The Megaupload case represents one of the major challenges with the public Cloud. The obvious issue for legal use cases for their service has been that non-infringing data is trapped in limbo along with the alleged infringing data. One may say that a legitimate user should have seen this coming. Megaupload’s primary use case was no secret and hosting critical data on their service was a risk. However, what if the U.S. government didn’t trust the controls of their provider Carpathia?
I’m sure Megaupload wasn’t Carpathia’s only customer. I don’t believe Congress really has a handle on how to enact laws that deal with the complicated relationship between cloud provider, their customers and end user. What if the FBI had interpreted the relationship differently? What if instead of just going after Megaupload they went after Carpathia as some are suggesting?
I’ve heard horror stories of the Feds coming in and seizing all of the servers in a hosting provider’s infrastructure. Many hosting providers just fold at any request from law enforcement for data. What can you do to protect your organization’s applications and data? What relationship are you looking for your hosting provider to have with law enforcement to prevent this type of activity? What’s the right balance?