News Detail Banner
All News & Events

Article: Cloud Computing: Legal Issues on the Horizon

Business Litigation Reports

In the May 2014 issue of the Business Litigation Report, we discussed a hot topic in law and technology: cloud computing. That topic did not cool down over the summer. Businesses and courts—including the Supreme Court—have continued to grapple with issues presented by computing in the cloud, including who owns the rights to key cloud computing technologies. Given the increased competition and growth in the cloud computing market, such litigation is likely to continue in the future, and will need to take changing legal rules into account.

The Cloud Computing Market
Broadly defined, “cloud computing” refers to the shared use of computing resources over a distributed computer network. Those resources may include storage, processing, communication, or other computer tasks. The network over which such resources are accessed may be public like the Internet, private like many enterprise IT environments, or a hybrid network combining public and private elements. The business case for shifting computing resources to the cloud is based on the flexibility that cloud computing provides. Instead of needing to buy racks of expensive servers and other equipment as a necessary first step to launching a business, today’s startups can order “virtual” IT centers consisting of only the resources they actually need. Servers and other necessary technologies can be provisioned from a shared pool of computing resources almost as quickly as the company needs. The high fixed startup costs faced by many early IT departments, which posed significant barriers to entry in high-tech industries become, instead, “by-the-drink” operational expenses. As the business grows, these “virtual” computing resources can scale accordingly, often rolling out updated or new services with little to no downtime.

Estimating the size of the cloud computing market is complicated by debates over its definition. However the market is defined, it is enormous. For example, Cisco Systems Inc.’s 2014 Global Cloud Index predicts a 23 percent compound annual growth rate in global data center IP traffic from 2013 to 2018, with more than seventy-five percent of that workload being processed in the cloud by the end of that period. One organization reported that resulting global cloud computing service revenue in 2014 could be as high as $209.9 billion, growing to $555 billion by 2020. See http://www.investorideas.com/news/2014/technology/08291.asp.

Cloud Computing Players
Historically, cloud computing has been broken into three main segments: Infrastructure as a Service (“IaaS”), Platform as a Service (“PaaS”), and Software as a Service (“SaaS”). These segments are differentiated based on the types of services they provide. IaaS consists of raw computing resources that can be shared among customers. IaaS offerings are highly customizable, but require significant customer involvement to develop and launch. At the other end of the spectrum, SaaS providers offer largely pre-configured applications that can be quickly deployed, but are often significantly limited in the degree to which they can be customized. PaaS lies somewhere in between the radical flexibility of IaaS and the pre-configured offerings from SaaS providers. Some prominent participants and product offerings in each segment are identified below.

IaaS
● Amazon Web Services Elastic Compute Cloud
● CenturyLink
● Google Compute Engine
● Microsoft Windows Azure
● OpenStack
● Rackspace
● Verizon Terremark
● VMWare

PaaS
● Amazon Web Services Elastic Beanstalk
● Cloud Bees
● Engine Yard
● Force.com
● Google App Engine
● Heroku
● IBM SmartCloud
● Microsoft Windows Azure
● OpenShift Online
● Red Hat OpenShift

SaaS
● Dropbox
● Google Apps for Business
● Microsoft Office 365
● Oracle
● Salesforce.com
● Zendesk
● Zoho

As is evident from even a cursory review of these lists, the lines between these categories are blurred, with companies often participating in multiple market segments. Moreover, new forms of cloud computing are emerging to supplement the three basic segments, including Unified Communications as a Service (“UCaaS”), which seeks to offload a firm’s various telecommunications functions to cloud resources, and Anything as a Service (“XaaS”), which offers highly customized offerings to suit any customer need. Prominent players in these emerging market segments are listed below.

UCaaS
● Alcatel-Lucent
● Cisco Systems
● CSC
● Hewlett Packard
● IBM
● Microsoft
● Mitel
● Polycom
● RingCentral
● ShoreTel
● Verizon
● Vonage
● Voss
● 8x8

XaaS
● Amazon Web Services
● Hewlett Packard
● IBM
● Microsoft
● Oracle
● SAP AG
● VMWare

The applications for which cloud computing is being utilized are at least as diverse as the participants in the cloud computing market. Cloud technologies can be used for computing functions from basic data storage to complicated analysis of so-called Big Data. Many business functions also have been moved to the cloud, including sales force and inventory management. Cloud computing has engendered a variety of new industry-specific applications, from virtual doctor’s appointments and health monitoring to precision agriculture. New cloud-based applications are being developed constantly.

