Cloud computing sales are poised to triple by 2017, according to IHS Technology. With growth comes competition and the potential for disputes, both intellectual property-related and otherwise. This article surveys some of the legal issues raised by this burgeoning area of technology.
Not everyone agrees on what “cloud computing” means. This article defines cloud computing as the delivery of services over the internet via three well known models: (1) Infrastructure as a Service (IaaS) (e.g., data storage in the cloud); (2) Platform as a Service (PaaS) (e.g., application development/deployment in the cloud); and (3) Software as a Service (SaaS) (e.g., software hosting in the cloud). In a nutshell, IaaS provides servers and related hardware; PaaS provides operating systems, libraries, and tools for customers to create their own software; and SaaS provides software applications.
These cloud computing services can supplement or obviate the need for certain in-house information technology. A typical use scenario is when a company wants to quickly test a new idea or respond to a new market demand, but does not possess (or wish to use) internal resources to handle the additional data storage and analysis required. This scenario is especially pertinent for start-ups or any other company in a fast-paced market environment. Traditionally, such companies would have to buy hardware, install the hardware in a physical location, install platforms, install applications, and then hope that all the tools function smoothly together. Cloud computing avoids this time-consuming, expensive, and uncertain process.
One of the key benefits of cloud computing is that it allows companies to choose from a panoply of off-the-shelf computing services. The cloud delivery model eliminates the need for installation, updates, or maintenance. Users of cloud services only pay for the service; gone are the days when companies were required to pay for and maintain a whole server while using only 10% of its capacity. Cloud services users can quickly scale capacity up or down, or switch platforms or applications without delay. The accessibility of platforms and applications provided by the cloud to users everywhere also offers compatibility and standardization, thus enhancing collaboration. The benefits afforded by the cloud can increase the efficiency of doing business.
Limelight Networks Inc. v. Akamai Technologies, Inc. – A Supreme Court Case That Could Have Significant Repercussions for Cloud Computing
On April 30, 2014, the U.S. Supreme Court heard oral argument in Limelight Networks Inc. v. Akamai Technologies, Inc., No. 12-786 (U.S.), a decision that could have profound implications for cloud computing technologies. Before the Federal Circuit issued its en banc decision in Akamai Technologies, Inc. v. Limelight Networks, Inc., 692 F.3d 1301 (Fed. Cir. 2012) (en banc), a defendant who induced another to perform fewer than all of the steps of a method patent claim could not be held liable for induced infringement (even where the remaining steps were performed by others, including the defendant itself). Because direct infringement of a method claim (a prerequisite for inducement) also required a single actor to perform all of the steps of the claim, such induced parties would not be direct infringers, and thus no inducement of infringement could be found.
However, in Akamai the en banc Federal Circuit held that a defendant can be held liable for induced infringement even when no individual actor is liable for direct infringement. In doing so, the court distinguished the question of whether a patent has been infringed from the question of whether anyone can be held legally liable for that infringement, noting that: “Requiring proof that there has been direct infringement as a predicate for induced infringement is not the same as requiring proof that a single party would be liable as a direct infringer. If a party has knowingly induced others to commit the acts necessary to infringe the plaintiff’s patent and those others commit those acts, there is no reason to immunize the inducer from liability for indirect infringement simply because the parties have structured their conduct so that no single defendant has committed all the acts necessary to give rise to liability for direct infringement.” Id. at 1308-09 (emphasis in original).
In connection with the Supreme Court’s review of Akamai, Quinn Emanuel filed an amicus brief on behalf of Google, Cisco, Oracle, Red Hat, and SAP in support of the Petitioner, Limelight. Among other things, amici note that given today’s information technology markets, the Federal Circuit’s Akamai decision will increase the cost and complexity of investigating allegations of patent infringement. The Federal Circuit’s holding in Akamai forces companies to consider numerous possible configurations and combinations of hardware and software to determine whether any permutation permitted or facilitated by their platforms could be interpreted to perform all the steps of any asserted claim—a costly, and often impossible, proposition.
