Data sovereignty and the Cloud – a structured bibliography

Issue: 

Abstract
A structured bibliography is provided to assist research into the late-2013 status of cloud and data sovereignty (or “digital protectionism”) policy discussions in Australia and elsewhere.

This set of references includes documents assisting understanding of the late-2013 status of cloud and data sovereignty (or “digital protectionism”) policy discussions in Australia. Material from the US, EU and other countries is necessarily less complete than that from Australia. Some online material may require registration or subscription. Links were active in October 2013.

1. Articles, books, papers

Aaronson, Susan. “Internet Governance or Internet Control? How to Safeguard Internet Freedom.” Cicero Foundation Great Debate, no. 13 (2013). Available at: http://www.cicerofoundation.org/lectures/Aaronson_Internet_Governance.pdf

Aaronson, Susan and Maxim, Rob. “Data Protection and Digital Trade in the Wake of the NSA Revelations.” Intereconomics Volume 48, Number 5, September/October 2013. Available at: http://www.intereconomics.eu/archive/year/2013/5/871/#res3

Aaronson, Susan and Townes M.D. “Can Trade Policy Set Information Free? Trade Agreements, Internet Governance, and Internet Freedom”, December 2012. Available at: http://www.gwu.edu/~iiep/governance/taig/CanTradePolicySetInformationFreeFINAL.pdf

Ahn, Gail-Joon, James Joshi and Hassan Takabi. ‘Security and Privacy Challenges in Cloud Computing Environments.’ (2010) Security & Privacy, IEEE 8(6): 24-31. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5655240.

Albeshri, Aiiad, Colin Boyd and Juan Conzalez Nieto. “GeoProof: Proofs of Geographic Location for Cloud Computing Environment. ” International Conference on Distributed Computing Systems Workshops (2012). http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6258199

Angelo, Lisa. ‘Exploring Legal Issues at High Altitudes: The Law in the Cloud.’(2012) International Trade Law Journal 20(1): 39. http://heinonline.org/HOL/Page?handle=hein.journals/curritlj20&div=8&collection=journals&set_as_cursor=1&men_tab=srchresults&terms=cloud|contract&type=matchall

Asghar, Muhammad Rizwan, Mihaela Ion et al. “Securing Data Provenance in the Cloud.” In Open Problems in Network Security, edited by Jane Camenisch & Dogan Kesdogan, 145-161. Lucerne, Switzerland: iiNetSec, 2011. http://link.springer.com/content/pdf/10.1007%2F978-3-642-27585-2.pdf

Australian Communications Consumer Action Network. “Data Breach Notifications: Submission by the Australian Communications Consumer Action Network to the Attorney-General’s Department.” ACCAN (2012). Available at: http://accan.org.au/files/notification_submission_accan_23_11_2012.pdf

Badger, Lee, Tim Grance, Robert Patt-Corner and Jeff Voas. “Cloud Computing Synopsis and Recommendations.” National Institute of Standards & Technology, Special Publication 800-146 (2012). http://csrc.nist.gov/publications/nistpubs/800-146/sp800-146.pdf

Bamiah MA and SN Brohi. “Exploring the Cloud Deployment and Service Delivery Models.” International Journal of Research and Reviews in Information Sciences, Vol. 1, No. 3 (2011). Available at: http://www.sciacademypublisher.com/journals/index.php/ IJRRIS/article/download/165/156

Barwick, Hamish. “Data sovereignty still misunderstood in Australia: Microsoft.” Computerworld, September 18, 2012. Available at: http://www.computerworld.com.au/article/436682/data_sovereignty_still_misunderstood_australia_microsoft_/

Barwick, Hamish. “Navigating the cloud security minefield.” CIO, September 5, 2012. Available at: http://www.cio.com.au/article/print/435496/navigating_cloud_security_minefield/

Bashir, M., J. P. Kesan, C. M. Hayes, R. Zielinski, “Privacy in the Cloud: Going Beyond the Contractarian Paradigm”, University of Illinois, 2011. Available at: http://assured-cloud-computing.illinois.edu/sites/default/files/AFRL%2520Talk%2520-%2520Privacy-Cloud-Computing%2520Dec-14- 2011.pdf

Bell, S. “Don’t Fear the Patriot Act says Microsoft Lawyer.” Computerworld NZ, September 27, 2011. Available at: http://computerworld.co.nz/news.nsf/news/dont-fear-the-patriot-act-says-microsoft-lawyer

Bender, Adam. “Australian Government Releases Big Data Issues Paper.” CIO Magazine, March 18, 2013. Available at: http://www.cio.com.au/article/456545/australian_government_releases_big_data_issues_paper/

Bierce & Kenerson, P.C. “Cybersecurity: An Issue for Both Tech Service Providers and Clients, especially for Cloud, Mobil and Social Computing and the Internet of Things.” Outsourcing-Law, November 12, 2012. Available at: http://www.outsourcing-law.com/2012/11/cybersecurity-an-issue-for-both-tech-service-providers-and-clients/

Bleich, Jeffrey. “Cloud agreement can bring blue skies.” The Age, December 11, 2012. Available at: http://www.theage.com.au/it-pro/government-it/cloud-agreement-can-bring-blue-skies-20121211-2b77f.html

Bradshaw, Simon, Millard, Christopher and Walden, Ian. "Contracts for clouds: comparison and analysis of the Terms and Conditions of cloud computing services." Queen Mary School of Law Legal Studies Research Paper, no 63 (2010). Available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1662374

Bray, Oliver and Fiona Wilson. ‘EU Data Protection Regulators and Cloud Computing Contracts.’ (2013) Journal of Internet Law 16(8): 18-20. Available at: http://web.ebscohost.com/ehost/pdfviewer/pdfviewer?sid=081d1c3e-ebdc-41d0-9bad-724774527e8b%40sessionmgr104&vid=2&hid=9

