Why is it that we would never decide to put $100,000 in the bank and tell people our deposits are “in the cloud,” but we readily do so with data that could be worth many times more than that?

Cloud computing investigations.jpg

This week’s drama in Cyprus, in which a lot of people have seen their money vaporized before their eyes, is a healthy reminder that money and data are the same thing: bits of information stored on a computer that is, for legal purposes, very much below the clouds and in a particular legal jurisdiction.

Consider the argument by the U.S. Attorney for the Eastern District of Virginia, here, who argues that because certain computer servers for the SEC and other organizations are located in his patch, he has jurisdiction to go after defendants in out-of-state securities frauds and alleged international copyright pirates.

Whether or not he prevails in his argument, the location of the server on which someone’s data resides is going to determine whether or not there is a legal fight over jurisdiction. That’s going to increase legal costs and headaches, never mind what happens if the U.S. Attorney is successful.

This kind of thing gets covered every year in good depth by Stanford’s annual conference on best practices in e-commerce, where I was warned a few years ago that if employee data from the U.S. gets moved to a server in a country with stricter privacy laws (say, France or Germany), then getting that data back could be a problem if it violates those stricter laws.

That hit home at the time, because just a few months before when I was shopping around for a payroll service for our firm, I asked a higher-cost provider why his competition was so cheap. “Their server is in India, and ours is in New York,” was the answer.

It’s cloud illusions I recall

I really don’t know clouds at all

–Joni Mitchell