Intellectual Property in the “cloud”ed era

Traditionally, computing has been done at defined and identified locations. For example, our computers, laptops, mobile phones, hosted servers, and so on. Cloud computing deviates from traditional computing by providing an abstraction layer on top of the various resources (like development/deployment of an application, processing instructions, and data storage) required in computing. By abstraction, I refer to the characteristic of cloud computing where the actual location of computing resources like processing, application deployment, and storage is not clear. Theoretically, in a cloud computing environment, the location of processing and the location of data stored could be constantly moving and changing.
Evolution of cloud computing poses interesting challenges to the Intellectual Property (IP) system. Three of the key challenges are highlighted here:
1. Asserting patent rights
Let us consider an example where company A holds a patent that claims a method of adding two numbers and displaying a result (assuming such a thing would be patentable, of course!).
In the traditional computing scenario, we would know exactly where the information is stored, and where the information is processed before displaying the result. Therefore, it would be easy to assert an infringement as it is possible to identify who is infringing by scanning hardware devices (because where the program is running is defined), and by reviewing the algorithms either manually or automatically (because where the data is stored is defined).
Cloud computing services promise to provide on-demand resources, both processing and data storage. Cloud computing systems make this possible by connecting multiple and distributed data centers on a need-basis. Sometimes the data centers that are connected need not be belong to a single service provider, and therefore need not be even in a single country. To further compound the problem, cloud computing systems actually try to ensure that the location is not known in order to ensure secrecy of data. Therefore, it is possible that for an application hosted by a client, the data may be stored at one location, and execution may happen in another location depending on availability of resources. And, the two locations may be in two different countries.
Now, coming back to the example, let us say that company B is infringing on the patent by way of executing the method claimed in the patent.
If company B is hosting the infringing application in a traditional hosted service environment, it would be easy to prove that infringement actually happens by identifying the machine where the methods are executed, and by verifying the algorithm underlying the application. However, if the infringing application is operating in a cloud computing environment, it is extremely difficult for company A to investigate to check if infringement is happening indeed. For all we know, the storage of numbers in the aforementioned example could be on a cloud infrastructure with one service provider, and the execution of adding numbers could be happening on a cloud infrastructure with another service provider. And, the infrastructure controlled by the two service providers may be in different locations/countries. It will be interesting to see how technology and business models evolve in cloud computing space to accommodate these requirements.
2. Claim language
Another challenge that faces company A (meaning the applicants and/or associated practitioners) is to ensure that the claims in its patent applications are meaningful even in the context of cloud computing environment.
As we already know, software related method claims require a machine limitation. In order to satisfy the requirement of machine limitation and to keep the claim language clear and succinct, practitioners write claims in the context of a definitive environment where the configuration (number of elements/machines involved and their inter-relation) is defined. At the best, practitioners write multiple claim sets directed to multiple configurations of elements/systems in order to cover as many variations as possible. This approach has served well till now. However, in the context of cloud computing environment, the number of configurations possible in the execution of even the simplest of programs is not defined or predictable. And, it may not be possible to write claims to cover all the possibilities by providing specific machine limitations. It will be interesting to see how prosecution evolves, and how the “machine limitation” requirement will be interpreted in the context of technology operating in a cloud computing environment.
3. Confidentiality of information
As discussed, a cloud computing service provider guarantees on-demand computing resources. However, there is only so much capacity that a single service provider can build, typically service providers have partner relationships formed with other service providers to lease capacity on a need basis. This kind of a scenario poses serious threats to the legality of confidentiality of information.
In the first instance, consider an example where a company places its confidential information on a simple secured hosted server provided by a third party hosted service provider under a contract with confidentiality clauses in place. Such an arrangement may be a valid mechanism to maintain the information as a secret, and therefore may provide adequate protection if and when there is a breach.
In the second instance, consider an example where a company places the same information on a “cloud” infrastructure, again backed by a contract with confidentiality clauses in place. In this scenario, even though the company has signed with the primary service provider, there is no guarantee that the information remains with the primary service provider. The information may well be stored on a server with a secondary service provider having a relationship with the primary service provider. And, the secondary service provider may not be under the same confidentiality terms as was defined between the company and the primary service provider. In fact, it is possible that there is no understanding with respect to confidentiality between the primary service provider and the secondary service provider. Such a lack of understanding between service providers with respect to confidentiality places serious threats to maintaining legitimacy of a trade secret.
The aforementioned challenges transform into risks for various stakeholders, especially owners of the IP in question. In order to mitigate risks associated with aforementioned challenges, owners must:
–       be aware of IP risks in dealing with “cloud” based technologies
–       consult expert practitioners with understanding of the nuances of the evolving technology and IP law,
 –       have practitioners prepare carefully crafted patent applications, and

 –       ensure confidentiality of information through carefully structured contracts with cloud service providers.

  In summary, the murkiness of the “cloud” has introduced interesting challenges to the IP system. While the technology evolves and the IP system makes necessary adjustments to counter challenges posed by the evolution, being aware of the associated risks and taking simple measures can help owners reduce risk exposure considerably.

By, Arun K Narasani, Founder/CEO.