Burman, Kendall. “Comparison Chart: Information Sharing, Monitoring & Countermeasures Provisions in the Cybersecurity Bills.” Centre for Democracy & Technology, July 30, 2012. Available at: https://www.cdt.org/paper/comparison-chart-information-sharing-monitoring-and-countermeasures-provisions-cybersecurity-b

Burr, Beckwith. “The Electronic Communications Privacy Act of 1986: Principles of Reform.Digital Due Process Coalition, 2010. Available at: http://digitaldueprocess.org/index.cfm?objectid=FE5C92F0-2552-11DF-B455000C296BA163#5

Calloway, Timothy J. ‘Cloud Computing, Clickwrap Agreements, and Limitation on Liability Clauses: A Perfect Storm?’ (2012) Duke Law & Technology Review 11(1): 163-174. Available at: http://heinonline.org/HOL/Page?handle=hein.journals/dltr11&div=7&collection=journals&set_as_cursor=0&men_tab=srchresults&terms=cloud|contract&type=matchall#163.

Carnabuci, Connie. ‘The long arm of the USA Patriot Act: tips for Australian businesses selecting data service providers’, Freshfields Bruckhaus Deringer for Macquarie Telecom, November 2011. Available at: http://www.powerretail.com.au/wp-content/downloads/macquarie/The-long-arm-of-the-USA-Patriot-Act.pdf or http://info.macquarietelecom.com/rs/macquarietelecom/images/THE%20US%20PATRIOT%20ACT%20AND%20ITS%20IMPLICATIONS%20FOR%20CLOUD%20DATA%20CENTRES%2015%20NOVEMBER%202011.pdfhttp://info.macquarietelecom.com/rs/macquarietelecom/images/THE%20US%20PATRIOT%20ACT%20AND%20ITS%20IMPLICATIONS%20FOR%20CLOUD%20DATA%20CENTRES%2015%20NOVEMBER%202011.pdf

Carnabuci, Connie and Heather Tropman. ‘Whitepaper: The Cloud and US Cross-Border Risks.’ Macquarie Telecom and Freshfields Bruckhaus Deringer. October 2011. Available at: http://ozhub.com.au/wp-content/uploads/2011/10/Macquarie_Telecom_Cloud_and_Cross-Border_Risks.pdf

Cate, Fred H. “The Vanishing Fourth Amendment,” BNA Privacy and Security Law Report 1875, no. 6 (2007).

Cate, Fred H, and Eisenhauer, Margaret. “Between a Rock and Hard Place: The Conflict Between European Data Protection Laws and U.S. Civil Litigation Document Production Requirements,” BNA Privacy and Security Law Report 229, no. 6 (2007).

Celestine, Carole M. ‘”Cloudy” Skies, Bright Futures? In Defense of a Private Regulatory Scheme for Policing Cloud Computing.’ University of Illinois Journal of Law, Technology & Policy 2013(1): 141-164. Available at: http://heinonline.org/HOL/Page?handle=hein.journals/jltp2013&div=9&collection=journals&set_as_cursor=4&men_tab=srchresults&terms=cloud|contract&type=matchall#147

Chen, Deyan. ‘Data Security and Privacy Protection Issues in Cloud Computing.’ IEEE, 2012 International Conference on Computer Science and Electronics Engineering 1. Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6187862

Christensen, Laurits and Etro, Federico. “Big Data, the Cloud and the EU Regulation on Data Protection” Intereconomics Volume 48, Number 5, September 2013. Available at: http://www.intereconomics.eu/archive/year/2013/5/871/#res2

Clark, Trevor. “The fog of law and cloud computing.” Sydney Morning Herald, February 18, 2013. Available at: http://www.smh.com.au/it-pro/cloud/the-fog-of-law-and-cloud-computing-20130218-2emkw.html

Cochrane, Nate. “What will you do when the US comes for you?” Sydney Morning Herald SMH, January 26, 2012. Available at: http://www.smh.com.au/it-pro/cloud/what-will-you-do-when-the-us-comes-for-you-20120125-1qhc1.html

Cohn, Cindy, Samuels, Julie. “Megaupload and the Government's Attack on Cloud Computing.” Electronic Frontiers Foundation, October 31, 2012. Available at: https://www.eff.org/deeplinks/2012/10/governments-attack-cloud-computing

Condliffe, Jamie. “TPP: The Biggest Global Threat to the Internet since ACTA.” Gizmodo Australia, May 1, 2013. Available at: http://www.gizmodo.com.au/2013/05/tpp-the-biggest-global-threat-to-the-internet-since-acta/

Connolly, Chris. “US safe harbor – fact or fiction?” Privacy Laws & Business International 96 (2008): 26-27. Available at: http://www.galexia.com/public/about/news/about_news-id143.html

Connolly, Chris, Vaile, David. “Drowning in Codes of Conduct: An Analysis of Codes of Conduct Applying to Online Activity in Australia.” Cyberspace Law and Policy Centre, UNSW Faculty of Law Research Series [2013] UNSWLRS 23. Available at: http://cyberlawcentre.org/onlinecodes/report.pdf or http://www.austlii.edu.au/au/journals/UNSWLRS/2013/23.html

Crozier, Ry. “DFAT keeps Australians in dark on TPP Stance.” IT News, 16 April, 2013. http://www.itnews.com.au/News/339897,dfat-keeps-australians-in-dark-on-tpp-stance.aspx

Cowan, Paris. ‘NSW Government Cloud Computing Policy Due this Year.’ Intermedium, 25 March 2013. Available at: http://www.intermedium.com.au/content/nsw-government-cloud-policy-due-year

