouldn't bother me if the benefits agency or my pension company could
get that information from HMRC for legitimate purposes. I don't mind
researchers next century having access to my census answers. I like websites
to know who I am when I go back. It doesn't bother me that MI5 could be
reading my emails. It's the purposes for which data is used or disclosed
taht we ought to be focussing on.
>
> Those drunken late night tweets and embarassing selfies were not created
> by
> Twitter and Facebook, and it is not their problem if you[1] later regret
> publishing them to the world. Giving you the right to prevent their future
> re-publication (by deleting or hiding them) is one thing, but pretending
> that they were never published at all is completely another.
>
I agree, although we probably do need some limits on republication,
especially after many years.
--
Chris R


Stuart A. Bronstein

unread,
Apr 13, 2013, 10:45:05 AM4/13/13
to
Roland Perry <rol...@perry.co.uk> wrote:
> August West <aug...@kororaa.com> remarked:

>>>>How happy would you be to know that your case files,
>>>>containing legally privileged information, are out there in
>>>>"the cloud", in storage owned and operated by a company with
>>>>whom you have no relationsip?
>>>
>>> Very unhappy, but in the UK at least, I can sue the solicitor
>>> for any breaches which occur. At that point it's his insurance
>>> company's problem.
>>
>>Well, yes, that's fine - if your only concern is financial
>>damage, and not irrevocable exposure of personal information...
>
> For which financial damages might be an acceptable remedy.

Perhaps. But if it's not an acceptable remedy, it may be the only
real remedy.

--
Stu
http://DownToEarthLawyer.com
0 new messages