IP Issues in Cloud Computing

This article was published in Manupatra Intellectual Property Reports on June 2015

Emerging Legal Challenges in the Cloud in the Context of Intellectual Property

Introduction

By Lenny Thomas Kurakar [1]

The interesting thing about cloud computing is that we’ve redefined cloud computing to include everything that we already do. – Richard Stallman

  1. The cloud used to be a cliché designating the Internet and often a cloud shape represents the Internet in a network diagram. But now, it is more than just an abstraction synonymous with the web. “Cloud Computing” has evolved to define the new advancement in technology. It is a term now used to describe the on-demand computing services provided by cloud service providers. It is a model in which the computing infrastructure is viewed as a ‘cloud’ from which users can access applications from anywhere in the world. 2 It is the delivery of computational resources allocated from a place other than the one from which the user is computing. [3] Cloud services are used constantly, with or without the users realizing this fact, whether it is Facebook, Twitter or Azure. [4]
  2. The cloud has accelerated the growth of the IT sector and enabled an OPEX [5] model of business which provides the economic appeal for choosing the cloud. However, the reign of the cloud should be watched with some concern. It accompanies with it jurisdictional, intellectual property, and privacy issues. Since technology has fast outpaced the legal regime for protection of rights, the law has to catch up with the change. There is a compelling need for a law that can operate beyond territorial limits in order to rein in the cloud.
  3. Cloud computing refers to the use of the internet (“cloud”) based computer technology for a variety of services. It is a computing model in which virtualized resources are provided as a service over the internet. 6 Generally, it can be said to be a way of providing IT functions such as information storage, processing power and computer programs as services over the internet, through the usage of external (often remote) servers. 7 This means that the information, programs and applications which are conventionally stored in the computer or other hardware are now stored on external servers which can be accessed through the internet. This allows computing to be given as a utility comparable to the other utilities like electricity and water.
  4. The essential characteristics of the cloud include on-demand self-service, broad network access, pooling of resources, rapid elasticity and measured service, all of which are captured in the NIST definition. NIST defines: ‘cloud computing’ as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources like networks, servers, storage, applications and services, that can be rapidly provisioned and released with minimal management effort or service provider interaction. 8

I. Types of clouds

a. Service models

  1. The NIST definition gives three service models of the cloud, viz. SaaS (software as a service), PaaS (platform as a service), and IaaS (Infrastructure as a service). SaaS is a complete operating environment with applications, management and user interface. In this model everything from the application down to infrastructure is the vendor responsibility; the client is simply using the application: entering, managing data etc. [9] PaaS [10] provides virtual machines, operating systems, applications, services, development frameworks, transactions and control structures. [11] IaaS [12] service provider manages the entire infrastructure, while the client is responsible for all other aspects of deployment that can include the operating system and applications. [13] Sometimes IaaS providers are also PaaS and SaaS providers. [14]
  2. In addition to these three categories, a number of other possible types of as-a-service (-aas) categories have appeared. Common ‘aas’ categories include: Applications-as-a-Service, Backup-as-a-Service, Desktop-as-a-Service and Business Processes-as-a-Service. [15] b. Deployment models
  3. Cloud services are deployed in different ways depending on its organizational structure and provisioning location and who has access to the cloud. The four deployment models of the cloud are public cloud (also called utility computing), private cloud (virtual private cloud), community cloud and hybrid cloud.
  4. Public cloud [16] infrastructure is available to the general public and is provided by a third party service provider. Private clouds [17] are cloud services within an organizational structure which are operated solely for a designated company. Cloud computing normally does not include private clouds. [18] Though public clouds are more efficient than private clouds, they are also the most vulnerable.
  5. Where organizations share a private cloud, it becomes a community cloud. [19] Enterprises having similar specific needs, can pool their resources to procure a community cloud. It is a generalization of a private cloud. The hybrid cloud [20] computing service combines the deployment models of the public and private clouds.

II. Essential characteristics of the cloud

  1. Computing as a service provides a new type of utility with its accompanying features. From a hardware point of view, the following three aspects are new in Cloud Computing: [21]
    • Cloud computing provides infinite resources (or creates an illusion of it) for the purpose of the users. The cloud is facilitated by the external servers of the Cloud Service Providers, [22] which can be situated anywhere in the world. This enables the users to depend less on hardware and eliminates the need to provision for the future as the cloud takes care of it all.
    • Companies can start on a short term basis and increase the quantity of resources used as per their needs.
    • Payment can be made on a short- term basis (e.g., processors by the hour and storage by the day).
  2. However, as the name ‘cloud’ signifies, lack of locality of hardware and data is another aspect of the cloud. The data may be stored in multiple jurisdictions and in a fragmented form. This ambiguous nature of the cloud is what causes apprehension for the law. Since laws are usually territorial, and the cloud cannot be confined within any such boundary, the nations are unprepared to answer the questions raised in the cloud. The issues in cloud computing include those relating to jurisdiction, data sovereignty and privacy and intellectual property.

Legal Issues in the Cloud

I. Privacy concerns

  1. When data is stored in the cloud, it means that the CSP has the data of the cloud user. However, the CSP may have subcontracted the storage function to another company. There might be many other sub-contractor companies which enable the cloud. This means that the third party company could change their terms and conditions or upgrade their hardware/software without any permission or knowledge of the user. Upgrades and amendments in the privacy policy may cause the data to be exposed on the internet. [23] Further, the customer agreement is subject to the Service Level Agreements of the CSP’s. The threat of third party access always looms over the head of the user, [24] and the possibility of security glitches cannot be ignored. [25]
  2. The data is likely to be stored in another country with more or less data protection. It is subjected to local laws that are outside the control of the data owner. Most cloud storage providers (Dropbox, Google Drive, OneDrive etc.) do not encrypt data at rest. [26] Encryption of data in the cloud allows the CSP to guarantee the protection of the data from unauthorized access of data by third parties, to some extent. But legal access to the data in the cloud can also be a problem to the user. Situations can also arise where information stored in a certain country is by legal obligation made available to that country’s authorities, such as police or intelligence authorities. [27]
  3. EU’s Directive on the Protection to the Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data [28] has imposed new restrictions on the collection, storage and public availability of the data.

II. Jurisdictional concerns

  1. The dynamic nature of the Cloud means that data is more often in transit, both within and away from the cloud provider, resulting in multiple jurisdictional claims on the same information. There is no international treaty or any kind of consensus as to which law should be deemed applicable in case of conflict.
  2. The result is that courts might have to rely on the physical location of the servers in which the material is copied to determine jurisdiction. [29]
  3. The matter of jurisdiction is causing unrest in the legal fraternity. The issues of cross-border cases result in the courts exercising long-arm jurisdiction. The courts are currently trying to sew together the fabric of private international law with the territorial legislations in order to counter the problems. The result is just a patchwork solution to the cloud issues.

