[cryptography] Using Cloud to Obfuscate Liability
iang at iang.org
Sun Sep 18 06:43:13 EDT 2011
On 18/09/11 7:30 PM, Jeffrey Walton wrote:
>>> Its kind of like the poor
>>> man's cloud (and corporate america is flocking to the cloud, in part
>>> due to the additional layer of liability offload).
>> ! OK, I'll bite. How does one offload liability by using the cloud?
> The provider is another entity in the legal entanglements, which
> offers yet another level of indirection.
> Pre-cloud: Company A houses your data. Company A is breached, and
> company A is exposed to legal liability. Post-cloud: Company A uses
> Company B's cloud service. Your data is breached, and its not clear if
> the loss occurred at company A or company B. Since you can't prove who
> is responsible for the loss, neither company is subject to a tortable
Tort <= provable agent. I get it, thanks!
> By the time dust settles on data breaches, any attempts to certify a
> class action are thrown out because members of the class cannot show
> loss (and future loss is not considered). Its only going to get worse
> when cloud providers are added to the mix.
Meanwhile, Peter says, in answer to Dan's cloud question:
> If you avoid it like the plague, you should be OK.
Seems like we have different threat models in mind ;)
More information about the cryptography