For example, several amici who provide software for mobile applications have been accused under the Akamai rule of inducing infringement of claims that contain elements that may be practiced by the hardware components, software, and end user (none of which are commonly controlled). See, e.g., CIVX-DDI LLC v. Hotels.com LP, No. 05 C 6869, 2012 WL 5383268 (N.D. Ill. Nov. 1, 2012) (finding that the claimed steps may be performed by defendant Hotels.com with one or more third parties, such as Expedia, DoubleClick, and/or iFrame).
Amici who provide hardware components that may be used in a network face a similar conundrum. These networks, by their nature, include multiple disaggregated users and terminal devices. Amici design and build their hardware so that it can be used in a highly adaptable fashion and a large number of configurations. Users connect to and configure such networks using this hardware in a variety of ways, many of which are outside of amici’s scope of knowledge or control. Cloud computing enhances both flexibility in configuration and user independence. Under the Akamai rule, the very configurability that is beneficial to consumers—allowing them to use multiple types of devices and applications over the internet and other networks—now subjects amici to unknowable potential liability for these uses.
The Supreme Court’s ruling in Akamai is expected by the end of June 2014.
NPEs Are Targeting Cloud Computing
Today it seems that no patent litigation discussion is complete without a mention of non-practicing entities. Obviously, cloud computing is not immune, and NPEs are increasingly targeting cloud computing technologies. NPEs targeting the cloud computing space include Parallel Iron, IP Nav, PersonalWeb, Clouding IP, and Unwired Planet. These NPEs are targeting various aspects of cloud computing, including frontend and backend functionalities. For example, Clouding IP recently sued a host of technology companies, including Apple, Amazon, Google, HP, Microsoft, and Oracle, asserting patents related to synchronization of copies of files across a server and client.
Critics point out that NPEs tend to assert software patents against emerging technologies, like cloud computing, to exploit broad and sometimes ambiguous “functional claiming” found in software patents. Functional claiming refers to the practice of crafting patent claims in functional terms to cover a result (e.g., a method of using a software application to build a website). The Supreme Court, cognizant of these concerns, has taken under review two additional patent cases, the first involving software patents and the second involving the statutory requirement of particular and distinct patent claiming. In Alice Corp. Pty. Ltd. v. CLS Bank International, No. 13-298 (U.S.), the Supreme Court will consider whether claims to computer-implemented inventions—including claims to systems and machines, processes, and items of manufacture—are directed to patent-eligible subject matter within the meaning of 35 U.S.C. § 101. In Nautilus, Inc. v. Biosig Instruments, Inc., No. 13-369 (U.S.), the Supreme Court will consider (1) whether the Federal Circuit’s acceptance of ambiguous patent claims with multiple reasonable interpretations—so long as the ambiguity is not “insoluble” by a court—defeats the statutory requirement of particular and distinct patent claiming; and (2) whether the presumption of validity dilutes the requirement of particular and distinct patent claiming.
As with Akamai, the Supreme Court’s rulings are expected by the end of June 2014.
ITC Investigations Involving Cloud Computing?
Those anticipating NPEs and other patent holders using the International Trade Commission (“ITC”) to target cloud computing technologies may need to reset their expectations. On December 13, 2013, a divided Federal Circuit panel issued an opinion that could make it difficult to pursue exclusion remedies against certain cloud computing services. In Suprema, Inc. v. International Trade Commission, 742 F.3d 1350 (Fed. Cir. 2013), a split Federal Circuit panel held that an exclusion order issued by the ITC under Section 337 “may not be predicated on a theory of induced infringement . . . where direct infringement does not occur until after importation of the articles the exclusion order would bar.” Id. at 1351. Rather, an exclusion order can “bar only those articles that infringe . . . at the time of importation.” Id. It remains to be seen how and to what extent the Suprema decision will impact the viability and effectiveness of the ITC as a forum for litigating claims involving cloud computing.
On February 21, 2014, the ITC filed a petition for panel rehearing and rehearing en banc. At the Federal Circuit’s request, Suprema filed a response to the ITC’s petition on March 25, 2014.