III. Intellectual property concerns

  1. Online platforms offered by intermediaries allow users to upload and share material. [30] There are also platforms for exchange of specified assets, [31] which facilitate additional activities which enable users to follow other users. [32] In all these instances, the transactions take place in the “cloud”.
  2. Intellectual property primarily relates to information, whether confidential or data, expressions of ideas (protected primarily by copyright), signs and branding (protected by copyright and trademarks), and the underlying structures of intellectual ecommerce, whether hardware or software (protected by copyright or patents). Protection of intellectual property rights from potential infringement has become a herculean task in the cloud environment.
  3. The cloud, due to its nebulous nature, possesses a number of infringement possibilities. The main concern over the protection of intellectual property is that they are territorial rights. This makes it difficult to determine whether there is infringement or not. The question whether a Canadian patent can be infringed if it is used in US via the cloud illustrates this point as there is no territorial infringement as such.
  4. Even if there is infringement, it cannot be efficiently detected to serve the purpose of the intellectual property protection due to the fragmented nature of the data in the cloud. Reverse engineering is also unhelpful to trace the locus of infringement. [33]
  5. The content stored in the cloud is in digital form, which can be disseminated instantaneously, rapidly copied by third parties, and difficult to monitor in the cloud. Hence it is difficult to track the elements of infringement per se. Further, the disclaimer clauses and the liability clauses in the service contracts are usually drafted in such a manner so as to keep liability risks at bay.
  6. However, the offence of ‘inducement to infringe’ is being applied by courts and plaintiffs to deal with this problem.
  7. There is no definitive law to tackle divided infringement. The cloud is facilitated by the hardware owners, service providers, and the cloud itself might be the result of a subcontract among the parties. Hence in these cases there arises the situation of divided infringement.

IV. Lack of control over the data in the cloud

  1. Storage of data in different locations through distribution over a wider area and a number of resources increases the security chances, but at the same time, it has its negatives. Information in the cloud is actually stored in a place which is out of user’s control. Access to cloud storage data could be removed at any time and this is also outside the control of the user. [34] The cloud customer is not in a position to monitor the data handling practices of the CSP. [35] The account can be deleted and all the data stored in it may be lost. This is of most concern when what is stored is sensitive data. [36]
  2. In the cloud, not even the user has any whereabouts of his data. [37] The external server may be shifted or relocated without his consensus. [38] Adding to this the conflict between privacy laws in various jurisdictions, we get the whole, fuzzy picture of the cloud.

Overview of Intellectual Propery Issues in the Cloud

I. Trademark

  1. Trademark protection in context of the cloud is challenging as to what constitutes trademark infringement and how exactly is the right to be protected in the cloud. There is a growing international consensus that the protection of trademarks should extend to the Internet and that such protection should neither be less nor more extensive than outside the Internet [39].

a. Infringement of trademark in the cloud

  1. Infringement of trademark can be extensive or restrictive infringement. Clouds which facilitate exchange of specific assets, like eBay and Amazon, are more prone to cases of trademark infringement. A sign posted in the cloud will be visible worldwide—even in a country in which it was not intended to be used in. There might be a conflicting right existing in such a country. Hence the use of the sign will make the owner of the sign susceptible to infringement claims literally all over the world. [40] This is an instance of extensive infringement. Restrictive infringement requires a link between the use of the sign on the Internet and the country in which the trademark requires protection. [41] In order to fix liability the user should have intended the effect in any of the countries. Activities in which trademark can be infringed include advertising, delivery of digital goods or services and mail orders.
  2. While deciding the trademark disputes, the courts must keep in mind that the long-arm jurisdiction that they exercise does not encroach upon the sovereignty of another country. In short, the courts must make their orders adaptable to cyberspace environment.

b. Enable coexistence of conflicting rights

  1. International consensus is required on the criteria to determine the link between the use of a sign and the trademark protection. Otherwise, different countries will adopt different means of tackling it.
  2. Disclaimers provide a flexible tool to territorialize the use of sign and to avoid infringement claims in particular territories where there might be conflicting rights. But this is not a pragmatic solution. [42] Another means to prevent trademark issues is to enable technical mechanisms to block access to particular users and to refuse to deliver to consumers in a particular country. Even then the rights of the unregistered trademark holders are susceptible to be overlooked. Since trademark rights are protected only on a territorial basis, when it is threatened with a potential worldwide infringement, the law reaches a cul de sac. The international legal fraternity has not reached upon a consensus as to the criteria to apply for infringement and its exceptions. [43]

c. Trademark infringement cases

  1. The test formulated in the case, Inwood Labs. Inc v. Ives Labs Inc., [44] remains the yardstick for determining the liability of service providers. In Tiffany (NJ) Inc. v. eBay Inc., [45] where Tiffany alleged that the eBay users were using eBay resources to sell counterfeit Tiffany products, the court applied the Inwood test [46] and held that eBay is not liable since it did not have specific knowledge of the infringement.
  2. However, in Louis Vuitton Malletier, SA v. Akanoc Solutions, Inc., [47] the court interpreted the Inwood test in a manner contrary to the Tiffany decision and awarded statutory damages to Louis Vuitton (“Vuitton”) imposing liability on Akanoc Solutions Inc (“Akanoc”), for contributory infringement of Vuitton’s trademarks and copyrights. Akanoc had rented out their server space, IP addresses and bandwidth to foreign resellers of the same services, who resold it to companies who sold counterfeit Vuitton goods.
  3. The difference between the two cases can be whittled down to the fact that while eBay had a detailed trademark policy in place, Akanoc had none. Further, another feature distinguishing the two cases were that while eBay had only a general knowledge of infringement, Akanoc knew or should have known of the specific incidents of infringement. [48] There is a liability on the service provider for continuing to provide services to infringers after being notified of the infringement.

II. Copyright

  1. Copyright issues are more problematic in the cloud. When the various laws of copyright meet in the cloud, the result is ambiguity. What is an infringement in one country may not be so in another. For example, if a copyrighted work is copied and disseminated by a user in India, after the period of protection has expired (i.e.60 years), it would still infringe the US Copyright Act which guarantees protection for 70 years. Hence, the courts must tread with caution when trying to define the dynamic landscape of the cloud with respect to copyright.
  2. The next question is regarding the liability for copyright violation. Whether the cloud service providers can be made liable for any infringement of copyright using their services is debatable. One argument is that they act as merely conduit pipes for communication. As intermediaries, they cannot be imposed with any liability for the copyright infringement by users. But the counter argument can be that they induce infringement by users and are hence liable for that inducement.
  3. The scope of copyright itself is called into question in the cloud arena. There is an underlying presumption that the owner of the copyright can only control the display uses of the copyrighted material. When searching sites like Google, copy whole books for the purpose of indexing them (for refining the search technology), it is a non display use. The cloud providers are clearly making a commercial use of the works owned by others.
  4. Another issue is the making of copies of copyright protected material within cloud computing, and which rules apply in this instance. For example, the owner of a software programme or music file does not have a general ownership per se, but rather a license to an individual copy. Some countries allow individuals to make copies of music and film files for private use, as well as to a close circle of friends and family. But when files are saved on cloud servers, it is difficult to interpret what this means, and uncertainty exists regarding what distribution is permissible.
  5. Furthermore, it is unclear what responsibility intermediaries, who are often suppliers of cloud services, have in the supply of copyright protected material. Since copyright protected material is protected in certain countries but not in others, this can lead to geographical limitations and uncertainty regarding licensing rights, for both companies and private customers. [49]

a. Cloudiness of the cloud illustrated.

