Protecting privacy and property rights in the cloud

[Commentary] In the wake of the Snowden leaks, much attention has been given to the extent to which it is possible for unauthorized individuals -- including governments -- to gain access to electronic information.

It is becoming increasingly clear that statutory privacy laws and website codes pay only lip service to their promises to protect individuals’ and firms’ information. From the perspective of an economic contract, they are very difficult to enforce because it is extremely difficult -- or prohibitively costly -- to identify when breaches have occurred.

It is relatively straightforward to protect one’s physical property by putting boundaries around it to keep others out – the economic characteristic known as exclusivity. We can physically isolate the disks on which information is stored and invest in sufficient resources to exclude others up to the expected value we expect to gain by controlling the information. If the disk is illegally appropriated by another, this is obvious, because it is a ‘rival’ good. Either the legitimate owner has it or it is illegitimately in the possession of another.

The problem with digital goods – such as the information on the disk – is that they are neither rival nor easily excludable, especially when they become ‘unbundled’ from the ‘carrier medium,’ for example when transported from place to place over the Internet.

This makes them particularly problematic. But in the race to provide a raft of new means of preventing unauthorized access to electronic data, is enough attention being paid to impediments to authorized users’ legitimate access to cloud-based data?

[Howell is general manager for the New Zealand Institute for the Study of Competition and Regulation and a faculty member of Victoria Business School, Victoria University of Wellington, New Zealand]