Cloudlaw Conference: Jurisdiction Panel

The first panel at the Cloudlaw Conference as on the topic of Jurisdiction. The three speakers were Professor Anupam Chander from the UCDavis School of Law, Professor Andrew Clement from the Faculty of Information at the University of Toronto, and Mr. Steve Mutkoski, who is the Worldwide Policy Director for Microsoft Corporation.

Professor Chander began the discussion by talking about jurisdiction indifference. His suggestion was that this is something the law should promote. We should worry less about where our information is, and he made this point using the example of Gmail. Google has many servers spread throughout the world, but they keep the location of said servers secret. Professor Chander promoted the idea of jurisdiction indifference by raising the possible threat of national clouds, where each nation might aim to restrict access and restrict the free transfer of data across borders. A few of the points raised in support of jurisdiction indifference included:

1. Redundancy: local clouds would reduce competition for these services, limiting the individual’s options.
2. Economic considerations: if servers can be located anywhere, based on economic considerations, this could reduce costs for everyone.
3. Climate change: efficient clouds will use less energy; they could be located where energy was cheap or when cooling is readily available.
4. Protectionism: there are concerns about cloud computing becoming very protectionist, and this is something that national or local clouds could exacerbate.

The second speaker, Professor Clement, discussed the phenomenon of “boomerang routing”. A boomerang route, from the Canadian perspective, is a route that goes outside Canada, even though the origin and destination are found within Canada.  Concerns have arisen about privacy and surveillance and the fact that deep packet inspection by ISPs could occur. There is a level of transparency that we should aspire for with the internet, which was motivated by the NSA’s warrantless wiretaps. He and his team have developed a tool called “Ixmaps” which tracks where your packets go as they are sent to another URL or email. This can be used to locate the routers which said traffic passed through. The NSA has fibre optic splitters at approximately 15 gateways, and all traffic at these gateways can be intercepted. The power of Ixmaps was demonstrated, as he showed that a transfer, even from one location in Toronto to another location in Toronto could be routed through Chicago. Approximately 1/3rd of the data of Canadian origin and termination still goes through an American router. Professor Clement noted that the boomerang routes do not appear to have to do with efficiency, and more with exchange arrangements between carriers. This is a matter of public interest, as Canadian information could be exposed to interception and surveillance risks as a result of that data’s transit in the United States. This again leads us to the question of transparency, as well as a need for public education.

The final speaker was Mr. Steve Mutkoski. In his position as Worldwide Policy Director at Microsoft he discussed Jurisdiction in the Cloud. He also brought up the issue of the possible undue creation of small islands of national clouds. He noted that there is some legal uncertainty clouding the expansion and adoption of cloud computing. Companies feel that there could be impediments to their doing cross border work, as they feel the regime might be too complex. A cloud dispute has a number of parties, such as the infrastructure provider, the service provider, the user, and possibly other third parties or regulators. There are issues of jurisdiction specifically with regulatory actions and law enforcement actions. The possibility of having to comply with one or several conflicting or vague sets of requirements could be a major impediment to the utilization of the cloud. Mr Mutkoski discussed some possible solutions, one of the major ones being the harmonization and unification of the underlying substantive law around areas such as data protection.

The panel provided a broad view of the jurisdictional issues that exist in the context of cloud computing. There are a number of concerns regarding law enforcement, protectionism, and uncertainty which muddy the waters of jurisdiction in cloud computing. In order for the adoption of cloud computing to become more widespread these issues will need to be resolved, as they are currently a major impediment.