On 18/09/11 7:30 PM, Jeffrey Walton wrote:
Its kind of like the poor
man's cloud (and corporate america is flocking to the cloud, in part
due to the additional layer of liability offload).
! OK, I'll bite. How does one offload liability by using the cloud?
The provider is another entity in the legal entanglements, which
offers yet another level of indirection.
Pre-cloud: Company A houses your data. Company A is breached, and
company A is exposed to legal liability. Post-cloud: Company A uses
Company B's cloud service. Your data is breached, and its not clear if
the loss occurred at company A or company B. Since you can't prove who
is responsible for the loss, neither company is subject to a tortable
action.
Tort <= provable agent. I get it, thanks!
By the time dust settles on data breaches, any attempts to certify a
class action are thrown out because members of the class cannot show
loss (and future loss is not considered). Its only going to get worse
when cloud providers are added to the mix.
Meanwhile, Peter says, in answer to Dan's cloud question:
> If you avoid it like the plague, you should be OK.
Seems like we have different threat models in mind ;)
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
