♬ I’ve looked at clouds from both sides now,
From up and down, and still somehow
It’s cloud illusions I recall.
I really don’t know clouds at all…♬
Lyrics, music and recorded by Joni Mitchell.
While the legal community is all a’buzz over the possibilities offered by Cloud Computing, there are really little in the way of standards, much less comprehensive legal ethics opinions, that deal with the parameters of lawyers’ and law offices’ use of the cloud within the scope of legal practice. To be sure there is the Cloud Computing Association that is working on the cloud. More specifically, there is the recently formed Legal Cloud Computing Association that has issued their Response to ABA Commission on Ethics 20/20 RE: Issues Paper Concerning Client Confidentiality and Lawyers’ Use of Technology. But to be fair, these are associations of cloud application providers and as such, they have a direct financial interest in the promotion and adoption of cloud-based solutions by lawyers and others.
Some jurisdictions have started to examine the use of the cloud in legal practice, such as the State Bar of North Carolina, which resolved in Jan, 2011:
The Ethics Committee agreed that ….Proposed 2010 FEO 7, Subscribing to Software as a Service while Fulfilling the Duties of Confidentiality and Preservation of Client Property, should continue to be studied by a subcommittee.
Of course the ABA’s Ethics 20/20 Commission continues its examination of lawyer regulation in the context of the advances in technology and global legal practice developments.
Accordingly, it is timely and indeed, fortunate that the US National Institute of Standards and Technology (NIST) has issued two new draft documents on cloud computing for public comment.
These two documents include the first set of guidelines for managing security and privacy issues in cloud computing. The agency also has set up a new NIST Cloud Computing Collaboration site on the Web to enable two-way communication among the cloud community and NIST cloud research working groups.
United States Chief Information Officer Vivek Kundra asked NIST to accelerate the federal government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines in collaboration with standards bodies, the private sector and other stakeholders. These new draft documents and the collaboration site are part of NIST’s work to fulfill that mission.
Seeing which way the wind is blowing, NIST has been researching cloud computing for several years and has been documenting a definition of cloud computing on its web page. Researchers have published A NIST Definition of Cloud Computing (NIST Special Publication (SP) 800-145). It is to be noted that NIST scientists are looking for feedback to determine if this definition remains valid or needs modification. SP 800-145 may be downloaded for review from http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf, and comments on suggested changes or enhancements should be sent to email@example.com no later than February 28, 2011.
Nist’s Guidelines on Security and Privacy in Public Cloud Computing (SP 800-144) provides an overview of the security and privacy challenges for public cloud computing and presents recommendations that organizations should consider when outsourcing data, applications and infrastructure to a public cloud environment.
The key guidelines recommended to federal departments and agencies, and applicable to the private sector, include:
- Carefully plan the security and privacy aspects of cloud computing solutions before engaging them.
- Understand the public cloud computing environment offered by the cloud provider and ensure that a cloud computing solution satisfies organizational security and privacy requirements.
- Ensure that the client-side computing environment meets organization security and privacy requirements for cloud computing.
- Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.
NIST also states that they wish to further foster the cloud community’s collaboration aimed to enhance the federal government’s secure adoption of cloud computing. Accordingly, NIST has also has created the NIST Cloud Computing Collaboration Site at http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/.
This site provides general information about NIST’s cloud computing program and an up-to-date listing of cloud computing events. One set of pages are used by the NIST-sponsored Cloud Computing working groups. These groups, which are open to all those who wish to register and participate, were established during the November 2010 Cloud Computing Forum and Workshop II, and include Business Use Cases, Reference Architecture and Taxonomy, Standards Roadmap, Standards Acceleration to Jumpstart the Adoption of Cloud Computing (SAJACC), and Cloud Security.
Each working group’s page provides descriptions of the group’s task, weekly meeting information and working documents. To contribute to the TWiki, register from the link on the main NIST Cloud Computing Program Web site at www.nist.gov/itl/cloud/.
It seems an appropriate time for those lawyers, ethics committees, bar associations and legal regulators who have an interest in how the cloud will serve the public interest as well as the needs of lawyers, clients and cloud developers to get involved and start looking at clouds from both sides now, both up and down, as it seems that, at this early point in its development, we really don’t know the ethics of clouds at all…