  1. In Penguin v American Buddha, [50] the court dismissed the case on the ground of lack of jurisdiction. American Buddha maintained a website known as Ralph Nader Library. The information available in the library website was stored in servers located in States of Arizona and Oregon. When Penguin found out that four of their printed works were available in the website, it filed a lawsuit against American Buddha in the US District Court for the Southern District of New York claiming that the uploading and making available of the books infringed Penguin’s copyright. The New York District court agreed with the defendant that the place of the injury was ‘where the books were electronically copied’, i.e., where the servers were located (Arizona or Oregon) and not in New York where the Plaintiff Penguin was located.
  2. The courts must tread with utmost care when dealing with the infringement cases as their decision might affect a third party in another country as well. The effect of the copying is felt wherever the website is available. By resorting to a determination which is based on mere technical aspect of the cloud, this decision has made it even harder for a wronged right-holder to get justice.
  3. Determining the liability of the cloud providers in cases of infringement has turned out to be the most confounding ground for the jurists. There is no agreement at all on whether they are liable directly or indirectly, or whether there is vicarious liability or contributory liability. The following cases highlight the fluctuating responses of the judiciary as to the liability of the service providers.
  4. In Religious Technology Center v. Netcom On-Line Communication Services Inc, [51] the court held that actual knowledge of specific acts is required to establish contributory infringement. it was observed that, “in an online context, evidence of actual knowledge of specific acts of infringement is required to hold a computer system operator liable for contributory copyright infringement.” In the Netcom case, the court attributed ‘substantial participation in copyrighted material’ upon Netcom due to its failure to stop an infringing copy from being distributed worldwide.
  5. In the Betamax Case, [52] the US Supreme Court supported the proposition that where the alleged technology is capable of substantial non-infringing use, its creators should not be held liable for infringement. This defense was disallowed when it was found that there is actual knowledge of specific infringements in A&M Records, Inc. v. Napster, Inc., [53]
  6. In Arista Records, LLC v. Usenet.com, Inc., [54] the cloud at issue here was the USENET Network, “a global system of online bulletin boards” on which subscribers could post their own messages or files and download files posted by others. The court reasoned that “rampant” evidence of copyright infringement occurring on the USENET, and undisputed evidence that copyrighted sound recordings had been uploaded to the cloud and downloaded by users, inter alia prove that the defendants actively promoted direct copyright infringement, and that they intended to induce or foster copyright infringement by the cloud’s users. [55]
  7. In Disney Enterprises, Inc. et al., v. Hotfile Corp., et al [56] , the Southern District of Florida dismissed direct infringement claims brought by a group of movie studios against Hotfile, an internet storage service, but refused to dismiss claims for inducement, contributory and vicarious liability. While the Southern District of California recently upheld direct infringement claims against a file storage service but denied claims for secondary liability in Perfect 10, Inc. v. Megaupload Ltd., et al. [57]
  8. The Southern District of New York held in Capitol Records Inc. et al. v. MP3tunes LLC et al. [58] , that even if liability attaches, “storage locker” services may be eligible for the safe harbor protections in section 512(c) of the Digital Millennium Copyright Act. [59]

b. Further concerns in the cloud

  1. The rights exercised by the cloud providers as they cause the materials to be copied and transmitted, remains to be distinguished from the exclusive rights of the copyright owner. The need to identify this matter arises when the users avail the same rights without any authorization. Since it is the service providers who make those services available, does the liability fall upon them?

III. Trade Secret

  1. Private and confidential data protection is a huge concern in cloud computing. That is the threat against trade secrets as well. Trade secret is information that is subject to attempts that are reasonable under the circumstances to maintain its secrecy. It can be a formula, pattern, compilation, program, technique, device, method, or process. [60] When a corporation, puts all its data into a cloud, it could contain details as to its clients, financials, etc, which is confidential. It could also qualify as business methods as it is sufficient to reveal valuable information to a rival company. The company loses physical access to the server which hosts this information. When such data is kept in the cloud, the reliability of the cloud is the crucial factor.
  2. The cloud computing facilities can be availed by entering into a take-it-or-leave-it agreement (standard form contracts). There is not much space for negotiation as to suitability of the resources to particular needs. But the standard levels of security need not meet all the requirement of security of a particular user. Even encryption can only go so far as to prevent innocent access. It cannot keep away the intentional hackers with a proficiency in unscrambling and decrypting or malicious insiders. [61]
  3. Third party access is a rational concern of the user, especially since even laws of some countries facilitate it. User data can be handed over to foreign countries on request with or without the knowledge of the user. Since the cloud data is in transit, the country through which it passes has the potential to request such data, according its laws. [62] Even countries are concerned over the lack of privacy of data in the cloud. [63] Not to mention that the downtime of the cloud can prove potentially disastrous for the companies, which depend on these clouds for their day to day transactions. [64]
  4. There is uncertainty about the protection the data in the cloud will get from courts also. It is yet to be decided whether such data will qualify the ‘reasonably protected’ criteria of trade secrets, if it is stored in the cloud. [65] When the information that is usually kept locked in the office cabinet is stored in the cloud, it should at least be given a protection which is more than is usually provided in the cloud. The only sound advice to protect trade secrets, at present, is to not store confidential matter in the cloud.

Harmonizing IP with the cloud

  1. Attempts have been made in the international scenario to bring some kind of harmony in the laws of the countries to give meaning to the rights in the technological era. The lack of an international binding agreement to solve issues in the cloud is well felt. TRIPS agreement has succeeded in synchronizing the laws of WTO member countries; but it is insufficient to protect the valuable rights in the cloud environment. The territoriality of the IP protection meant that, the protection had to be claimed from the court in the places in which the protection is sought.
  2. Significant attempts to evolve a regulatory instrument have been initiated by the National Institute for Standards and Technology (NIST) [66] , the Cloud Security Alliance (CSA), [67] Organization for Economic Cooperation and Development (OECD) [68] and the International Telecommunications Union (ITU). [69] There have also been attempts to standardize the cloud services and to make customers aware of the problems underlying the cloud. [70] A comprehensive set of rules dealing with jurisdiction, choice of law and recognition and enforcement of foreign judgments in disputes concerning the exploitation of IP rights, were prepared by experts in US, [71] Europe [72] and Asia [73] (including the ALI Principles, CLIP Principles, Japanese Transparency Proposal, Waseda Proposal and the Korean KOPILA Principles). The prime concern of these drafters was to clarify a forum or streamline the number of fora for adjudication of the disputes. The ALI approach was to bring the dispute to the court in the place where substantial injury occurred; whereas the Japanese Transparency approach focused on the forum where significant market interests of the right holder are affected. [74] It is essential to analyze theses attempts in order to evolve a flexible approach.
  3. The European Union has proposed a draft General Data Protection Regulation (GDPR) to substitute the European Union Data Protection Directive 95/46/EC in 2012 to deal with technological innovations like cloud computing comprehensively. In 2010, Microsoft proposed the Cloud Computing Advancement Act, to reconcile the differences in the national laws and to secure a better cloud environment. [75]
  4. However, reigning in the cloud within regulation is bound to be a unique challenge due to the multifaceted aspects involved in the cloud. Any new initiative to counter the abuse of the cloud must be calculated to balance the interests of both the consumers and those of the providers. Since any regulation imposed on the cloud would inevitably affect the sovereignty of the various jurisdictions, an international instrument to prescribe uniform standards and to resolve the conflict of the laws is the need of the hour.

