Cloud Computing and Cyber Piracy

A. Cloud Computing

Cloud computing is defined as a global technological infrastructure, where user of a computer accesses and uses software and data located outside of a digital device (e.g., a computer). In general, a user connects to external devices through an Internet connection, but has no knowledge of the nature/location of the server on which the data and software are located. This anonymous, external, and often unidentifiable interaction is known as "cloud computing" or simply as the "Cloud."

The Federal Trade Commission has set the following fair information practice principles: (i) Notice/Awareness; (ii) Choice/Consent; (iii) Access/Participation; (iv) Integrity/Security; and (v) Enforcement/Redress.

Notice/Awareness is the most fundamental principle. Accordingly, before any personal information is collected in cloud computing, consumers should be given notice of an entity's information collection practices. Stated otherwise, without notice, consumers cannot make informed decisions as to whether and to what extent to disclose personal information when cloud computing. The choice prong operates to give consumers options as to how any personal information collected from them may be used and relates to secondary uses of information by the operator (i.e., uses beyond those necessary to complete the contemplated transaction).

The two types of Choice/Consent regimes include: (a) Opt-in; and (b) Opt-out. In essence, the choice regime should provide a simple and accessible method for consumers to exercise their choice for cloud computing. Access/Participation refers to the ability to access data (i.e., view personal data in entity's files) and the ability to contest data accuracy and completeness. Integrity/Security requires collectors to take reasonable steps to ensure integrity such as: (a) use reputable sources of data; (b) cross-reference data against multiple sources; (c) provide consumer access to data; and (d) destroy untimely data or conversion to anonymous form.

Finally, Enforcement/Redress allows consumers to enforce policies by hiring an attorney and procedures pursuant to industry self-Regulation, private remedies, and government enforcement.

In fact, cloud providers continue to face risks. However, their obligations and liability risks, can be modified by the terms and provisions of their service agreements negotiated by lawyers. In recent years, cloud service providers have had to deal with subpoenas for corporate records.

The risks with using cloud storage sites include trade secret, retention/spoliation, and security violations. As such, these companies must ensure integrity and a high quality of service to its customers. There are benefits for using a third party for cloud computing, even though there are associated security risks with sending company data to another location. For example, employees can surreptitiously copy data to local storage devices, web-based email accounts or public cloud services. They may even obtain remote access from home or during business travels. In sum, companies should weigh the benefits against the risks of submitting to a cloud provider with a knowledgeable attorney.

B. Cyber Piracy

In general, cyber piracy is the registration of a domain name of another's mark for the primary purpose of selling the domain to the mark owner for an extortionate sum of money. It is usually for the purpose of retaining, and not using the domain name, usually with the notion that a party with greater interest will eventually buy it from the cyber-squatter. In the past, trademark owners have been forced to sue to secure their rights in cyber-piracy cases.

Pursuant to 15 U.S.C. § 8131, "[a]ny person who registers a domain name that consists of the name of another living person, or a name substantially and confusingly similar thereto, without that person's consent, with the specific intent to profit from such name by selling the domain name for financial gain to that person or any third party, shall be liable in a civil action."

In these cases, the remedies may include injunctive relief, forfeiture or cancellation of the domain name, transfer of the domain name to plaintiff, and attorney's fees and costs. See 15 U.S.C. § 8131(2) and California Business & Professions Code § 17528.5.

However, there are exceptions to this general rule such as when the: (i) name is used in, affiliated with, or related to a work of authorship protected under 17 U.S.C. § 101 et seq. (e.g., work made for hire); (ii) person registering the domain name is the copyright owner or licensee of the work; (iii) person intends to sell the domain name in conjunction with the lawful exploitation of the work; and (iv) registration is not prohibited by a contract between the registrant and the named person.