Too much legal FUD has bedevilled rise of cloud computing

Gavel and law book

The formation of the Cloud Industry Legal Forum (CILF) is obviously a good thing, although the use of an 'ILF' acronym is a little too close to a certain bit of x-rated online slang for my liking. Although thinking about it, for many people CILF does actually stand for 'Cloud I'd Like to FUD' to be honest. Especially when it comes to matters legal.

I applaud both the founding of CILF, and the foundation up on which it is based: to focus on providing clarity regarding the many legal issues that are associated with a move into the cloud. Whether this sub-group of the Cloud Industry Forum itself can actually achieve a legal framework in support of the industry remains to be seen, but by heck as like do we need one if yet another barrier to cloud adoption is to be demolished any time soon.

Legal FUD is, in my never humble opinion, only second behind Data Security FUD in terms of the amount of it out there and the success it is having in preventing many organisations from taking the cloud computing plunge.

What do I mean by legal FUD? The acronym FUD is short for 'Fear, Uncertainty and Doubt' which is rife when it comes to media reporting of legal issues. Often the boundaries between legal and security matters are so blurred that it is hard to separate the two, and this just makes slapping a double whammy of FUD on the unsuspecting reader a whole lot easier.

Take the relatively simple question of 'where is my data located?' for example. This should be a straightforward thing to discover by simply asking your would-be cloud service provider.

For most businesses the answer is pretty non-relevant anyway, as governance issues do not enter the equation. Where the G-word does rear its head, then part of any due-diligence strategy to move data into the cloud would surely include ensuring the service provider was aware of this fact and both willing and capable of ensuring the geographical location met the legal requirements.

For most businesses, the question of their data being stored in a US-based location and therefore, theoretically at risk of being accessed by the Feds on a whim, simply doesn't arise.

If the privacy issue is an issue, the same 'just ask and don't sign with a provider who cannot give the right answer' advice applies. Lawyers throwing large amounts of legalese into the ring really don't help the situation, other than those law firms who stand to benefit from unnecessary consultancy and auditing fees.

I'm not suggesting for a moment that privacy and geolocation issues do not exist but rather that making them into such a big grey deal is not necessary if you can step back and peer through the FUD to see the common sense beyond.

Legal jurisdiction, intellectual property, data security and privacy issues are not new territory for any business that goes online. I Am Not A Lawyer, however I am fed up with lawyers who seem to be making something of a hobby of over-egging the 'unique legal risks' cloud pudding.

Which is why I was pleased to see that Conor Ward, Partner at Hogan Lovells which is a founder member of CILF reckons that the group "will act as an advisory sounding board on issues relating to the legal issues associated with cloud computing" and gives the example of submitting a response to recent EU Data Protection proposals rather than the usual round of 'what's wrong with the cloud' nonsense.

"This consultation is an opportunity to review the data protection landscape to ensure a greater take-up of these types of technologies and to remove some of the FUD which surrounds some of the compliance issues" Ward insists, concluding "within the UK, data controllers (and their suppliers - often members of CIF), have benefitted from a practical, business-oriented approach to data protection, which struck a good balance with the rights of individuals".

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.