Cloud computing offers new challenges to traditional law enforcement, regulation

UNIVERSITY PARK, Pa. -- Cloud computing — enabling convenient, on-demand access to computing resources, applications, storage, and services — has become increasingly widespread in recent years. While the cloud offers numerous advantages, it imposes vast new challenges to criminal law enforcement, regulatory enforcement and civil litigation, according to John Bagby, professor of information sciences and technology at Penn State.

“The cloud presents a durable and seemingly irreconcilable conundrum for many constituencies, including the digital forensics communities,” said Bagby, who recently presented a paper at the Conference on Digital Forensics Security & Law that explores how law and economics, regulation and other public policy forces are likely to coalesce as the challenges of cloud security and forensics emerge in the near to medium term.

Cloud forensics, Bagby explained, is a cross discipline of cloud computing and digital forensics. Digital forensics is the application of computer science principles to recover electronic evidence for presentation in a legal or regulatory forum. Cloud forensics is a subset of network forensics, which deals with forensic investigations of networks. Cloud computing is an expression used to describe a variety of different types of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet.

“Therefore, cloud forensics follows the main phases of network forensics with techniques tailored to cloud computing environments,” Bagby said.

Bagby's interests in cyberforensics started in the mid-1970s when he was a clerk for a multi-national oil company and with a Wall Street law firm. In those days, he said, nearly all records were on paper and stored in file cabinets. Currently, more than 90 percent of all archived documents are electronic. The period between 1995 and 2003 was a “transition era in litigation,” as litigators moved from paper-based searching and making photocopies to provide to the opposing side to exchanging thumb drives to access cloud repositories of discovery data.

“Starting around ’02 or ’03, this revolution really came home to a lot of people, particularly to those (working) in litigation,” Bagby said.

Many individuals and institutions tout the cloud's transformative benefits, such as economies of scale, reliability, scalability, ubiquitous accessibility and collaboration enablement. Many of those advantages, Bagby said, directly translate into the forensics realm. The cloud can be used to lower costs and enhance effectiveness of the marshaling activities in collecting electronically stored information for review, analysis and use as forensic quality evidence. The cloud could enable crowd sourcing of investigatory data, thereby vastly lowering costs of dispute resolution. For example, cloud-based litigation war rooms— document depositories using electronic media — may reduce electronic discovery costs substantially.

Despite the numerous ways in which the cloud can aid the legal process, Bagby said, the current architecture of many cloud services arguably undermines justice. Two major factors contribute to the unreliability of the cloud as an evidentiary preservation medium: unstable system states and unstable cloud system architectures.

“By nature, the cloud is in an unstable environment,” Bagby said. “Such instability is generally inconsistent with evidentiary safeguards.”

Files in cloud repositories are constantly updated, moved to backup locations, and are repeatedly imaged, often at alternate locations. For example, any snapshot of a cloud system’s data may not reflect the original data exactly, and records of all data changes may not be preserved adequately, and money-saving cloud arrangements may skimp on backup frequency, storage location stability and re-imaging effectiveness. In addition, cloud transaction records may fail to accurately identify the timing and source of file changes.

Another potential complication of cloud practices, Bagby said, is that they may compromise the forensic quality of evidence due to the off-shoring of data. Off-shoring is the outsourcing of various services, including IT, to nations outside the organization’s host country. Many nations that typically host cloud services have generally under-developed laws regulating privacy, security and litigation process rights. In addition, cloud service providers likely move data frequently to take advantage of cost savings and to locate data in jurisdictions with looser regulations regarding privacy, security and disclosure. 

“A lot of cloud data may not be produced in litigation because the cloud service provider is in another nation that has weak security laws, and the cloud service contract may not require that the cloud provider do this discovery work,” Bagby said.

That injustice risk has always existed with traditional paper or film/fiche records systems in the form of falsification, destruction, alteration and inaccessibility, Bagby noted, but rules of evidence and trial procedure adjusted to the risks of older technologies. It remains uncertain whether the current rules of evidence and trial procedure have adapted adequately to the advent of ESI as the dominant record form. 

“The cloud may be impervious to high quality forensics,” he said.

Bagby described two major injustice risks associated with cloud forensics. First, it is “unjust for all electronic forensics to be so costly.” While off-shoring and cloud systems usage diminish costs for the consumer, these practices actually raise costs for electronic discovery requestors and diminish the effectiveness of e-discovery when information is stored outside the jurisdiction. As a result of those added costs, the party in a legal dispute that faces a giant discovery bill has an incentive to settle out if the process of vindication would cost more.

The other big injustice risk of cloud forensics, Bagby said, is that a “smoking gun” could be inaccessible in a court case due to the unstable nature of the cloud or the information being located in cloud repositories that are located in foreign nations that do not embrace the American standard of civil litigation and regulatory enforcement. A smoking gun is something that serves as highly probative evidence of legal wrongs — criminal, civil or regulatory — such as an email in e-discovery cases.

The instability of cloud system states and architecture, when combined with unpredictable physical locations for ESI storage, “pose great problems for a major privacy right in litigation,” according to Bagby. The discovery target has the right to resist “fishing expeditions” and demand a limited scope for the investigation or discovery request. Guilty parties are most advantaged by weak cloud security and privacy. For example, a legal decision could be skewed if the emails of only one party were presented as evidence, while the “bad guy’s” email has been erased or lost in cyberspace.

“We’re facing the injustice of a biased picture when we don’t have complete information,” Bagby said.

The most effective approaches to control cloud risks in Bagby's view include the development of outsourcing contracts and record retention regulations that would forbid cloud service providers to erase records and claim ownership of data and other intellectual property. As an academic researcher, Bagby is trying to instigate reform by analyzing case studies to identify problems and develop solutions.

While legal scholars and agencies like the National Institute of Standards and Technology and the International Organization for Standardization can help resolve the cloud forensics conundrum by better deploying existing standards, Bagby said, it may ultimately take a major catastrophe to spur meaningful action.

“Cataclysm too often drives reform efforts,” he said. “We may need revolutionary change in this area.”

Contacts: 
Last Updated November 27, 2013