[cryptography] Using Cloud to Obfuscate Liability

Ian G iang at iang.org
Sun Sep 18 06:43:13 EDT 2011


On 18/09/11 7:30 PM, Jeffrey Walton wrote:

>>> Its kind of like the poor
>>> man's cloud (and corporate america is flocking to the cloud, in part
>>> due to the additional layer of liability offload).
>>
>> ! OK, I'll bite.  How does one offload liability by using the cloud?
> The provider is another entity in the legal entanglements, which
> offers yet another level of indirection.
>
> Pre-cloud: Company A houses your data. Company A is breached, and
> company A is exposed to legal liability. Post-cloud: Company A uses
> Company B's cloud service. Your data is breached, and its not clear if
> the loss occurred at company A or company B. Since you can't prove who
> is responsible for the loss, neither company is subject to a tortable
> action.


Tort <= provable agent.  I get it, thanks!

> By the time dust settles on data breaches, any attempts to certify a
> class action are thrown out because members of the class cannot show
> loss (and future loss is not considered). Its only going to get worse
> when cloud providers are added to the mix.



Meanwhile, Peter says, in answer to Dan's cloud question:

 > If you avoid it like the plague, you should be OK.

Seems like we have different threat models in mind ;)



iang



More information about the cryptography mailing list