Canada’s Intellectual Property Law Firm

Cloud computing: A brief overview of intellectual property issues "in the cloud"

Cloud computing has emerged as one of the hottest topics in computer and information technology services. However, when data and services move to the cloud, there are a number of legal issues, including intellectual property issues, for both cloud computing providers and users to consider. These are complex issues, and a detailed discussion is beyond the scope of this article. Rather, this article is intended to highlight some of the issues and questions relating to intellectual property rights raised by cloud computing.

Background

The term "cloud computing" has several definitions. Cloud computing has been described as the delivery of computing as a service rather than a product, typically over the internet. In other words, data is stored and/or processed in the "cloud," which is a broad term generally used to describe infrastructure that is accessed remotely (i.e. the internet). Examples of cloud computing service models include: Software-as-a-Service (SaaS); Platform-as-a-Service (PaaS); or Infrastructure-as-a-Service (IaaS). Generally, SaaS models allow users to access and use software applications over the internet, rather than storing and running the applications locally. PaaS models provide access to a computing platform (such as Microsoft Windows, for example) on which applications may be run or developed. IaaS models provide access to computer infrastructure on which a computer platform may be run and maintained by the user. One of the potential advantages of cloud computing is that individuals or businesses may avoid the costs of buying, installing and maintaining hardware and/or software. The actual implementation of cloud computing systems and services varies greatly between systems.

As implied by the term "cloud," one aspect of cloud computing is the lack of a clear locality of hardware and data. Services may be sold to a client in a particular jurisdiction, and that client's data may be stored and processed at one or more locations in the same or other jurisdictions. The client may not have any knowledge of where the data is stored or processed. Data may be stored redundantly in multiple locations and in multiple jurisdictions, and may be split up and fragmented in storage. For example, data may be stored in different countries at different times making it difficult to determine where data is stored at a given time. Various parts or steps of data processing may also occur in different jurisdictions.

The vague and ambiguous nature of the "cloud" makes determining how the law will apply, or even what law will apply, a challenge. Because intellectual property rights are territorial, it is unclear in many instances what intellectual property laws will apply in the cloud computing environment.

Patent infringement

A Canadian patent grants the patentee the exclusive right to make, use and sell an invention for the term of the patent. A Canadian patent does not grant any rights in any other country. However, as noted above, cloud computing systems may extend across international borders. The multi-jurisdictional nature of cloud computing, and the uncertain nature of the "cloud," give rise to a number of possible complications for patent owners or licensees trying to assert their patents against potential infringers.

First, it may be difficult to predict what activities definitively constitute infringement. If a particular technology is patented in Canada, but a competitor's cloud computing service uses infrastructure and/or performs some or all of its data processing outside of Canada, the Canadian patent(s) may not be infringed. At the same time, a party wishing to avoid infringement simply by locating a component of a system covered by a competitor's patent, or by performing a step of a process covered by a competitor's patent, in a different country, may not succeed in avoiding infringement. For example, if a system is patented in the United States, infringement of the U.S. patent(s) by another party may occur even if a part of that party's system is located elsewhere (in Canada, for example). The law in Canada, however, is not clear on this point. Also, because the "cloud" may include components in multiple countries, the law in other countries may also need to be considered.

Second, cloud computing systems may include multiple components, each operated by a different party. For example, servers storing data may be owned and operated by one company, while system components relaying or processing data retrieved from those servers may be owned and operated by another company. These components may be contracted out to yet another company or companies, who then use(s) those components to provide services to users. Because different parties are responsible for providing different aspects of the system in this scenario, it may be that no single party infringes all of the elements of a patented invention. Instead, the practice of the elements of the invention may be divided between two or more parties. The Canadian Patent Act does not provide for divided infringement, and the issue has not been considered by the courts in Canada.

Third, even if the hardware or processes used in a cloud computing system do infringe patent rights, detecting the infringement may be difficult. As noted above, a user of a cloud computing service may not have any indication of where data storage and processing occurs. Thus, reverse engineering at the user's end to detect infringement may not be possible. A service provider's infrastructure may not be publically accessible in a manner that allows for efficient detection of patent infringement.

In view of the foregoing, one may consider whether any client-side elements of a cloud computing system are eligible for patent protection or for protection under other intellectual property regimes, such as copyright, for example. Activities at the client-side may be more localized and readily detectible. However, when obtaining protection for client-side elements of a cloud computing system, one should keep in mind who the potential infringer will be. It may not be in a company's best interest to assert patents against the users of a cloud computing service, since that may alienate those users from ever becoming customers. However, if the proper elements can be proved, a service provider may be liable for inducing the users to infringe.

Copyright infringement

As noted above, cloud computing involves the storage of data in the cloud rather than locally. This raises additional, potentially complex intellectual property issues. For example, the nebulous nature of cloud storage may complicate a copyright infringement analysis.

Copyright laws vary from jurisdiction to jurisdiction. What constitutes copyright infringement in one country may not in another. Therefore, when data is stored in multiple locations, it may be less clear whether copyright has been infringed in a particular jurisdiction than in situations where the location of a work is easily identifiable.

Another issue relating to copyright is whether cloud storage service providers can be held liable for copyright infringement. Canadian jurisprudence has held that an internet service provider acting as an intermediary for communication, and not itself engaging in acts that relate to the content of the communication (i.e. providing "a conduit" for information communicated by others), is shielded from liability by a provision of the Canadian Copyright Act. However, the question of whether cloud storage providers necessarily fit this definition of merely being an "intermediary" providing a "conduit" for information remains open. Therefore, the extent to which cloud storage providers may be shielded from liability for infringement under Canadian copyright law, based on the data stored for their users, is currently unclear.

Confidential information – trade secrets

Another concern relating to cloud storage is the protection of private and confidential data, such as trade secrets. Before uploading confidential data to the cloud, a user should consider what type of duty of confidentiality is owed to the user by the cloud storage service provider. Does that duty of confidentiality extend to sub-contractors utilized by the service provider? A potential user of a cloud storage service should also consider what will happen to data in the event that the cloud storage service is terminated.

Conclusion

Specific recommendations and outcomes related to complex cloud computing legal issues will be fact-specific. In many cases it is unclear how the law will be applied, because the issues have yet to be considered by the courts. Nevertheless, cloud computing providers and users alike should at least be aware of the issues identified above when considering how to best protect their intellectual property and how to avoid potential infringement pitfalls.

 

The preceding is intended as a timely update on Canadian intellectual property and technology law. The content is informational only and does not constitute legal or professional advice. To obtain such advice, please communicate with our offices directly.