This has happened over time, and no-one has really noticed. Time for a campaign, methinks.
It’s all to do with software end-user licence agreements (EULAs). Twenty years ago, things were simple. You bought the packaged software, you installed it and all was well. If it was an expensive package, there might be a rolling maintenance programme attached to it, but generally speaking, it was “yours”. Well, only up to the point that it actually belonged to the software vendor and you had purchased a licence to use it. Nevertheless, in practice the software was “yours to keep and use”. It was perfectly legal to sell this software to someone else, transferring all rights over to them. The data that you created in the meantime was still yours, and it was still on your computer. This was a comfortable, simple view of the world.
Then along came rolling software licensing. Don’t pay for it all upfront, let’s have a three- or four-year contract. During this time, you had the right to use the software, and the data was still yours. It seemed like a nice idea, and a good way of spreading the cost. No great harm could come, but you had to keep paying to keep the right to use alive.
Then along came the internet and a whole host of new ways of licensing software. Sometimes it’s free – you pay nothing, but get little support or dispute resolution in return. Your data might well still be on your hard disk, or it might have migrated to a “cloud” service.
Read it and weep
Now the problems have really started. Let’s say you set up an email account with a cloud provider, and pay them a small amount of money per month. The provider’s liability? Well, it can be pitifully small – even to the extent that it has no liability at all, and certainly nothing that resembles the cost to you for business continuity. Many of us read about and wept at the chap who lost a full suite of Google services
For some reason, Google decided to shut down his account. He wasn’t given any notice; it all just vanished. All his data, all the contextual information that glued it together, all gone. What sort of redress did he have?
Starting to get a shiver down your spine? Let’s take this one step further. Sony has a cloud-based service that runs alongside its PlayStation 3 games console. As you might have heard, Sony lately managed to screw up the security on this service to quite an impressive extent, allowing huge quantities of personal and credit card information to leak. So what has Sony done now? Well, the forthcoming update to its service has a change to the Ts & Cs. You now have to agree that you won’t undertake any sort of class action suit against Sony to continue using the service. If you don’t agree, you have to send a written letter to Sony headquarters in California explaining your decision, and lose access to the PlayStation Network in the meantime. Whether Sony will eventually let you back on isn’t clear – even Sony’s press office couldn’t tell us.
Treading on thin ice
Is it reasonable to have contractual terms changed on a whim like this? Is it acceptable that a cloud service can hold our data and just cut off access to it for whatever reason? If access is stripped due to a court order or a police investigation, that’s one thing. Any other reason is treading on very thin ice, I’d contend.
We seem to have slipped into a new era where our rights and responsibilities have shifted quite dramatically without anyone paying due care and attention. Just wait for the insurance industry to wake up to this, and see premiums for business continuity insurance against off-site data storage and service provision go through the roof. While vendors might claim 99.9% uptime and access to data, the reality can be far from that.
Consider your exit plan
In addition, we need to ensure that data, wherever it’s held, is regularly backed up to a local site. Or sent to a second cloud site, which is in no way connected to the first, either legally or geographically. Vendors that make it hard to bulk extract data on a regular basis from their service should be treated with caution. If they’re going to be difficult when things go well, what will they be like when things go awry?
And yes, it’s time to read those contracts and EULAs very carefully indeed. And to consider your exit plans if the vendor decides to arbitrarily, and without notice, change those terms on you. Caveat emptor.