« Deceptively simple Patriot Act extension - a giant blow | Main | I'm getting ready to give Infopeople webinar today (noon pacific time): Getting grounded (legal issues facing libraries offline in 2010) »


Thanks for distinguishing a google docs style cloud from a shared (rented) server. In both cases, the policy and practices of the third parties are at issue. Accidental disclosure (which we see outside the library world on a daily basis) is the first concern. Amiable compliance with informal requests for data i.e. from state/federal law enforcement or intelligence agencies is the second concern. Compliance with formal requests is the third concern - some states require court orders (not merely subpoenas that are not signed off by a judge) before patron data can be disclosed. ISPs are notorious for turning over data routinely upon the issuance of subpoenas. Are the cloud computing services bound by contract (and cognizant) to patron privacy protections that can be stiffer than protections of other types of data?

What do you mean by "sharing" and "cloud"?

"Cloud computing" has a number of definitions. In one sense, "the cloud" replaces our personal computers, allowing us to access applications (eg Google Docs) on the internet. In another sense, "the cloud" replaces our servers, allowing us to rent or otherwise make use of someone else's infrastructure (ie Amazon EC2 or Rackspace).

In the first case, if the library stores records in a cloud application, is it "sharing"? Google Docs has a nifty feature where a survey can be stored in a spreadsheet, for example. Is just using that service "sharing", or would the results have to be public?

In the second case, lets say a library was utilizing a cloud service to run its integrated library system. Is just using the cloud service "sharing"? If so, how is it different than simply contracting for hosting services?

Some features of the second kind of "cloud computing" I think are relevant here are redundancy and the sharing of equipment. A cloud service will typically store more than one copy of your data, using redundancy to improve reliability. In order for this to work, clients of cloud services share equipment with other clients, including to store data. This poses the same security risks as locally hosted data: someone with malicious intent can get at it if you aren't careful.

I don't think that 'sharing' vis a vis 'cloud' is any different than any other kind of sharing, unless, as you imply, there are red flags in the service providers' policies and practices themselves.

The comments to this entry are closed.