India’s Tryst with the Cloud

  1. India is not left far behind in the cloud arena. With the initiative of the GI cloud, Meghraj, India has also identified the potential of the cloud (notwithstanding the risks in the cloud). [76] In the Strategic Direction Paper the Government has also ear marked the major issues in the cloud.
  2. The Indian Civil Procedure Code, 1908, bases territorial jurisdiction on two principles: the place of residence of the defendant and the place where the cause of action arises. However, there are no determinants as to how these are to be determined in the cloud context. The cause of action can be either the place from where the site is accessed or where the server is located. [77] In either case, there is ambiguity as a number of fora can fulfill these criteria.
  3. The Information Technology Act, 2000 deals with computers, computer networks, electronic data, cyber regulations and the like. The Act is insufficient to deal with the technological advancements and related issues in the cloud. It provides that a cloud service provider is not accountable for any third-party data made available by him, if he shows that such infringement or offence was committed without his awareness or that he has exercised due diligence as prescribed by the Government for the prevention of such offence. [78]

    As far as copyright is concerned, Section 81 [79] of the Information Technology Act protects it. But this does not extend to the other intellectual property. Presently there is no binding guidelines or principles to protect the users from the other multifarious problems in the cloud The only products that can be delivered on the Net are intellectual goods, and the internet will reach its potential only if one strengthens its intellectual property protections – William Daley [80]

Conclusion

  1. The cloud has immense potential to be the next ‘thing’ in technology. It needs to be harnessed within a framework of laws. So far, the judiciary has tried to align the cases within the traditional framework. [81] However, it merely serves as a patchwork solution.
  2. The growing competition in this arena will see to it that the providers are regulated suo motto. But for now the customers are at the mercy of shrewdly drafted standard form contracts. Cloud computing issues concerning intellectual property is yet to be defined and demarcated. The case laws currently available are fact specific and cannot constitute any authoritative precedent. Waiting for the courts to evolve a law for the cloud is unfair to the users. Especially to the IP right holders who have to make the most within the prescribed period of protection. Having a transparent IP policy and service protocols will provide the CSP with the safe harbor cover of ‘due diligence’ [82] and bode well for the customers as well
  3. However, the fact that there are no laws to address the crisis (when it strikes) looms like the sword of Damocles over netizens. It shows that the nations are unprepared to meet such a situation. The instances of harm already done cannot be ignored as ‘will-not-happen-again’ events. If the courts start using the extended arm of the law to deal with issues in the cloud, any cloud user will have to be wary of a legal notice for infringement or misuse, from any part of the globe. Hence the law to regulate it must be operable beyond any territorial limitations. An international system modeled on the UN Convention on the Law of The Sea (UNCLOS) seems to be a possible solution to this borderless problem. [83]
  4. An added advantage would be provided if an international cloud registration center is established to study the multi-faceted aspects of the cloud, to allocate cloud space, to demarcate the boundaries, to define the cloud policies and to deal with the technical issues that arise. [84] In fact there is an urgent need for such an institution.

I. Books

  1. Buyya, Rajkumar, James Broberg And Andrzej Goscinski (Ed.), Cloud Computing: Principles And Paradigms, 2011, John Wiley & Sons, Inc.
  2. Kamath, Nandan, Law Relating to Computers, Internet and E-commerce, Second Edition, 2002, Universal Law Publishing Co. Pvt. Ltd.
  3. Rittinghouse , John W. & James F. Ransome, Cloud Computing: Implementation, Management, And Security, 2010
  4. Rosen, Jan (Ed), Intellectual Property at the Crossroads of Trade, ATRIP Intellectual Property, 2012, Edward Elgar
  5. Ryder, Rodney D., Intellectual Property and the Internet, 2002, LexisNexis Butterworths.
  6. Sosinski, Barrie, Cloud Computing Bible, Buyya, 2011, Indianapolis: Wiley Publishing, Inc
  7. Velte, Anthony T, Toby J. Velte, Robert Elsenpeter., Cloud Computing: A Practical Approach, 2009

