With the spreading use of cloud computing and storage services, I foresee courtroom battles over whether anything users maintain in the cloud can qualify as a trade secret. I have not yet seen a published court opinion addressing the issue, but it is only a matter of time.
Here is the issue. Texas (and 46 other states) adopted the Uniform Trade Secrets Act. To qualify for protection as a trade secret under the statute, the owner must have undertaken “efforts that are reasonable under the circumstances to maintain its secrecy.” When the owner of the would-be-trade secret moves the data from the owner’s computer servers onto servers owned by a third party, the information is arguably no longer “secret.” This is because the cloud service provider will have possession of the information. Unless the service provider enters into an agreement to keep customer data confidential and to not use the data for the service provider’s own purposes, the information is no longer secret in the strictest sense of the word.
Unfortunately for the customer of cloud services, the service provider does not always undertake obligations of confidentiality and non-use. The most commonly used cloud service providers offer multiple categories of service and the protection promised to the customer differs by the category. Not surprisingly, business customers sometimes receive preferential treatment.
The terms of service that apply to Dropbox’s, Amazon’s and Google’s cloud storage and computing services are discussed below. Scroll down to the service that interests you. Here is my conclusion after reviewing the service providers’ contracts:
The terms of service governing cloud data storage and computing services often do not place an obligation upon the service provider to protect the confidentiality of customer data and not to use the customer data. Some of the largest customers of cloud services have the clout to negotiate confidentiality restrictions into their contracts. The rest of us who are stuck with the standard terms of service should undertake steps to maintain the confidentiality of our trade secrets even when they are stored on cloud servers.
My next post will discuss a way to do this – encryption of computer data.
These do not obligate Dropbox to protect the confidentiality of the customer’s data. The terms of service include a broad disclaimer stating that the customer takes Dropbox’s services on an “as is” basis.
Amazon put this broad disclaimer in the terms of service:
“THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” WE AND OUR AFFILIATES AND LICENSORS MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND . . . INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS . . . WILL BE SECURE OR NOT OTHERWISE LOST . . ..”
Amazon’s AWS customer agreement does include a provision stating that Amazon will implement reasonable measures to prevent unauthorized access to or loss of a customer’s data. Unfortunately though, that sentence may have no effect because it expressly states that it in no way limits the disclaimer quoted above.
The contract also states that Amazon shall have no liability for loss or unauthorized access to customer data.
Like Amazon’s AWS customer agreement, Google takes contradictory positions related to whether Google will maintain customer data in confidence. On the bright side, Google states on its frequently asked questions web page:
This is not incorporated into the terms of service contract for Google Drive. In contrast to the reassuring language quoted above, the Google Drive terms of service state:
“When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.”
Google’s Cloud Platform terms of service are better for the customer. They state that (i) Google “will adhere to reasonable security standards no less protective” than the security standards Google applies to its own data and (ii) warrant that Google has implemented at least industry standard systems and procedures to ensure the confidentiality of customer data.
This tells the customer that Google is working to prevent unauthorized disclosure of customer data to third parties. Google does not, however, guarantee that the customer’s data will be stored in a manner that prevents Google itself from using the customer’s data. In this respect, the terms of service state:
“Google may use Customer Data and Applications . . . to help secure and improve [Google’s] Services.”
Photograph courtesy of NOAA Photo library pursuant to the licence located at: https://creativecommons.org/licenses/by/2.0/legalcode