De Filippi, Primavera, McCarthy, Smari. “Cloud Computing: Centralization and Data Sovereignty.” European Journal of Law and Technology 3, no. 2 (2012): 1-21. Available at: http://ssrn.com/abstract=2167372

De Filippi, Primavera, Porcedda, Maria. “Privacy Belts on the Innovation Highway.” Paper presented at Internet, Politics, Policy 2012, Oxford Internet Institute, 21-22 September 2012. Available at: http://microsites.oii.ox.ac.uk/ipp2012/sites/microsites.oii.ox.ac.uk.ipp2012/files/Porcedda_DeFilippi_Privacy_Belts_on_the_Information_Highway.pdf

Dent, Georgia. “Patriot Missile Incoming.” BRW, 12 April, 2012. Available at: http://www.brw.com.au/p/sections/%20professions/patriot_missile_incoming_UUcd4ia6XvjBMhxD2aYhpI

Dix, Alexander (Berlin Commissioner for Data Protection and Freedom of Information). “The Commission's Data Protection Reform After Snowden's Summer” Intereconomics Volume 48, Number 5, September/October 2013. Available at: http://www.intereconomics.eu/archive/year/2013/5/871/#res1

Doyle, C., “National Security Letters in Foreign Intelligence Investigations: Legal Background and Recent Amendments”, Congressional Research Service, 8 September, 2009. http://www.fas.org/sgp/crs/intel/RL33320.pdf

Emerson, Craig (Trade Minister). “Australia welcomes Japan to Trans-Pacific Partnership negotiations.” Media release, Australian Government, 21 April 2013. Available at: http://trademinister.gov.au/releases/2013/ce_mr_130421.html

Filippi, Primavera De and Smari McCarthy. ‘Cloud Computing: Centralization and Data Sovereignty.’ (2012) European Journal of Law and Technology 3(2). Available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2167372

Fleming, Jeremy. “US makes first public comment over draft EU data privacy law.” EurActiv, 29 April, 2013. Available at: http://www.euractiv.com/infosociety/us-airs-views-eu-privacy-rules-news-519279

Forsheit, Tanya L. “E-Discovery Involving Cloud Facilities.” Practicing Law Institute/PAT 157, no. 12 (2010): 159-168.

Foo, Fran. “E-health supplier link to data fears.” The Australian, 13 November 2012. Available at: http://www.theaustralian.com.au/australian-it/government/e-health-supplier-link-to-data-fears/story-fn4htb9o-1226515384569

Fossoul, Nicolas. “Does the USA PATRIOT Act Give U.S. Government Access to E.U. Citizens' Personal Data Stored in the Cloud in Violation of the E.U. Law?” paper for University of Tilburg L.L.M. Law & Technology, 2012. Available at: http://arno.uvt.nl/show.cgi?fid=127396

Garon, Jon M., ‘Navigating Through the Cloud – Legal and Regulatory Management for Software as a Service’ (Working Paper, NKU Chas Law & Information Institute, 11 October 2011). Available at: http://ssrn.com/abstract=225246

Geist, Michael & Homsi, M., “The Long Arm of the USA Patriot Act: A Threat to Canadian Privacy?” submission on the USA Patriot Act to B.C. Information and Privacy Commissioner”, July 2004. Available at: http://www.docstoc.com/docs/48522538/The-Long-Arm-of-the-USA-Patriot-Act-A

Gellman, Barton, and Poitras, Laura. “Documents: U.S. mining data from 9 leading Internet firms; companies deny knowledge.” Washington Post, 7 June 2013. Available at: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html. (See also Washington Post and New York Times for further stories from same authors arising from the same material.)

Gewirtz, D. “Security implications of public vs. private clouds,” ZDnet, 22 April 2013. Available at: http://www.zdnet.com/security-implications-of-public-vs-private-clouds-7000014299/

Gilbert, Francoise. “Cloud Service Contracts May Be Fluffy: Selected Legal Issues to Consider Before Taking Off.” Journal of Internet Law 17 (2010).

Gillies, Stephen. “Cloud providers and data sovereignty issues.” Search Security, 11 August 2011. Available at: http://searchsecurity.techtarget.com.au/news/2240039486/Cloud-providers-and-data-sovereignty-issues

Gold, Joshua, ‘Protection in the Cloud: Risk management and insurance for cloud computing’ (2012) 15(3) Journal of Internet Law 23.

Greenwald, Glenn, and Ewen MacAskill. “NSA taps in to internet giants' systems to mine user data, secret files reveal.” The Guardian, 7 June 2013. Available at: http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data (see also ‘NSA’ tag at The Guardian for further stories from the same authors arising from the same material)

Groß, Stephan, and Alexander Schill. ‘Towards User-Centric Data Governance and Control in the Cloud,Open Problems in Network Security, IFIP WG 11.4 International Workshop, iNetSec 2011, Lucerne, Switzerland, June 9, 2011, Revised Selected Papers, pp 145-160. Available at: http://link.springer.com/chapter/10.1007/978-3-642-27585-2_11

Grubb, B. “Hackers publish AAPT data in protest over web spy plan.” SMH, 30 July 2012. Available at: http://www.smh.com.au/it-pro/security-it/hackers-publish-aapt-data-in-protest-over-web-spy-plan-20120730-238lp.html

Hafizah, Osman. “Cloud becoming a business process service delivery model: IDC.” ARN, 31 January 2013. Available at: http://www.arnnet.com.au/article/452404/ cloud_becoming_business_process_service_delivery_model_idc/

Hart, Nick and Mark Vincent. ‘Legal issues in the Cloud – Part 1.’ CIO. 8 April 2011. Available at: http://www.cio.com.au/article/382624/legal_issues_cloud_-_part_1/