I. Articles

  1. Barb Darrow, Dropbox: Yes, We Were Hacked, GIGAOM.COM, (Aug. 1, 2012, 4:45 AM), http://gigaom.com/cloud/dropbox-yes-we-werehacked/ (last visited December 12, 2014).
  2. Bruce Goldner, Stuart D. Levi & Rita Rodin Johnston, ISPs Immunity from Contributory Infringement Not Absolute, SKADDEN (Sept. 18, 2009), http://vv^ww.skadden.com/Index.cfm?contentID= 51&itemID=1871
  3. Carly Okyle, Microsoft Says 11- Hour Azure Outage Was Caused by System Update, ENTREPRENEUR, November 20. 2014, http://www.entrepreneur.com/article/240029;
  4. Cloud Computing, AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD, Vol.7, No. 9 June-July, 2010, http://www.gujaratinformatics.com/pdf/Cloud%20Computing.pdf
  5. Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider), https://cloudsecurityalliance.org/research/ccm/
  6. Cloud Outages: Cloud Services Downtime And The Lasting Impact, CRN, http://www.crn.com/news/cloud/index/cloud-outages-cloud-services-downtime.htm
  7. Dara Kerr, Dropbox Confirms it was Hacked, Offers Users Help, CNET.cOM (July 31, 2012, 7:37 PM), http://news.cnet.com/8301-1009_3-57483998-83/dropbox-confirms-itwas-hacked- offers users-help/
  8. Digital Due Process: Modernizing Surveillance Laws for the Internet Age, http://digitaldueprocess.org/index.cfm?objectid=37940370-2551-11DF-8E02000C296BA163
  9. Eric Savitz, Is It Safe to Store Your Trade Secrets in the Cloud?, FORBES, (February 22, 2014), http://www.forbes.com/sites/ciocentral/2012/02/22/is-it-safe-to-store-your-trade-secrets-in-the-cloud/
  10. European Max Planck Group on Conflict of Laws in Intellectual Property, Conflict of Laws in Intellectual Property: The CLIP Principles and Commentary (Oxford, Oxford University Press, 2013).
  11. Fernando M. Pinguelo & Bradford W. Muller, Avoid The Rainy Day: Survey Of U.S. Cloud Computing Case law, BOSTON TECHNOLOGY FORUM, COLLEGE INTELLECTUAL PROPERTY & http://bciptf.org/wp-content/uploads/2011/07/1-AVOID-THE-RAINY-DAY.pdf
  12. Greg Buckles, US PATRIOT Act Trumps EU Safe Harbor, DISCOVERYJOURNAL(July 18, 2011), http://cdiscoveryjoumal.com/2011/07/us-patriot-act-trumps-cu-safe-harbor/
  13. Hillary Stemple, Germany High Court Rules Google Images Do Not Violate Copyright Laws,(April 30, 2010), http://jurist.org/paperchase/2010/04/done-germany-high-court-rule-google-did-not-violate-copyright-laws.php
  14. Hogan Lovells and Dr. NiIs Rauer, Thunbnails Legally Permissible in Germany: German Federal Court, (February 28, 2011), http://documents.lexology.com/116337f4-f0dd-41d1-8078-b5d6e9942855.pdf
  15. How Borderless is the Cloud? An introduction to Cloud Computing and International Trade, KOMMERSKOLLEGIUM, NATIONAL BORD OF TRADE, http://www.wto.org/english/tratop_e/serv_e/wkshop_june13_e/howborderless_cloude.pdf
  16. Ionela Bălţătescu , Cloud Computing Services: Benefits, Risks and Intellectual Property Issues, RESER Conference, 2012 Edition. http://www.globeco.ro/wp-content/uploads/vol/split/vol_2_no_1/geo_2014_vol2_no1_art_022.pdf
  17. Jack Newton, Dropbox Drops the Ball, SLAW (June 21, 2011), http://www.slaw.ca/2011/06/21/dropbox-drops-the-ball/
  18. Jennifer Baker, EU Upset by Microsoft Warning on US. Access to EU Cloud, COMPUTERWORLD (July http://www.computerworld.com/s/article/9218167/EU_upset 5, 2011), by Microsoft_warning on U.S._accessto EU cloud
  19. Joan C Henry, Establishing Personal Jurisdiction for Internet Transactions,(1997) at http://www.lawstetson.edu/courses/computerlaw/papers/jhenryf97.html
  20. JR Raphael, Google Docs Glitch Exposes Private Files, PCWORLD (Mar. 9, 2009, 1:20 PM), http://www.pcworld.com/article/160927/google-docsglitch-exposesjpivate-files.html
  21. Komal Chandra Joshi, Cloud Computing: In Respect to Grid and Cloud Approaches, ISSN: 2249-6645, IJMER, Vol. 2, Issue. 3, May- June 2012
  22. Laycock , Patrick J, Cloud computing: A brief overview of intellectual property issues “in the cloud,” ( November 16, 2011), http://www.smart-biggar.ca/en/articles_detail.cfm?news_id=535
  23. Lucas Mearian, Latest Cloud Storage Hiccups Prompts Data Security Questions, COMPUTERWORLD (Mar. 27, 2009, 12:00 PM), http://www.computerworld.com/s/article/9130682/
  24. Malpractice and Ethical Risks in Cloud Computing, TLIE.ORG (2011), http://www.tlie.org/newsletter/articles/view/1 82, (Texas Lawyers’ Insurance Exchange, Austin, Tex.) (Issue No. 2)
  25. Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy H. Katz, Andrew Konwinski Gunho Lee, David A. Patterson, Ariel Rabkin, Ion Stoica, Matei Zaharia, Above the Clouds: A Berkeley View of Cloud Computing, Technical Report No. UCB/EECS-2009-28, http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html
  26. Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud, January 20, 2010, MICROSOFT NEWS CENTER, http://news.microsoft.com/2010/01/20/microsoft-urges-government-and-industry-to-work-together-to-build-confidence-in-the-cloud/
  27. Narayanan V, Harnessing the Cloud: International Law Implications of Cloud Computing, 12 Chi. J. Int’l. L. 783,Winter, CHICAGO JOURNAL OF INTERNATIOANL LAW, The University of Chicago, pp. 806- 809, (2012) of Law and Judgments in Transnational Disputes (Chestnut, ALI Publishers, 2008)
  28. Richard Acello, Get Your Head in the Cloud, ABAJOURNAL.COM (Apr. 1, 2010, 12:48 AM), http://www.abajournal.com/magazine/article/get your-head in the cloud
  29. Richard Adams, The Emergence of Cloud Storage and the Need for a New Digital Forensic Process Model, MURDOCH UNIVERSITY, AUSTRALIA, http://researchrepository.murdoch.edu.au/19431/1/emergence_of_cloud_storage.pdf
  30. Rivka Tadjer, What Is Cloud Computing?, PCMAG (Nov. 18, 2010), http://www.pcmag.com/articlc2/0,2817,2372163,00.asp#fbid=K-ta85K2uQY
  31. Sahoo, Pritish & Taruna Jaiswal, Cloud Computing And Its Legalities In India, Nirma University Law Journal, Volume-4, Issue-1, July-2014, 65- 78, http://www.manupatra.co.in/newsline/articles/Upload/7796F62A-E75D-45FD-8EC7-3AC01A4A5C7A.pdf
  32. Secure Cloud Storage Providers, IMPERIAL COLLEGE LONDON, available at http://www3.imperial.ac.uk/ict/services/security/helpandadvice/sensitivedata/suitablecloud
  33. Sopheap Chak, Cambodia’s Great Internet Firewall?, GLOBAL VOICES ONLINE, March 2, 2010, http://bit.ly/brP14M
  34. Taty, How Does Cloud Computing Work? [Technology Explained], MAKEUSEOF (Mar. 15, 2011), http://www.makcuseof.com/tag/cloud-computing-work-technology-explained/
  35. The American Law Institute, Intellectual Property: Principles Governing Jurisdiction, Choice
  36. Thomas Claburn, Amazon EC2 Outage Hobbles Websites, INFORMATIONWEEK.COM. (Apr. 21, 2011),
  37. Top Threats to Cloud Computing v1.0, CLOUD SECURITY ALLIANCE, https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf (March, 2010)
  38. Virginia Greiman & Barry Unger, Clearing the Air in Cloud Computing: Advancing the Development of a Global Legal Framework, in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT, 45- 51, (Dr. Barbara Endicott- Popovsky, Ed., 2013)
  39. Vogels, W, A Head in the Clouds—the Power of Infrastructure as a Service, In First workshop on Cloud Computing and in Applications, (CCA ’08) (October 2008).
  40. Wayne Jansen and Timothy Grance, NIST Guidelines on Security and Privacy in Public Cloud Computing, Special Publication 80-144, http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
  41. William Daley, Secy of Commerce for the United States of America Keynote address at WIPO Conference on Electronic Commerce and Intellectual Property, September 1999, at http://ecommerce.wipo.int/conferences/papers/daley.html

III. Reports

  1. Transparency Report, User Data Requests, GOOGLE, http://www.google.com/transparencyreport/userdatarequests/
  2. GI Cloud (Meghraj) Strategic Direction Paper, April 2013, Department of Electronics and Information Technology, Ministry of Communications and Information Technology, Government of India, http://deity.gov.in/sites/upload_files/dit/files/GICloud%20Strategic%20Direction%20Report(1).pdf

