Yesterday on InformationWeek, Kevin Fogarty wrote about data ownership issues in relation Megaupload. The file-storing—"locker"—service was shut down by the US DOJ over claims of rampant piracy. The FBI is under fire in the case for allegedly "sneaking copies of Megaupload's content out of New Zealand after it had been classified as evidence" in the case against the company.
More noteworthy, however, are issues surrounding the legitimate data that customers uploaded to the locker for storage, raising a question asked with increasing frequency: Who owns the data you put into the cloud?
And it's not just a question of ownership. Megaupload had paid corporate clients, and stored large amounts of data for these companies—companies who have been unable to access their data since January. The way data storage services are treated by law dictates how all of the stored data is treated—and how you get your data back. Fogarty writes:
Prosecutors told a U.S. judge content owners should have to file suit against Megaupload as unsecured creditors to demand the return of their data, even though legal data plays no part in the copyright infringement case the U.S. and New Zealand are trying to build against what had been the world's largest file locker. The judge, who has yet to rule on a June motion from Megaupload user Kyle Goodwin that his data be returned, made a point in court of differentiating between requests for the return of legitimate property (data) and demands that Megaupload's allegedly illegal file-copying service be restored.
Prosecutors have insisted on handling Megaupload as an illegal service that has been shut down rather than an agent appointed to hold property for its customers. Police are not required to return property to customers or victims of illegal services such as the sale of crack or pirated content. They are required to return property impounded as part of the shutdown of other types of businesses, however.
We talk a lot on this blog about data-driven policymaking, where arguments and insights based on data shape new laws and refine existing ones. But there's another way of thinking about data-driven policymaking: policy that governs data. The policy framework applied to data in circumstances like this may impact the future of cloud services. Afraid that the "illegal service" policies regarding property will apply—where property is seized and treated like belongings in a crack house—rather than "impound" policies—where legitimate property is held and returned to owners—companies may be forced to invest in costly infrastructure instead of supporting the innovation in the cloud.
The crux of the problem, though, may be trying to use existing property models at all. As we've already seen in copyright debates, what it means to "own" something is not nearly as concrete a notion in a digital context, and this is especially true of those things falling under the umbrella of "data."