Hon, W Kuan, Christopher Millard and Ian Walden. “UK G-Cloud v1 and the impact on cloud contracts - Part I.” (2012) 17 Communications Law Review 3: 78, Queen Mary School of Law Legal Studies Research Paper No. 115/2012. Available at: http://ssrn.com/abstract=2038557

Hon, W. Kuan, Christopher Millard and Ian Walden, ‘Negotiating Cloud Contracts: Looking at Clouds from Both Sides Now’ (2012) 16 Stanford Technology Law Review 81. Available at: http://stlr.stanford.edu/pdf/cloudcontracts.pdf

Hutchinson, James. “Amazon cloud entry poses legal concerns to business.” Australian Financial Review, 13 November 2012. Available at: http://www.afr.com/p/technology/amazon_cloud_entry_poses_legal_concerns_bIF2UhQdAltKIA7tOZfPwO

Hutchinson, James, and Ramli, David. “US Surveillance Threatens Confidence in Cloud Computing” Australian Financial Review, 11 June 2013. Available at: http://www.afr.com/p/technology/us_surveillance_threatens_confidence_bIQTKSP3qAKwQLsrDCeMYJ

Irion, Kristina. “Government Cloud Computing and the Policies of Data Sovereignty,” Policy & Internet 3 (2012): 40. Available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1935859

Keane Bernard. "Protectionism, free trade and security up in the cloud.” Crikey, 12 December 2012. Available at: http://www.crikey.com.au/2012/12/12/protectionism-free-trade-and-security-up-in-the-cloud/

Kerr, Orin. “A User's Guide to the Stored Communications Act, and a Legislator's Guide to Amending It,” George Washington Law Review 72 (2004. Available at: http://ssrn.com/abstract=421860

Kerr, Orin. “Applying the Fourth Amendment to the Internet: A General Approach,” Stanford L Rev 62, no. 4 (2010): 1005-1050. Available at: http://www.stanfordlawreview.org/sites/default/files/articles/Kerr_0.pdf

Kessler, David et al. “Is Personal Data Located Outside the United States’ Not Reasonably Discoverable?” PVLR 7 (2008): 1356

Kneller D. “Data Security Breaches on the Rise: How to Effectively Deal with this New Risk,” International Law Bulletin (2011): 76-78

Kshetri, N. "Cloud Computing in Developing Economies," Computer 43, no.10 (2010): 47-55. Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5530325&isnumber=5604146

Lanois, Paul. ‘Privacy in the age of the cloud’ (2011) 15(6) Journal of Internet Law 3.

Lee, Jane. “Million-dollar fines set for privacy breaches.” Sydney Morning Herald, 30 November 2012. Available at: http://www.smh.com.au/it-pro/security-it/milliondollar-fines-set-for-privacy-breaches-20121130-2al1e.html

Lele, Vishwas. “20 Things That May Be ‘Clouding’ Your Choice About the Cloud But Shouldn’t.” Applied Information Sciences, 28 March 2012. Available at: http://blog.appliedis.com/wp-content/uploads/2012/06/AIS-Top-20-Reasons-Clouding-Cloud-Adoption-WP.pdf

Lynch, Andrew, and George Williams. What Price security? Taking Stock of Australia’s Anti-Terrorism Laws. Sydney, NSW: University of New South Wales Press, 2006

Mackie, Mary Leigh. "Discovering the Cloud's Silver Lining." KM World, 2 November, 2012. Available at: http://www.kmworld.com/Articles/White-Paper/Article/Discovering-the-Clouds-Silver-Lining-85603.aspx (registration required)

MacLeod, Ian. “Cloud computing law puts Canadian users at risk of snooping by American spies.” The Ottawa Citizen, 2 February 2013. Available at: http://www.ottawacitizen.com/business/Cloud+computing+puts+Canadian+users+risk+snooping+American/7907562/story.html

Marston, Sean et al. “Cloud computing – The business perspective,” Decision Support Systems 51, no. 1 (2011): 176-189. Available at: http://www.sciencedirect.com/science/article/pii/S0167923610002393

Maurushat, Alana. “Data Breach Notification Law Across the World from California to Australia,” Privacy Law and Business International February 2009, and [2009] UNSWLRS 11. Available at: http://ssrn.com/abstract=1412063 and http://www.austlii.edu.au/au/journals/UNSWLRS/2009/11.html

Maxwell, Winston and Christopher Wolf, ‘A Global Reality: Governmental Access to Data in the Cloud – A comparative analysis of ten international jurisdictions (Governmental access to data stored in the Cloud, including cross-border access, exists in every jurisdiction)’, Hogan Lovells July 2012. Available at: http://www.hoganlovells.com/files/News/c6edc1e2-d57b-402e-9cab-a7be4e004c59/Presentation/NewsAttachment/a17af284-7d04-4008-b557-5888433b292d/Revised%20Government%20Access%20to%20Cloud%20Data%20Paper%20(18%20July%2012).pdf

McDonald, Steve. “Legal and Quasi-Legal Issues in Cloud Computing Contracts”, EDUCAUSE and NACUBO Workshop on Cloud Computing and Shared Services, Tempe, Arizona, 8-10 February 2010. Available at: http://net.educause.edu/section_params/conf/CCW10/issues.pdf



McKendrick, Joe. ‘5 Ways to take the opaqueness out of cloud contracts.’ ZDNet. 4 August 2013. Available at: http://www.zdnet.com/5-ways-to-take-the-opaqueness-out-of-cloud-contracts-7000018938/

McNicholas, Edward R. “National Security Letters: Practical Advice for Understanding and Handling Exceptional Requests,” 8 PVLR 13 (2009). Available at: http://www.sidley.com/publications/detail.aspx?pub=2047

Mell, P, Grance, T. The NIST Definition of Cloud Computing. Recommendations of the National Institute of Standards and Technology (NIST), Special Publication 800–145 (January 2011). Available at: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

Metri, P, G Sarote. “Privacy Issues and Challenges in Cloud Computing,” International Journal of Advanced Engineering Sciences and Technologies 5 (2011): 1-6. Available at: http://pdf.thepdfportal.com//PDFFiles/12160.pdf

Michaelsen, Christopher. "Reforming Australia's National Security Laws: The Case for a Proportionality-Based Approach," University of Tasmania Law Review 31 (2010). Available at: http://www.austlii.edu.au/au/journals/UTasLawRw/2010/2.html

Morris, Chris/IDC, Asia/Pacific (Excluding Japan) Cloud Services and Technologies End-User Survey, 2011, IDC, November 2012.