E-Discovery in the Cloud
The cloud is not just subject to patent litigation – it is also becoming important to discovery in both patent and non-patent litigation. While clients have begun offloading data storage into the cloud, some regard the cloud to be generally less stable than on-site data storage. For example, files in cloud repositories are often updated, backed-up, or moved to different repositories. As a result, records of data changes may not be preserved adequately. Further, cloud services and storage may be “offshored” to foreign countries, such that the documents maintained in the cloud may be subject to extraterritorial laws and restrictions. See Stephanie Koons, “Cloud Computing Offers New Challenges” (Oct. 24, 2013), available at http://news.psu.edu/story/292841/2013/10/24/academics/cloud-computing-offers-new-challenges-traditional-law-enforcement. As a result, the storage, search, and retrieval of data in the cloud for electronic discovery raises unique challenges for litigants, including:
• Data Preservation – Users of cloud data storage should consider both the stability of the data storage and preservation of metadata associated with frequently updated or moved repositories. In particular, in-house counsel should revisit record retention policies and disposal procedures. Likewise, litigants may need to take special steps to ensure that data in the cloud (including metadata) is preserved in a manner compliant with a party’s obligations under applicable federal and state rules of discovery.
• “Possession, Custody and Control” – Control has been construed broadly in the ESI context: so long as the party has the “practical ability” or contractual legal right to obtain the data, the fact that data is not in the party’s actual possession does not constrain the duty to produce the information. See, e.g., In re NTL Inc. Sec. Litig., 244 F.R.D. 179, 195-96 (S.D.N.Y. 2007). Thus, litigants may be required to approach cloud service providers directly for collection of metadata in connection with their discovery obligations. Similarly, to the extent a party’s employees store potentially relevant documents in the cloud, such a party may be required to collect documents from its employees’ personal cloud accounts.
• Burden and Cost – Storage of data in the cloud raises unique considerations as to the costs and burdens involved in accessing such data. Thus, litigants should take into account the proportionality standards imposed by Rules 26(b)(2)(B) and 45(d)(2)(B) of the Federal Rules of Civil Procedure when determining appropriate strategies for review and production of data stored in the cloud.
• Confidentiality and Privilege – Cloud-stored data raises potential questions as to whether confidentiality has been appropriately maintained. Thus, in-house counsel should be diligent in establishing appropriate policies regarding cloud storage of confidential and/or privileged documentation.
• Admissibility of Data Stored in the Cloud – Cloud-derived evidence, like any other evidence, still needs to meet the standard tests for admissibility. See Lorraine v. Markel Am. Ins. Co., 241 F.R.D. 534, 537-39 (D. Md. 2007). In particular, the storage of data only in the cloud raises potential issues of authenticity and hearsay, which may require appropriate declarations or testimony from authors, recipients, or the cloud providers themselves.
A key step in addressing these discovery-related issues is the party’s contract with the cloud provider. These contracts can be used to address whether and how cloud stored data can be moved or manipulated, whether metadata is stored and maintained, and what actions the provider can take to preserve and produce data in case of a lawsuit, as well as the cost associated with retention and production of that data.
A Plethora of Other Legal Issues
While the appeal of the cloud appears to be winning over competing concerns about privacy and security, the legal (and ethical) issues facing practitioners are many, varied, and growing. Just a few issues, which are outside the scope of the instant article, include:
• What jurisdiction’s laws govern data stored on servers located overseas or across multiple jurisdictions?
• What are a cloud service provider’s obligations to respond to subpoenas for their customers’ data?
• Who owns the data and software created in the cloud or using cloud software?
• What are the copyright issues associated with using PaaS (Platform as a Service)? Are cloud companies that store infringing works liable for copyright infringement?
• What is the extent of liability for data loss and corruption in the cloud?
• What happens to customer data when a cloud service provider goes bankrupt?
• Are lawyers ethically obligated to ensure that their cloud storage provider is adequately protecting their client’s confidential information?
• Do the answers to these questions depend on the location of the servers?
While cloud computing is changing the landscape in enterprise information technology, the laws impacting and governing cloud computing leave both businesses and litigants with a measure of uncertainty.