"The law should be predictable as to what is mandated and what is forbidden"

One of the strongest arguments against the proposed copyright statutory instrument is that it is so vague as to make it impossible to predict what it might require of internet intermediaries. The proposal is entirely silent in relation to the most basic issues where one might expect clarity. What type of injunction might be granted? Site blocking? Three strikes? Deep packet inspection? Hash value blocking? What types of intermediaries might be affected - ISPs, search engines, hosting providers, cloud computing providers? Who will have to pay the legal costs of applications for injunctions? Who will have to pay the ongoing cost of implementing any injunction?

Crucially, this vagueness is highlighted by comments of Charleton J., the very High Court judge whose ruling in EMI v. UPC has been relied upon by Sean Sherlock as justification for this statutory instrument. However, when examined closely neither his judgment in that case nor his later extrajudicial pronouncements support this claim. In particular, in a recent speech to the Fordham Intellectual Property Conference, he said:

Legislation such as the [UK Digital Economy] Act of 2010, has at least the predictability of express statement as to the objects to be achieved. In respect of each of the possible solutions of diversion, interruption, warning and cut-off, the British have OfCom looking at the appropriate technical machinery with which to achieve these ends. When this machinery is approved, then, in those circumstances, any court faced with these difficult cases will be in a position to fairly, if not precisely, predict what they can use as a technical solution with a view to granting or refusing to grant injunctions.

This strongly accords with the European law principle that the law should be predictable as to what is mandated and what is forbidden and enables a judge to also know what is expected in the judicial sphere in particular circumstances. As I said in another part of the judgment in EMI v. UPC, if any judge were merely to act on the basis of what the Court felt was right, without having a legislative basis, the Court would be putting itself back in the position of judges in the late 19th and 20th century who used the tort of conspiracy and the remedy of an injunction against the trade union movement and thereby caused public controversy, rendered uncertain the concept of the rule of law and undermined their own authority.

It may also be well for the judicial mind to observe that the separation of powers is a definite guiding principle against doing what might seem desirable, but which is not provided for in legislation.

"The law should be predictable as to what is mandated and what is forbidden and enables a judge to also know what is expected in the judicial sphere in particular circumstances". Can the DJEI honestly claim that their proposed statutory instrument meets these criteria?

Cloud computing complications costing Celtic companies

The lack of an appropriate regulatory environment, standard due-diligence checklists, and standard SLAs are an economic barrier to vibrant young technology companies providing cloud-based technology solutions to enterprises that need a greater level of protection than is currently on offer. The costs of developing such offerings and dealing with due-diligence queries and contract negotiations may be beyond the financial resources of a start-up.

Professional service providers who wish to avail of the efficiencies of cloud services may decide that they are not equipped to conduct due diligence or agree SLAs without the help of specialist consultants. This is an impediment to Irish businesses reducing their costs and increasing their competitiveness through the adoption of cloud technologies.

Reamonn Smith (solicitor and member of the Law Society's Technology Committee) argues for "a clearer regulatory and legal environment" in relation to cloud computing in the Law Society Gazette (PDF, p.24).

Cloud computing controversy won't clear

It seems as though the controversy caused by the Chief State Solicitor's advice about purchasing cloud computing just won't go away. John Collins has an update in today's Irish Times. Here's an excerpt:

ON A Thursday afternoon early last month an e-mail with the subject line "eTenders – Cloud Computing Warning" began to arrive in the inbox of public servants.

Sent by the National Public Procurement Operations Unit, which operates the Government’s electronic tendering website, eTenders, the brief communication said the Chief State Solicitor’s Office had advised "that issues such as data protection, confidentiality and security and liability are not necessarily dealt with in a manner that would be necessary for public-sector responsibilities" by cloud services.

The e-mail was quickly forwarded around Ireland’s technology industry. Not only are companies such as Microsoft, IBM and HP investing millions into research centres and data centres here to support the new model of delivering software and other services over the internet, but Minister for Communications Eamon Ryan last year identified cloud computing as one of six "pillars" that would drive the creation of a smart economy.