M Law Group. “New Draft European Data Protection Regime.” M Law M Patent Group, 2 February 2012. Available at: http://www.mlawgroup.de/news/publications/detail.php?we_objectID=227

Nicholls, Matthew and Alex Maschmedt. “Transborder Dataflows and Jurisdictional Issues in the Cloud – Australia.” 2 May 2012. Available at: http://www.hg.org/article.asp?id=26498

Nielsen, Nikolaj. “The man behind the EU Parliament’s data regulation.” EU Observer, 6 May 2013. http://euobserver.com/justice/119951

Pavolotsky, John. “Cloud Services and Information Security: The Public vs. Private Service Provider Debate.,” New Matter 37, no.1 (2012): 32-35. Available at: http://ssrn.com/abstract=2022519

Peterson, Zachary et al. “A position paper on data sovereignty: The importance of geolocating data in the cloud.” Paper presented at Hotcloud 11, Portland, Oregon, June 14, 2011. Available at: http://static.usenix.org/event/hotcloud11/tech/final_files/Peterson.pdf

Pham, Cindy. ‘E-Discovery in the Cloud Era: What’s a Litigant to do?’ (2013) Hastings Science and Technology Law Journal 5(1): 139-190. Available at: http://heinonline.org/HOL/Print?handle=hein.journals/hascietlj5&div=9&collection=journals&set_as_cursor=2&men_tab=srchresults&terms=cloud|contract&type=matchall

Pryce, Jeffrey F. “The Globalization of Electronic Evidence Gathering: U.S. Joins Council of Europe Convention on Cybercrime,” PVLR 5: 1450 (2006)

Reed, Chris. “Information ‘Ownership’ in the Cloud,” Queen Mary School of Law Legal Studies Research Paper No. 45 (2010). Available at: http://ssrn.com/abstract=1562461

Reed, Chris. ‘Information 'Ownership' in the Cloud’, Legal Studies Research Paper No. 45/2010, Queen Mary School of Law, 2 March 2010. Available at: http://ssrn.com/abstract=1562461

Roach K. “The Eroding Distinction Between Intelligence and Evidence in Terrorism Investigations.” Counter-Terrorism and Beyond - The Culture of Law and Justice After 9/11, eds. Andrew Lynch, Nicola McGarrity, George Williams (Sydney: Routledge, 2010)

Robinson, Frances. “U.S. to EU: U.S. Data Law Is Brill.” Wall Street Journal, 19 April 2013. Available at: http://blogs.wsj.com/brussels/2013/04/19/u-s-to-eu-u-s-data-law-is-brill/

Ryan, W, Michael and Christopher Loeffler. “Insights into Cloud Computing,” Intellectual Property & Technology Journal 22 no. 11 (2011)

Sandeen, Sharon K., ‘Lost in the Cloud? The Implications of Cloud Computing for Trade Secret Protection’, 4 April 2012. Available at: http://ssrn.com/abstract=1685402 (working paper - contact author for current version)

Schneier, Bruce. “What We Don't Know About Spying on Citizens: Scarier Than What We Know.” The Atlantic, 6 June 2013. Available at: http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/. (See also https://www.schneier.com/, particularly ‘Crypto-Gram’, for further commentary on similar issues published elsewhere.)

Soma, John, Melody Mosley Gates, Maury Nichols and Ana Gutiérrez. “Chasing the Clouds Without Getting Drenched: A Call for Fair Practices in Cloud Computing Services” Journal of Technology Law & Policy (2011) 16. Available at: http://ssrn.com/abstract=2039439

Srinivasan, Madhan Kumar et al. “State-of-the-art cloud computing security taxonomies: a classification of security challenges in the present cloud computing environment.” Paper at International Conference on Advances in Computing, Communications and Informatics, Chenai, India, 5 August 2012. Available at: http://delivery.acm.org/10.1145/2350000/2345474/p470-srinivasan.pdf?ip=149.171.199.49&acc=ACTIVE%20SERVICE&CFID=156257874&CFTOKEN=96448655&__acm__=1347520754_5bf8187323354f57fc8a39dd9c44c269

[staff writer] “USTR Flags Procurement, Data Flow Issues as New Barriers in Canada.” Inside Trade, 27 April 2012. Available at: http://insidetrade.com/Inside-US-Trade/Inside-US-Trade-04/27/2012/ustr-flags-procurement-data-flow-issues-as-new-barriers-in-canada/menu-id-710.html

Tufts, Shannon H. ‘Cloud Computing: Contracting Considerations for Inclusion.’ 2012. University of North Carolina. Available at: http://www.cpt.unc.edu/documents/Cloud_contractV3_000.pdf

Tyson, Laura J. "A Break in the Internet Privacy Chain: How Law Enforcement Connects Content to Non-Content to Discover an Internet User's Identity," (2010) Seton Hall Law Review: Vol. 40: Iss. 3, Article 14. Available at: http://erepository.law.shu.edu/shlr/vol40/iss3/14

Van Hoboken, Dr. J. A. Arnbak, Prof. N van Eijk, N. Kruijsen. “Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act.” Institute for Information Law (2012). Available at: http://www.surfsites.nl/cloud/download/Cloud_Computing_Patriot_Act_2012_EN.pdf

