Over the years I've read a fair amount of commentary about the legal profession's reluctance to store sensitive client data in the cloud. But do attorneys really believe that using cloud computing services to store client data literally means to store that data within a visible mass of liquid droplets or frozen crystals made of water or various chemicals suspended in the atmosphere above the surface of a planetary body?¹

I didn't think so. But this morning I came across a case in which a lawyer made the argument that Computer Fraud and Abuse Act does not cover cloud computing services. According to this attorney, the CFAA claim lodged against her should be dismissed because the CFAA refers to "a computer" and not to "a cloud."

The attorney's former law firm filed a complaint against her, contending among other things that she violated the CFAA by accessing, and copying, client data stored on the law firm's data cloud immediately prior to leaving for another firm.

According to the lawyer's motion to dismiss, the CFAA offers no protection for businesses using cloud computing services:

The Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, is an amendment made in 1986 to the Counterfeit Access Device and Abuse Act that was passed in 1984 and essentially states that, whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer if the conduct involved an interstate or foreign communication shall be punished under the Act. [emphasis added]. There is no evidence that any “computer” was accessed. Instead, any files from clients were maintained on a cloud.  

Hold your horses! A powerful metaphor can sometimes become reality but, to my knowledge, no one has ever argued that statutes must be re-written to accommodate metaphorical aids to comprehending reality. The court dealt this argument the cruelest blow, indifference, rejecting it without discussion. Which is unfortunate, because a discussion of how the CFAA applies to cloud computing would have been [insert metaphor here]. Seriously, "cloud" is a marketing term describing a network of connected computers, often running the same program at the same time or working on the same problem at the same time. Basically, the Internet. If the CFAA didn't reach the "cloud," it wouldn't reach much at all.

The case is Property Rights Law Group P.C. v. Lynch, No. 13-00273 (D. Haw., Sept. 6, 2013).

By Thomas O'Toole  

Follow @tjotoole