IV. Cases

  1. A&M Records, Inc. v. Napster, Inc, 239 F.3d 1004, 1021 (9th Cir. 2001)
  2. Arista Records, LLC v. Usenet.com, Inc, 2009 WL 1873589 (S.D.N.Y.)
  3. Capitol Records Inc. et al. v. MP3tunes LLC et al, 07 Civ. 9931 (WHP)
  4. Disney Enterprises, Inc. et al., v. Hotfile Corp., et al, 2011 U.S. Dist. LEXIS 78387
  5. Inwood Labs. Inc v. Ives Labs, 456 U.S. 844, 854 (1982)
  6. Louis Vuitton Malletier, SA v. Akanoc Solutions, Inc 658 F.3d 936 (9th Cir. 2011)
  7. Penguin Group (USA) Inc v American Buddha, 609 F3d (2nd Cir 2010)
  8. Perfect 10, Inc. v. Megaupload Ltd., et al.,2011 U.S. Dist. LEXIS 81931 (July 27, 2011)
  9. Religious Technology Center v. Netcom On-Line Communication Services Inc, 907 F.Supp. 1371(1995)
  10. Sony Corp. of America v. Universal City Studios, Inc , 464 U.S. 417 (1984)
  11. Tiffany (NJ) Inc. v. eBay Inc, 600 F.3d 93 (2d Cir 2010)

V. International Instruments

  1. Cloud Computing Risk Assessment, EUROPEAN UNION AGENCY FOR NETWORK AND INFORMATION SECURITY, (March, 2010), https://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment
  2. Cloud Standards Coordination, ETSI, (2013), http://csc.etsi.org/website/home.aspx
  3. EU Directive, 94/ 46/ EC, October 1995
  4. Joint Japanese-Korean Proposal” is available at: http://globalcoe-waseda-law-commerce.org/activity/pdf/28/08.pdf
  5. OECD Guidelines on the Protection of Privacy and
  6. Transborder Flows of Personal Data, http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html
  7. Transparency Principles” available at: http://tomeika.jur.kyushu-u.ac.jp/ip/proposal.htm
  8. WIPO document, ‘Use of Trademarks on the Internet: Issues Paper, (SCT3/4), http://www.wipo.int/edocs/mdocs/sct/en/sct_3/sct_3_4.pdf
  9. WIPO document, SCT 2/9, http://www.wipo.int/edocs/mdocs/sct/en/sct_2/sct_2_9pdf

VI. Statutes

  1. The Information Technology Act, No. 21 of 2000
  2. Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
  3. Uniform Trade Secrets Act, 1979
  4. Indian Civil Procedure Code, 1908
  5. Digital Millennium Copyright Act, 1998

VII. Internet Sources

  1. https://www.microsoft.com/info/Cloud.aspx
  2. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
  3. www.manupatra.com
  4. www.heinonline.org
  5. www.jstor.org
  1. Post graduate Student of NALSAR University of Law, During her internship program at Altacit Global.
  2. RAJKUMAR BUYYA, JAMES BROBERG AND ANDRZEJ GOSCINSKI (Ed.), CLOUD COMPUTING: PRINCIPLES AND PARADIGMS, 2011
  3. JOHN W. RITTINGHOUSE & JAMES F. RANSOME, CLOUD COMPUTING: IMPLEMENTATION, MANAGEMENT, AND SECURITY, at xxvii (2010)
  4. Rivka Tadjer, What Is Cloud Computing?, PCMAG (Nov. 18, 2010), http://www.pcmag.com/articlc2/0,2817,2372163,00.asp#fbid=K-ta85K2uQY (last accessed on 12 December, 2014); See also: Taty, How Does Cloud Computing Work? [Technology Explained], MAKEUSEOF (Mar. 15, 2011), http://www.makcuseof.com/tag/cloud-computing-work-technology-explained/ (last accessed on 12 December, 2014)
  5. OPEX model- where only the operational expenses are incurred unlike the conventional CAPEX-Capital expenditure.
  6. Komal Chandra Joshi, Cloud Computing: In Respect to Grid and Cloud Approaches, ISSN: 2249-6645, IJMER, Vol. 2, Issue. 3, May- June 2012, pp 902-905
  7. How Borderless is the Cloud? An introduction to Cloud Computing and International Trade, KOMMERSKOLLEGIUM, NATIONAL BORD OF TRADE, http://www.wto.org/english/tratop_e/serv_e/wkshop_june13_e/how_borderless_cloud_e.pdf (last accessed on 12 Dec, 2014)
  8. PETER MELL & TIMOTHY GRANCE, THE NIST DEFINITION OF CLOUD COMPUTING: RECOMMENDATIONS OF THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2 (2011), available at http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf [hereinafter NIST DEFINITION OF CLOUD COMPUTING].
  9. BARRIE SOSINSKI, CLOUD COMPUTING BIBLE, 11, (2011)
  10. Force.com, Microsoft Azure platform, Zoho creator and GoGrid CloudCenter are some PaaS cloud services.
  11. Supra n.8
  12. Some IaaS clouds are Eucalyptus and GoGrid
  13. Supra n.8
  14. Ionela Bălţătescu , Cloud Computing Services: Benefits, Risks and Intellectual Property Issues, RESER Conference, 2012 Edition. http://www.globeco.ro/wp-content/uploads/vol/split/vol_2_no_1/geo_2014_vol2_no1_art_022.pdf, last accessed on 10 December, 2014
  15. Supra n.6
  16. Some public clouds are: Amazon Web Services (AWS) containing the Elastic Compute Cloud (EC2) (IaaS) and the Simple Storage Service (S3), Google App Engine (PaaS), G-mail, Microsoft Azure and Salesforce.com.
  17. Cerelink is a private cloud.
  18. Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy H. Katz, Andrew Konwinski Gunho Lee, David A. Patterson, Ariel Rabkin, Ion Stoica, Matei Zaharia, Above the Clouds: A Berkeley View of Cloud Computing, Technical Report No. UCB/EECS-2009-28, http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html, last accesses on 9 December, 2014
  19. Google Gov Cloud is a community cloud.
  20. Rackspace is an example for a hybrid cloud.
  21. Vogels, W, A Head in the Clouds—the Power of Infrastructure as a Service, In First workshop on Cloud Computing and in Applications, (CCA ’08) (October 2008).
  22. Herein referred to as CSP.
  23. Secure Cloud Storage Providers, IMPERIAL COLLEGE LONDON, available at http://www3.imperial.ac.uk/ict/services/security/helpandadvice/sensitivedata/suitablecloud, last access on 10 December, 2014
  24. See Malpractice and Ethical Risks in Cloud Computing, TLIE.ORG (2011), http://www.tlie.org/newsletter/articles/view/1 82 , (Texas Lawyers’ Insurance Exchange, Austin, Tex.) (Issue No. 2).
  25. Both Google Docs and Dropbox have experienced security glitches. In 2009, a glitch within Google Docs caused private documents to be inadvertently exposed:75 JR Raphael, Google Docs Glitch Exposes Private Files, PCWORLD (Mar. 9, 2009, 1:20 PM), http://www.pcworld.com/article/160927/google-docsglitch-exposesjpivate-files.html; In 2011, Dropbox disclosed a “bug” that created a gateway for potential hackers to obtain access to confidential information from any Dropbox user, for the hacker merely needed the user’s e-mail address to have “unfettered access to [the user’s] entire Dropbox: Jack Newton, Dropbox Drops the Ball, SLAW (June 21, 2011), http://www.slaw.ca/2011/06/2 1/dropbox-drops-the-ball/; in 2012, Dropbox publicly reported another security glitch. Dara Kerr, Dropbox Confirms it was Hacked, Offers Users Help, CNET.cOM (July 31, 2012, 7:37 PM), http://news.cnet.com/8301-1009_3-57483998-83/dropbox-confirms-itwas-hacked-offers users-help/; see also Barb Darrow, Dropbox: Yes, We Were Hacked,GIGAOM.COM, (Aug. 1, 2012, 4:45 AM), http://gigaom.com/cloud/dropbox-yes-we-werehacked/ (last visited December 12, 2014). (last access on 8 Decmber, 2014)
  26. Supra n.22.
  27. The PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001) in the United States allows federal security agencies to directly utilize Cloud provider’s infrastructure for wiretapping and surveillance purposes which can also be accompanied with a gag order (section 505); In an attempt to strengthen government control over the internet, Cambodia is implementing a government-controlled, national exchange point through which all internet service providers (ISP) must go in order to access the national market: Sopheap Chak, Cambodia’s Great Internet Firewall?, GLOBAL VOICES ONLINE, March 2, 2010, http://bit.ly/brP14M (last access on 6 December, 2014)
  28. 94/ 46/ EC, October 1995
  29. The German Federal Court , in a case between Google and an artist, whose paintings were depicted in the search engine index as thumbnails, did not go into the issue whether the depiction amounted to a reproduction of the work as the server was situated in USA: Hogan Lovells and Dr. NiIs Rauer, Thunbnails Legally Permissible in Germany: German Federal Court, (February 28, 2011), http://documents.lexology.com/116337f4-f0dd-41d1-8078- b5d6e9942855.pdf; See also, Hillary Stemple, Germany High Court Rules Google Images Do Not Violate Copyright Laws,(April 30, 2010), http://jurist.org/paperchase/2010/04/done-germany-high-court-rule-google-did-not-violate-copyright-laws.php,( last access on 12 December, 2014 )
  30. Eg. Blogging facilitated by Google, WordPress, Flikr.com
  31. Eg: eBay, Amazon
  32. Social networking sites such as Facebook and LinkedIn
  33. The access from resources not owned by the cloud consumer is possible as the intermediate connection between source and target storage devices is provided by the Internet in most cases. Hence it is not a simple matter to identify the path that the data takes from source storage device to the target storage device as this path may not remain fixed: Richard Adams, The Emergence of Cloud Storage and the Need for a New Digital Forensic Process Model, MURDOCH UNIVERSITY, AUSTRALIA, DOI: 10.4018/978-1-4666-2662-1.ch004, http://researchrepository.murdoch.edu.au/19431/1/emergence_of_cloud_storage.pdf , last access on 9 December, 2014
  34. Back-up failures and an increase in hacking attempts also challenge cloud users: Lucas Mearian, Latest Cloud Storage Hiccups Prompts Data Security Questions, COMPUTERWORLD (Mar. 27, 2009, 12:00 PM), http://www.computerworld.com/s/article/9130682/ , last access on 9 December, 2014 ; Also see Thomas Claburn, Amazon EC2 Outage Hobbles Websites, INFORMATIONWEEK.COM. (Apr. 21, 2011), http://www.informationweek.com/news/cloudcomputing/infrastructure/229402054 (providing an example of an unrelated outage with Amazon EC2, which experienced technical problems that slowed or disabled access to websites of customers using Engine Yard, Foursquare, Hootsuite, Heroku, Quora, and Reddit), last access on 9 December, 2014
  35. Cloud Computing Security Risk Assessment, EUROPEAN UNION AGENCY FOR NETWORK AND INFORMATION SECURITY, (November 20, 2009), https://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment. last access on 12 December, 2014 36 Cloud Computing, AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD, Vol.7, No. 9 June-July, 2010, http://www.gujaratinformatics.com/pdf/Cloud%20Computing.pdf , last access on 9 December, 2014
  36. Cloud Computing, AN E-GOVERNANCE BULLETIN FROM GUJARAT INFORMATICS LTD, Vol.7, No. 9 June-July, 2010, http://www.gujaratinformatics.com/pdf/Cloud%20Computing.pdf , last access on 9 December, 2014
  37. Richard Acello, Get Your Head in the Cloud, ABAJOURNAL.COM (Apr. 1, 2010, 12:48 AM), http://www.abajournal.com/magazine/article/get your-head in the cloud: explaining that when firms use cloud service providers the vendors are responsible for purchasing, maintaining, and updating hardware and software, not the firm itself (describing the movement of data at the discretion of the cloud provider, for example, “[f]irst we had your data in Santa Fe, but then we moved it to Duluth, and now we’ve built a data warehouse in Iceland”) last access on 10 December, 2014
  38. Id
  39. WIPO document, ‘Use of Trademarks on the Internet: Issues Paper, (SCT3/4), para 6, at http://www.wipo.int/edocs/mdocs/sct/en/sct_3/sct_3_4.pdf , last access on 9 December, 2014
  40. WIPO document, SCT 2/9, para 62
  41. Id, paras 28 to 34 and 62 to 66
  42. The following inconveniences accompany the use of disclaimers:

    1. The user of a sign must have knowledge of conflicting rights all over the world in order to disclaim them. This may even include individual rights.
    2. Disclaimers must be in the language of the particular countries
    3. Disclaiming relationship with multiple right holders is inconvenient and potentially impossible
    4. There is the residual risk of confusion: WIPO document, SCT 2/9, paras 37 and 66
  43. Supra n.38, para 30to 31
  44. 456 U.S. 844, 854 (1982)
  45. 600 F.3d 93 (2d Cir 2010)
  46. Under Inwood, a service provider is liable for contributory trademark infringement if one of two conditions is met:

    1. The provider “intentionally induced another to infringe a trademark,” or
    2. The provider continued to supply its services to a user who it knew or had reason to know was infringing on trademarks.
  47. 658 F.3d 936 (9th Cir. 2011
  48. Bruce Goldner, Stuart D. Levi & Rita Rodin Johnston, ISPs Immunity from Contributory Infringement Not Absolute, SKADDEN (Sept. 18, 2009), http://www.skadden.com/Index.cfm?contentID=51&itemID=1871
  49. Supra n.6
  50. Penguin Group (USA) Inc v American Buddha, 609 F3d (2nd Cir 2010) (“American Buddha II”)
  51. 907 F. Supp. 1371(1995)
  52. Sony Corp. of America v. Universal City Studios, Inc , 464 U.S. 417 (1984)
  53. 239 F.3d 1004, 1021 (9th Cir. 2001)
  54. 2009 WL 1873589 (S.D.N.Y.) (June 30, 2009).
  55. Fernando M. Pinguelo & Bradford W. Muller, Avoid The Rainy Day: Survey Of U.S. Cloud Computing Case law, BOSTON COLLEGE INTELLECTUAL PROPERTY & TECHNOLOGY FORUM, http://bciptf.org/wp-content/uploads/2011/07/1-AVOID-THE-RAINY-DAY.pdf , last access on 9 December, 2014
  56. 2011 U.S. Dist. LEXIS 78387 (July 8, 2011)
  57. 2011 U.S. Dist. LEXIS 81931 (July 27, 2011)
  58. 07 Civ. 9931 (WHP)
  59. Section 512(a) of the Digital Millennium Copyright Act, which allows an Internet service provider to provide connections for material that is temporarily stored on its service with impunity, provided it meets the following conditions:

    1. The provider continued to supply its services to a user who it knew or had reason to know was infringing on trademarks.
    2. The Internet service provider did not select the material being transferred, routed, or stored, but instead the process is completed automatically;
    3. Another person, not the service provider, selects the recipient of the material;
    4. The material housed on the server is not available to individuals other than the named recipient, nor is it available to the intended recipient for an unreasonably long period of time;
    5. The Internet service provider does not alter or modify the material’s content.
  60. Uniform Trade Secrets Act definition of trade secret in Section 1 (4)
  61. ANTHONY T. VELTE, TOBY J. VELTE, ROBERT ELSENPETER., CLOUD COMPUTING: A PRACTICAL APPROACH, 139, (2009) ; See also: Top Threats to Cloud Computing v 1.0, CLOUD SECURITY ALLIANCE, https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf (March, 2010): According to a recent Cloud Security Alliance Report, insider attacks are the third biggest threat in cloud computing.
  62. Digital Due Process: Modernizing Surveillance Laws for the Internet Age, http://digitaldueprocess.org/index.cfm?objectid=37940370-2551-11DF-8E02000C296BA163. Also Transparency Report, User Data Requests, GOOGLE, http://www.google.com/transparencyreport/userdatarequests/ , last access on 9 December, 2014
  63. Jennifer Baker, EU Upset by Microsoft Warning on US. Access to EU Cloud, COMPUTERWORLD (July 5, 2011), http://www.computerworld.com/s/article/9218167/EU_upset byMicrosoft_warning on U.S._accessto EU cloud: (describing the European Union’s reaction on learning that Microsoft was unable to guarantee that the data of citizens utilizing Microsoft’s cloud services would not be subject to release under the USA PATRIOT Act). See also Greg Buckles, US PATRIOT Act Trumps EU Safe Harbor, DISCOVERYJOURNAL(July 18, 2011),
  64. Google Amazon, Microsoft: all of them has succumbed to cloud outages: Carly Okyle, Microsoft Says 11- Hour Azure Outage Was Caused by System Update, ENTREPRENEUR, November 20. 2014, http://www.entrepreneur.com/article/240029; Also Cloud Outages: Cloud Services Downtime And The Lasting Impact, CRN, http://www.crn.com/news/cloud/index/cloud-outages-cloud-services-downtime.htm
  65. Eric Savitz, Is It Safe to Store Your Trade Secrets in the Cloud?, FORBES, (February 22, 2014), http://www.forbes.com/sites/ciocentral/2012/02/22/is-it-safe-to-store-your-trade-secrets-in-the-cloud/ (last accessed on 15, Dec, 2014)
  66. Wayne Jansen and Timothy Grance, NIST Guidelines on Security and Privacy in Public Cloud Computing, Special Publication 80- 144, http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf , last access on 10 December, 2014
  67. Cloud Controls Matrix (principles to guide vendors and customers to assess the security risk of a cloud provider), https://cloudsecurityalliance.org/research/ccm/ , last access on 11 December, 2014
  68. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, available at http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html
  69. Focus Group on Cloud Computing, http://www.itu.int/en/ITU-T/focusgroups/cloud/Pages/default.aspx
  70. Supra n. 34; Also: Cloud Standards Coordination, ETSI, (2013), http://csc.etsi.org/website/home.aspx, last access on 11 December, 2014
  71. The American Law Institute, Intellectual Property: Principles Governing Jurisdiction, Choice of Law and Judgments in Transnational Disputes (Chestnut, ALI Publishers, 2008).
  72. European Max Planck Group on Conflict of Laws in Intellectual Property, Conflict of Laws in Intellectual Property: The CLIP Principles and Commentary (Oxford, Oxford University Press, 2013).
  73. “Transparency Principles” available at: http://tomeika.jur.kyushu-u.ac.jp/ip/proposal.htm, see also “Joint Japanese-Korean Proposal” is available at: http://globalcoe-waseda-law-commerce.org/activity/pdf/28/08.pdf accessed on 12 December 2014.
  74. Paulius Jurčys, International Jurisdiction in Intellectual Property Disputes – CLIP, ALI Principles and other Legislative Proposals in a Comparative Perspective, (2012)3(2) JIPITEC, 174- 226
  75. Microsoft Urges Government and Industry to Work Together to Build Confidence in the Cloud, January 20, 2010, MICROSOFT NEWS CENTER, http://news.microsoft.com/2010/01/20/microsoft-urges-government-and-industry-to-work-together-to-build-confidence-in-the-cloud/, last access on 9 December, 2014
  76. GI Cloud (Meghraj) Strategic Direction Paper, April 2013, Department of Electronics and Information Technology, Ministry of Communications and Information Technology, Government of India, http://deity.gov.in/sites/upload_files/dit/files/GICloud%20Strategic%20Direction%20Report(1).pdf
  77. NANDAN KAMATH, LAW RELATING TO COMPUTERS, INTERNET AND E-COMMERCE, (2002)
  78. Section 79, The Information Technology Act, No. 21 of 2000: Network service providers not to be liable in certain cases.-For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention. Act, rules or regulations made thereunder for any third party Explanation.-For the purposes of this section,- (a) “network service provider” means an intermediary; (b) “third party information” means any information dealt with by a network service provider in his capacity as an intermediary;
  79. Section 81 proviso: Provided that nothing contained in this Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957 or the Patents Act, 1970.
  80. William Daley, Secy of Commerce for the United States of America Keynote address at WIPO Conference on Electronic Commerce and Intellectual Property, September 1999, at http://ecommerce.wipo.int/conferences/papers/daley.html
  81. Joan C Henry, Establishing Personal Jurisdiction for Internet Transactions,(1997) at http://www.lawstetson.edu/courses/computerlaw/papers/jhenryf97.html , last access on 12 December, 2014
  82. RODNEY D RYDER, INTELLECTUAL PROPERTY AND THE INTERNET, 49- 50, ( 2002): Websites terms and conditions should deal with the following:

    1. Copyright and trademark ownership, with clear notice of the rights retained by the vendor in the website
    2. In the case of downloadable material, what can be done with the download such as limiting the use on certain computers or for non- commercial purposes
    3. Limiting or excluding liability to the extent possible and doing the same in respect of other warranties or promises
    4. Limiting or excluding responsibility for linking to other sites; For example: Microsoft notice of infringement: https://www.microsoft.com/info/Cloud.aspx (cloud named OneDrive)
  83. Narayanan V, Harnessing the Cloud: Internatioanl Law Implications of Cloud Computing, 12 Chi. J. Int’l. L. 783,Winter, CHICAGO JOURNAL OF INTERNATIOANL LAW, The University of Chicago, pp. 806- 809, (2012): Here the demarcating factor need not be physical boundaries as in UNCLOS, but it can also be the subject matter of the dispute. This would also aid in the recognition of the extraterritorial jurisdiction over foreign parties without instigating national reproaches.
  84. Virginia Greiman & Barry Unger, Clearing the Air in Cloud Computing: Advancing the Development of a Global Legal Framework, in PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT, 45- 51, (Dr. Barbara Endicott- Popovsky, Ed., 2013)