Walden, Ian and Luciano, Laise Da Correggio. “Ensuring Competition in the Clouds: The Role of Competition Law?” 7 April 2011. Available at: http://ssrn.com/abstract=1840547

Ward, Burke T, Janice C. Sipior. “The Internet Jurisdiction Risk of Cloud Computing.” Information Systems Management 27 no. 4 (2010)

Wainewright, Phil. “Data Protectionism Threatens the Cloud.” Connected Web Blog, February 12, 2009. Available at: http://www.ebizq.net/blogs/connectedweb/2009/02/data_protectionism_threatens_t.php

Whittaker, Z. “Microsoft admits Patriot Act can access EU-based cloud data.” ZDNet, June 28, 2011. Available at: http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-canb-access-eu-based-cloud-data/11225

Whittaker, Z. “Patriot Act can obtain data in Europe, researchers say.” CNET, December 6, 2012. Available at: http://news.cnet.com/8301-13578_3-57557569-38/patriot-act-can-obtain-data-in-europe-researchers-say/

Whittaker, Z. “USA PATRIOT Act: The myth of a secure European cloud?” ZDnet, 27 April 2011. Available at: http://www.zdnet.com/blog/igeneration/usa-patriot-Act-the-myth-of-a-secure-european-cloud/8807

Winterford, Brett. ‘The Best and Worst of Cloud Contracts.’ ITNews. 8 March 2013. Available at: http://www.itnews.com.au/News/335612,the-best-and-worst-of-cloud-contracts.aspx

Zhang, Gaofeng. ‘A novel noise obfuscation model and its strategies for effective and efficient privacy protection in cloud computing.’ PhD thesis. Swinburne University of Technology, Faculty of Information and Communication Technologies. 2013. Available at: http://hdl.handle.net/1959.3/354148

2. Government materials

Australia/NZ

Attorney-General’s Department (AGD). Protective Security Policy Framework, Directive on the security of Government business Governance arrangements, and Core Personnel, Information and Physical Security Management policies. By the Australian Government Document no. 1.5. Canberra, 2012. Available at: http://www.protectivesecurity.gov.au/pspf/Pages/default.aspx

Australian Government Information Management Office (AGIMO). Cloud Computing Strategic Direction Paper: Opportunity and Applicability for use by the Australian Government. By the Department of Finance and Deregulation Document no. 1.1. Australian Capital Territory, 2013. Available at: http://agimo.gov.au/files/2013/04/final-_cloud_computing_strategy_version_1.1.pdf

Australian Government Information Management Office (AGIMO). Cloud Computing Policy and Cloud Computing Strategic Direction - Agency Cloud Implementation Initiative, Circular. By the Department of Finance and Deregulation, Document no. 2011/003. Canberra, 2011. Available at: http://agimo.gov.au/files/2012/04/2011003_AGIMO_Circular_Agency_Cloud_Implementation_Initiative.pdf

Australian Government Information Management Office (AGIMO). Community Cloud Governance – An Australian Government Perspective (Better Practice Guide). By the Department of Finance and Deregulation. Canberra, 2012. Available at: http://agict.gov.au/blog/2012/08/01/final-release-community-cloud-governance-better-practice-guide (PDF link broken); http://agict.gov.au/files/2012/04/community_cloud_governance_better_practice_guide.doc. (draft available at: http://agict.gov.au/files/2012/05/Community-Cloud-Governance-Better-Practice-Guide-v0.3.4.1-publish.pdf)

Australian Government Information Management Office (AGIMO). Negotiating the cloud – legal issues in cloud computing agreements: Better Practice Guide, Department of Finance and Deregulation. Department of Finance and Deregulation. Document no. 1.1. Canberra, 2013. Available at: http://agimo.gov.au/files/2013/02/negotiating-the-cloud-legal-issues-in-cloud-computing-agreements-v1.1.pdf

Australian Government Information Management Office (AGIMO). Big Data issues Paper. Department of Finance and Deregulation. Canberra, 2013. Available at: http://agict.gov.au/files/2013/03/Big-Data-Strategy-Issues-Paper1.pdf

Australian Prudential Regulation Authority (APRA). Guidelines, “Outsourcing and Offshoring: Specific considerations when using cloud computing services,” Canberra, 15 November 2010. Available at: http://www.apra.gov.au/CrossIndustry/Documents/Letter-on-outsourcing-and-offshoring-ADI-GI-LI-FINAL.pdf

Australian Signals Directorate (ASD). Australian Government Information Security Manual: Principles. By the Department of Defence. Canberra, September 2012. Available at: http://www.asd.gov.au/infosec/ism/

Australian Signals Directorate (ASD). Cloud Computing Security Considerations. By the Department of Defence. Canberra, September 2012. Available at: http://www.asd.gov.au/infosec/cloudsecurity.htm

Commonwealth of Australia Attorney Generals Department (AGD). Discussion Paper: Australian Privacy Breach Notification. By the Australian Government. Canberra, 2012. Available at: http://www.ag.gov.au/Consultations/Documents/AustralianPrivacyBreachNotification/AustralianPrivacyBreachNotificationDiscussionPaper.PDF

Computer Emergency Response Team (CERT) and the Centre for Internet Safety (CIS). Cyber Crime and Security Survey Report. Australian Government. Canberra, 2013. Available at: http://www.canberra.edu.au/cis/storage/Cyber Crime and Security Survey Report 2012.pdf

Department of Broadband, Communications and the Digital Economy (DBCDE). National Cloud Computing Strategy. Australian Government. Canberra, 2013. Available at: http://www.dbcde.gov.au/digital_economy/cloud_computing/