In fact, Ryan is understood to have been extremely annoyed at the message being sent out, and his advisers have moved to soothe the nerves of some of the major technology multinationals based here.

While not renowned for its technology expertise, one of the roles of the Chief State Solicitor’s Office is to review commercial agreements for public bodies before they sign them.

"They must have reviewed a contract which wasn’t up to scratch and now they have concluded all cloud contracts are like this," says Philip Nolan, a partner in legal firm Mason Hayes + Curran who specialises in technology contracts. "It’s a totally disproportionate reaction and the IT industry is recoiling in shock."

Nolan equates the advice given by the Chief State Solicitor’s Office to someone saying 12 years ago "don’t buy anything using e-commerce because it’s not secure".

Describing the e-mail as "damaging", Ed Byrne, general manager of Hosting365, a local firm that provides a platform to support cloud computing, says eTenders should have instead "outlined the questions that need to be asked before buying a cloud service".

According to Byrne, this would have included questions such as where is the service based, who is the supplier, how much money can it save and what levels of support can be expected.

Previously on this blog: 1|2

Government departments not up in the clouds

After last week's story about the Department of Finance issuing warnings about the use of cloud computing, Sean Sherlock TD followed up by asking whether the warnings stemmed from any particular incident; whether government departments are already using cloud computing; and if so what safeguards are in place. The results are interesting: the Finance warnings don't appear to be the result of any mishap in central government as not one department is yet using cloud computing. (Though the Minister for Communications, Eamon Ryan, did say that his Department is actively promoting its use.)

Cloud computing complications

Not too long ago the Taoiseach and the Green Party were telling us that cloud computing is the way of the future for Irish business. Now it emerges that the Department of Finance has emailed government departments and public bodies warning about the risks of cloud computing. Is this a case (as some amused observers are saying) of the left hand not knowing what the right hand is doing? Or, as some sectors of the Irish technology industry are putting it, simple technical ignorance?

A Microsoft spokeswoman said that Ireland should "embrace the cloud across all aspects of public services".

"Microsoft’s software plus services offering provides enhanced security for data over and above what has traditionally been available for private and public organisations, and this is one of the primary reasons why so many public and private organisations across the globe are beginning to deploy solutions in the cloud."

Ed Byrne, general manager of Hosting 365, which provides cloud computing services, described the e-mail as "damaging" and showed a "lack of knowledge" of what the technology involves.

The technology is "mature and not nascent" said Philip Nolan, a partner in legal firm Mason Hayes + Curran. He said any contractual issues were surmountable, and he has large clients who use cloud computing for their core systems.

So are these criticisms justified? While it's understandable that providers might be defensive, these responses seem out of place given the very moderate tone of the original email, which is not a blanket ban on the use of cloud computing but simply a reminder to take legal advice before buying these services:

The Department of Finance has warned Government departments and public sector bodies that they should not purchase cloud computing services without obtaining legal advice.

The warning e-mail, which carries the subject "cloud computing warning", says that the Chief State Solicitor’s Office has "advised that issues such as data protection, confidentiality and security and liability are not necessarily dealt with in a manner that would be necessary for public sector responsibilities".

Far from being ignorant of the nature of cloud computing, this seems to show a good awareness of the challenges it can present. As Simon McGarr points out in today's Irish Times, unless properly thought out in advance cloud computing may result in the transfer of personal information outside the EU and in inadequate security measures being put in place by data processors. Suitable contracts can deal with these risks - but not all cloud computing providers (particularly those headquartered outside the EU) seem to be fully aware of their responsibilities under European data protection law, making detailed legal advice essential in all cases.

In addition, public sector storage of data presents further problems which are distinct from those faced in private sector use of cloud computing. For example, how will the public body ensure that data held in the cloud is available to meet a Freedom of Information Act request? How will departmental records held in the cloud be preserved and archived as required by the National Archives Act 1986? Will data in the cloud be sufficiently searchable as required by the Reuse of Public Sector Information Regulations? These and other complications make the advice from the Department of Finance seem eminently reasonable.

Update (27.02.10) - Microsoft's new secure cloud product for the US government shows some of the ways in which cloud computing products may have to be tailored for public sector use.