Cloud Computing Standards
The variety of cloud network deployments produced substantial debate among commentators and IT professionals about how to properly define and implement “cloud computing.” Recently, national and international standard-setting organizations have also entered the fray, adopting shared definitions and specifications for cloud computing.

For example, in October 2014 the U.S. National Institute of Standards and Technology (“NIST”) released the final version of the “US Government Cloud Computing Technology Roadmap.” That multi-volume document outlines a plan for implementing the U.S. government’s 2011 Cloud Computing Strategy. Many of the NIST recommendations concern the development of consistent standards for cloud computing terminology and practices. In fact, the first NIST requirement is the development of “international voluntary consensus-based interoperability, portability, security, performance, and related standards” for implementing cloud computing technologies. (U.S. Government Cloud Computing Technology Roadmap, Vol. I, p. 5.)

International organizations are heeding the calls of NIST and others to develop shared standards for cloud computing. On October 15, 2014, The International Organization for Standardization and the International Electrotechnical Commission released the first editions of two different cloud computing standards. The first, ISO/IEC 17788, contains an “[o]verview and vocabulary” for cloud computing. The second, ISO/IEC 17789, describes a cloud computing “[r]eference architecture.”

As recognized by the NIST requirements, the spread of shared vocabularies and architectures for cloud computing promises to simplify the adoption of cloud computing technologies among public and private organizations. Such standards are likely to continue evolving as cloud technologies are adopted more broadly.

Patenting the Cloud
In order to protect this rapidly expanding list of new technologies, cloud computing companies have actively sought patent protection for their inventions. A November 2013 review of U.S. patents containing the phrase “cloud computing” in their title, abstract, or claims—a methodology likely to underestimate the number of cloud-related patents—revealed nearly 200 patents, held by prominent cloud participants like IBM, Microsoft, Google, SAP, Amazon, and Verizon. See http://thoughtsoncloud.com/2014/03/analysis-of-cloud-computing-patent-holders/. Litigation between large market participants has already occurred. For example, Microsoft sued Salesforce.com for patent infringement in 2011; the case has settled.

Large market participants are not the only entities with patents covering cloud technologies. Non-practicing entities (“NPEs”) are actively involved in cloud computing patent litigation. For example, SimpleAir, an NPE based in Texas, won an $85 million jury verdict based on cloud messaging patents in 2014. SimpleAir also reportedly settled disputes with other large corporations in the cloud computing space for unspecified sums. NPEs likely will play an increasing role in such litigation in the future. Many cloud computing startups have failed, often selling their patents to NPEs in a last-ditch attempt to monetize their technology.

As a result, a number of cloud computing companies have engaged in defensive maneuvers designed to mitigate the potential for litigation over cloud technologies. This includes both acquiring patents to use in counterclaims as leverage to settle any suits that arise and aggressively challenging the patents of NPEs in courts and at the Patent Office.

One company, Unified Patents, has made organizing such defensive efforts the central focus of its business model. Unified Patents offers a service whereby companies in different technology “Zones” can join together to defend their Zones against NPE litigation. Cloud storage technology is one of the Zones that Unified Patents intends to protect. To do so, Unified Patents pursues a multi-faceted strategy, buying patents related to Zones so that those patents cannot be obtained by NPEs and initiating inter partes review proceedings against patents that NPEs have asserted within the Zones. Whether such strategies will effectively deter NPE litigation against cloud computing technologies remains to be seen.

Cloud Computing and the Supreme Court
Three recent decisions by the U.S. Supreme Court are likely to significantly affect the outcome of future patent cases involving cloud computing. Each of these cases was previewed in the May 2014 Business Litigation Report article, but none had yet been decided. This summer, however, the Supreme Court issued its rulings in Limelight Networks, Inc. v. Akamai Technologies, Inc.; Nautilus, Inc. v. Biosig Instruments, Inc.; and Alice Corp. v. CLS Bank. Each of these rulings is likely to benefit defendants facing infringement allegations based on cloud computing patents.