NSW Government ICT Board. “Communiqué after board meeting of 27 February.” NSW Government. 27 February 2013. Available at: http://www.finance.nsw.gov.au/ict/ict-board-meeting-27-february-2013

Office of the Australian Information Commissioner (OAIC). “Guide to Handling Personal Information Security Breaches.” OAIC. Sydney, 2012. Available at: http://www.oaic.gov.au/images/documents/privacy/privacy-resources/privacy-guides/Data_breach_notification_guide_April2012FINAL.pdf

Office of the Australian Information Commissioner, Timothy Pilgrim, Privacy Commissioner. “Submission to AGD, Discussion Paper: Australian Privacy Breach Notification.” Office of the Australian Information Commissioner. Sydney, 2012. Available at: http://www.oaic.gov.au/news-and-events/submissions/privacy-submissions/discussion-paper-australian-privacy-breach-notification

Office of the Federal Privacy Commissioner. “Information Sheet (Private Sector) 1A: National Privacy Principles.” OAIC. Sydney, February 2008. Available at: http://www.privacy.gov.au/materials/types/infosheets/view/6583

Office of the Federal Privacy Commissioner, Timothy Pilgrim, Privacy Commissioner. ‘Privacy and the Cloud’, speech to Cloud Computing Conference and Expo. 2010. Available at: http://www.privacy.gov.au/materials/types/speeches/view/7133

Office of the SA Chief Information Officer. “ISMF Guideline 8 (Cloud Computing)’, Government of South Australia.” Government of South Australia. 2011. Available at: http://www.sa.gov.au/upload/entity/1670/Policies%20and%20standards/ISMFguideline8(cloud%20computing).pdf

Office of the Victorian Privacy Commissioner. “Forecast: Cloudy but fine? Privacy Risks and Potential Benefits in the Cloud.” Government of Victoria. 2012. Available at: http://www.privacy.vic.gov.au/privacy/web2.nsf/files/forecast-cloudy-but-fine-privacy-risks-and-potential-benefits-in-the-cloud/$file/speech_bendall_03_12.pdf

USA

Department of Commerce. “Clarifications Regarding the US EU Safe Harbor Framework and Cloud computing.” (2013). Available at: http://export.gov/static/Safe%20Harbor%20and%20Cloud%20Computing%20Clarification_April%2012%202013_Latest_eg_main_060351.pdf

Department of Justice (DoJ), “Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations” (2009). Available at: http://www.justice.gov/criminal/cybercrime/docs/ssmanual2009.pdf

Federal Trade Commission (FTC) Privacy Online: Fair Information Practices in the Electronic Marketplace. Washington, May 2000. Available at: http://www.ftc.gov/reports/privacy2000/privacy2000.pdf

Ronald Weich, letter to the Honourable Harry Reid, Washington DC, 29 April 2011, Federation of American Scientists, Foreign Intelligence Surveillance Act (FISA) Report. Available at: http://www.fas.org/irp/agency/doj/fisa/2010rept.pdf

Grance, Timothy and Jansen, Wayne. 2011. ‘Guidelines on Security and Privacy in Public Cloud Computing.’ National Institute of Standards and Technology (NIST). Special Publication 800-144. Available at: http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf.

Holder, E and Reding, V. “Joint Statement on the Negotiation of a EU-U.S. Data Privacy and Protection Agreement by Attorney General Eric Holder and European Commission Vice-President Viviane Reding.” Justice.gov, June 2012. Available at: http://europa.eu/rapid/press-release_MEMO-12-474_en.htm

Office of the Inspector General, US Department of Justice, Report to Congress on Implementation of Section 1001 of the USA PATRIOT Act, February 2010. Available at: http://www.justice.gov/oig/special/s1102.pdf

Salgado, Richard (senior counsel, Law Enforcement and Information Security, Google Inc.) Testimony to House Judiciary Subcommittee on the Constitution, Civil Rights and Civil Liberties, Hearing on Electronic Communications Privacy Act Reform, May 5, 2010.

White House. Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy, February 2012. Available at: http://www.whitehouse.gov/sites/default/files/privacy-final.pdf

UK

House of Commons Subcommittee on the Treasury, Submission from Privacy International, “How secure is the personal information of UK citizens in light of the USA PATRIOT Act and the limited privacy protections of the United States?”, 28 February 2008.

Information Commissioner's Office, Guidance on the Use of Cloud Computing, September 2012. Available at: http://www.ico.org.uk/for_organisations/data_protection/topic_guides/online/cloud_computing

Europe

European Commission

EC Article 29 Data Protection Working Party, ‘Opinion 05/2012 on Cloud Computing’ (2012), 01037/12/EN WP 196. Available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp196_en.pdf

EC Working Party 29, “Opinion 10/2006 on the processing of personal data by the Society for Worldwide Interbank Financial Telecommunication (SWIFT)”, 2006. Available at: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2006/wp128_en.pdf

EC Working Party 29, “Opinion 1/2006 on the application of the EU data protection rules to internal whistle blowing schemes in the fields of accounting, internal accounting controls, auditing matters, fight against, banking and financial crime”, 2006. Available at: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2006/wp117_en.pdf

EC Working Party 29, “FAQs in order to address some issues raised by the entry into force of the EU Commission Decision 2010/87/EU of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC“, 12 July 2010, 00070/2010/EN WP 176. Available at: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp176_en.pdf

EC Directorate-General for Internal Policies, Policy Department A: Economic and Scientific Policy, Cloud Computing Study (2012). Available at: http://ec.europa.eu/information_society/activities/cloudcomputing/docs/cc_study_parliament.pdf

EC Directorate-General for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, Fighting cyber crime and protecting privacy in the cloud: Study, 2012. Available at: http://www.europarl.europa.eu/committees/en/studiesdownload.html?languageDocument=EN&file=79050

EC Directorate-General for Justice, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Safeguarding Privacy in a Connected World A European Data Protection Framework for the 21st Century, COM/2012/09 final, 25 January 2012. Available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52012DC0009:en:NOT. (See ‘5. Data protection in a globalised world’ for impact on hosting EU data outside EU.)

