Terms of Service Conditions Are Critical for Ethical Use of Cloud Computing Services
Millions of people use cloud computing services such as Gmail, Dropbox and iCloud to store and back up their data off-site. They provide an attractive and often cheaper alternative to in-house servers or portable external hard drives.
Lawyers who seek to use cloud services should review the terms of service agreements and use good judgment when determining which documents are appropriate to upload to the cloud, experts said during an _ webinar on “Moving Your Law Practice to the Cloud Safely and Ethically.”
“As a practical matter, there are risks involved in using the cloud, just as there are risks in your own office. If you’re in an old building, there are risks that the wiring could cause a fire,” said Natalie Kelly, director of the State Bar of Georgia’s Law Practice Management Program.
Unlike the average user, lawyers have an ethical duty to preserve the confidentiality of their clients and need to be extremely cautious when deciding to use these services in their practice.
“When your client data is on the cloud, it may not be covered by the same privacy laws as other information accessed by law enforcement … You have to monitor your legal and ethical requirements to your clients,” said Daniel Siegel, principal of the Law Offices of Daniel J. Siegel LLC.
In 2012, Google changed its terms of service to unify all its products under one agreement. This shift caused lawyers, who have an obligation to protect client data, to question the ownership and the company’s usage of their data.
“It really confused everybody, and all of a sudden people started screaming and moaning, ‘What is going on?’” Siegel said. “Google now says they can do whatever they want with their data. Well, frankly, they really could to begin with. As long as you used their services and you put it out there in the public view, then Google had the right, according to their services, to be able to take that content and use it for advertising purposes or all kinds of other things.”
When Apple launched iCloud and began promoting the service as a way to back up all data through its software, experts found problematic language for lawyers written in its terms of service agreements.
“There are really scary things within there,” Siegel said. “Apple wants you to use iCloud as a backup mechanism for your iOS devices … The problem is when you’re doing the backup, they don’t guarantee the integrity of any of that data. Even in their terms of service they say, ‘you, the user should be backing up on your own.’ Again, read the terms of service.”
Be aware of cloud services, like Dropbox, whose terms of service say the company can disclose account information, content and information to law enforcement authorities.
“Even though your data is encrypted, they claim it’s encrypted, sent through secure sockets layer (which provides a level of security to data sent over the Internet) and to their storage. They, in fact, will give that to law enforcement. That means they have a master decrypt key,” Siegel said. “Understand when dealing with these providers, you potentially can lose control of that.”
Protect client data by encrypting, or password-protecting documents before uploading to a cloud service such Dropbox, Siegel suggested.
Highly confidential materials should never be stored using a cloud service, experts agreed.
“It’s important to note that some of your information is absolutely too sensitive to be in the cloud. It’s too important. You’re not going to find the Coca-Cola formula or the KFC secret recipe information stored in the cloud,” Kelly said. “The first common sense thing to do is to analyze the practice and determine, is the information of such a high level of sensitivity that there is just absolutely no reason that it should be in the cloud? And under those circumstances you have to be even more cautious.”