All the hype surrounding Cloud computing, coupled with the mandatory cautionary tales around security and control, or the lack thereof, makes it is easy to overlook a small but significant component of the cloud proposition i.e.: Who owns what Intellectual Property in the Cloud?
If we take as an example, a simple cloud-based application or service, (i.e. one that is developed, hosted and operated in the Cloud), which enable users to create mash-ups of information and content derived from other cloud services and web applications, and which may be physically located in various other parts of the world (remember this is Cloud we’re talking about), who should be held responsible for any infringement of confidentiality or Intellectual Property such as: copyright, trade secrets, designs or patents, in such an environment?
The elephant-in-the-room answer to that question is how to go about establishing the correct chain or web of responsibility – Ergo:
- Is it the cloud service provider, (with their hermetically sealed and caveated contracts)?
- Is it the cloud-based service operator (again with their watertight EULAs)?
- is it, as often tends to be the case in these things, the hapless end-user / consumer who in effect has directly infringed someone’s IP by using that service in the first place (i.e. assuming they did not intend to infringe anything at all)?
- Or is it all of the above?
The above scenario clearly speaks to the heart of the matter with IP in the Cloud; i.e. there is an alarming lack of transparency with respect to data, information, content and their different usage and ownership models in the Cloud context. Furthermore, when one adds in other constraints (e.g. annoyingly out-of-step, geo-political territorial restrictions on mobility) to such innovative Cloud based services as Amazon’s Cloud Drive , one could easily end up with a truly formidable challenge that defies any simple or simplistic resolution scenarios.
An army of lawyers, (even ones improbably well versed in computer technology and programming), could not hope to decipher such puzzles in a month of Sundays. So where does that leave us? Luckily nowhere too nasty yet, as sparse incidents of cloud related IP infringement cases can attest. Fortunately, the seeds of potential solutions may be found in the foresight of initiatives like Free and Open Source Software, with their liberal licenses, or the Creative Commons which provide appropriate interfaces for human, machine and the legal systems to use and re-use digital content legally (See my separate blog article for more information about the Creative Commons).
In conclusion, at this point in time a lot of attention is being paid to such cloudy issues as: Cloud security, data access and controls, as well as service assurance and business continuity; but once these are resolved and have become Business-as-Usual, the lack of clarity around IP in the Cloud may surface to negative effect. The time is right for all stakeholders (i.e.: Cloud service providers and operators; business and consumer end-users; Policy makers) and their trusted advisers to start thinking about addressing and influencing the potential outcome of a major IP meltdown in the Cloud.