Limelight Networks, Inc. v. Akamai Technologies, Inc., No. 12-786 (June 2, 2014). In this case, Limelight was accused of infringing a patent that claimed a computer-implemented method of delivering data across a content delivery network. One of the steps of the method was performed by Limelight’s customers, rather than by Limelight itself, which Limelight contended would preclude its liability for infringement. Quinn Emanuel submitted an amicus curiae brief in support of Limelight on behalf of multiple clients. A unanimous Supreme Court found in Limelight’s favor, holding that a single actor must perform all the steps of a claimed method for a claim to be infringed directly or indirectly. Given the inherently distributed nature of cloud computing, in which each layer of the service may be provided by a different entity, this ruling is likely to make it more difficult for patent plaintiffs to prevail against cloud computing providers when asserting method patents.

Nautilus, Inc. v. Biosig Instruments, Inc., No. 13-369 (June 2, 2014). This case addressed the validity of a patent covering a heart-rate monitor for use with exercise equipment. Although not concerning a cloud computing technology, the case addressed an issue that has been problematic for computing patents more generally: how to determine whether a patent claim is sufficiently definite under 35 U.S.C. § 112, ¶ 2. The Supreme Court, again unanimously, ruled that “a patent’s claims, viewed in light of the specification and prosecution history, [must] inform those skilled in the art about the scope of the invention with reasonable certainty.” Defendants will likely use the risk of invalidity under the Supreme Court’s new test as leverage in patent suits.

Alice Corp. v. CLS Bank, No. 13-298 (June 19, 2014). This case also involved invalidity issues, although it was squarely focused on computing technology. Specifically, Alice Corporation asserted a patent that claimed a computer-implemented method for mitigating settlement risk by establishing a third-party intermediary to ensure the completion of financial transactions. CLS Bank argued that the patent was invalid because it claimed merely an “abstract idea,” which is not eligible for patent protection under 35 U.S.C. § 101. The Supreme Court, again unanimously, applied a two-step inquiry for determining whether a patent claims patent-eligible subject matter. Step one asks whether the claims are drawn to ineligible matter, such as a law of nature, natural phenomenon, or abstract idea. If  so, the second step considers each claim element as well as the claim as a whole to determine if something in the claim somehow transforms the claim into patent-eligible matter. The Supreme Court found that the claim at issue in Alice merely related to the abstract idea of “intermediated settlement,” and the use of a generic computer to implement that idea did not transform it into patent-eligible subject matter. Defendants will no doubt rely on Alice and its progeny to attack patents that claim computer-implemented cloud computing technologies. Indeed, the Federal Circuit has already relied upon Alice to affirm invalidating a computer-implemented technology patent as a matter of law. See BuySafe, Inc. v. Google, Inc., No. 2013-1575 (Fed. Cir. Sep. 3, 2014) (affirming dismissal of case alleging infringement of patent directed to forming a “transaction performance guaranty” contract using a computer).

Other Cloud Computing Legal Issues
Patent litigation is not the only legal issue faced by cloud computing firms. Several other issues are likely to spawn future litigation as cloud computing becomes increasingly popular and profitable.

Security and Privacy. A chief concern for businesses seeking to migrate some or all their options to the cloud is the security of the data that resides there. Experts continue to debate the relative security of data in the cloud, and firms such as Symantec and Fortinet are actively developing new technologies to safeguard data. As cloud applications extend into areas such as health care, in which the storage and protection of patient data is highly regulated, these security concerns are likely to grow increasingly prominent. Should the security of data stored in the cloud be compromised, affected parties may resort to the courts for redress.

SLA Enforcement. Most cloud computing services are governed by Service Level Agreements (“SLAs”). SLAs tend to include minimum guarantees by the cloud services provider relating to resource availability and operations. Breaches of these agreements can trigger contractual liability. Proposed EU regulations governing SLAs and net neutrality rules in the United States may further complicate service guarantees in the cloud and/or spawn additional litigation concerning their enforcement.

Conclusion
This article has touched on only a few of the legal issues relevant to the continuously evolving cloud computing industry. With the increased adoption of mobile network computing, smartphones, tablets and even wearable technology, cloud computing is certain to remain a prominent issue for both technologists and lawyers.