EC Directorate-General for Justice, ‘Commission proposes a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses,’ media release, 25 February 2012. Available at: http://europa.eu/rapid/press-release_IP-12-46_en.htm

Robinson, Neil, Lorenzo Valeri, Jonathan Cave, Tony Starkely, Hans Graux, Sadie Creese and Paul P. Hopkins, ‘The Cloud: Understanding the Security, Privacy and Trust Challenges’, Final Report, Prepared for Unit F.5, Directorate-General Information Society and Media, European Commission (2010), TR-933-EC. Available at: http://ssrn.com/abstract=2141970

European Parliament

Alleweldt, Dr Frank and Dr Senda Kara (Directors), Anna Fielder (lead author and coordination), Ian Brown, Verena Weber, Nicholas McSpedden-Brown, Cloud Computing Study, Directorate General For Internal Policies, Policy Department A: Economic And Scientific Policy, European Parliament, IP/A/IMCO/ST/2011-18, May 2012. Available at: http://ec.europa.eu/information_society/activities/cloudcomputing/docs/cc_study_parliament.pdf

European Network and Information Security Agency (ENISA)

Catteddu, D and Giles Hogben (eds): Cloud Computing – Benefits, risks and recommendations for information security, ENISA Report, European Network and Information Security Agency. November 2009. Available at: http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment

Catteddu, D (ed): Security and Resilience in Governmental Clouds – Making an informed decision. ENISA Report, ENISA. January 2011. Available at: http://www.enisa.europa.eu/activities/risk-management/emerging-and-future-risk/deliverables/security-and-resilience-in-governmental-clouds

Dekker, M, Critical Cloud Computing: A CIIP perspective on cloud computing services, ENISA. December 2012. Available at: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/critical-cloud-computing/at_download/fullReport

Hogben, G, and M Dekker (eds), Procure Secure: A guide to monitoring of security service levels in cloud contracts, ENISA. April 2012. Available at: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts

Canada

Information & Privacy Commissioner Report for British Columbia, “Privacy and the USA Patriot Act Implications for British Columbia Public Sector Outsourcing”, 2004. Available at: http://web.docuticker.com/go/docubase/5431

3. Legislation and directives

Australia

Anti-Terrorism Act (No. 2) 2005 (Cth). Available at: http://www.comlaw.gov.au/Details/C2006C00754 or http://www.austlii.edu.au/au/legis/cth/consol_act/aa22005214/

Archives Act 1983 (Cth). Available at: http://www.comlaw.gov.au/Details/C2013C00217 or http://www.austlii.edu.au/au/legis/cth/consol_act/aa198398/

Australian Consumer Law, in Trade Practices Amendment (Australian Consumer Law) Act (No. 1) 2010 (Cth), Schedule 1. Available at: http://www.comlaw.gov.au/Details/C2010A00044

Australian Security Intelligence Organisation Act 1979 (the ASIO Act) (Cth). Available at: http://www.comlaw.gov.au/Series/C2004A02123

Crimes Act 1914 (Cth). Available at: http://www.comlaw.gov.au/Series/C2004A07391

Criminal Code Act 1995 (Cth). Available at: http://www.comlaw.gov.au/Series/C2004A04868

Cybercrime Legislation Amendment Act 2012 (Cth), ‘An Act to implement the Council of Europe Convention on Cybercrime, and for other purposes’, Schedule 2. Available at: http://www.comlaw.gov.au/Details/C2012A00120 or http://www.austlii.edu.au/au/legis/cth/num_act/claa2012304/sch2.html

Defence Act 1903 (Cth). Available at: http://www.comlaw.gov.au/Series/C2004A07381

Freedom of Information Act 1982 (Cth). Available at: http://www.comlaw.gov.au/Series/C2004A02562

Income Tax Assessment Act 1936 (Cth). Available at: http://www.comlaw.gov.au/Series/C2004A07420

Intelligence Services Act 2001 (Cth). Available at: http://www.comlaw.gov.au/Series/C2004A00928

National Security Information (Criminal and Civil Proceedings) Act 2004 (Cth). Available at: http://www.comlaw.gov.au/Series/C2004A01385

Personally Controlled Electronic Health Records Act 2012 (Cth). Available at: http://www.comlaw.gov.au/Details/C2012A00063/Html/Text#_Toc327957207

Privacy Act 1988 (Cth), at: http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/ National Privacy Principles 4 (Data Security) and 9 (Transborder Data Flows) of personal information. Available at: http://www.privacy.gov.au/materials/types/infosheets/view/6583#npp4

Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). Available at: http://www.comlaw.gov.au/Details/C2012A00197 or http://www.austlii.edu.au/au/legis/cth/num_act/pappa2012466/. Bills Digest for the Bill. Available at: http://parlinfo.aph.gov.au/parlInfo/download/legislation/billsdgs/1923143/upload_binary/1923143.pdf

Privacy Amendment (Privacy Alerts) Bill 2013 (Cth) introduced 29 May 2013. Available at: http://www.comlaw.gov.au/Details/C2013B00127

Public Service Act 1999 (Cth). Available at: http://www.comlaw.gov.au/Series/C2004A00538

Social Security Act 1991 (Cth). Available at: ]http://www.comlaw.gov.au/Series/C2004A04121

USA

Cable Communications Policy Act of 1984, Protection of subscriber privacy (47 U.S.C. § 551). Available at: http://www.law.cornell.edu/uscode/text/47/551, or http://www.gpo.gov/fdsys/pkg/USCODE-2011-title47/html/USCODE-2011-title47-chap5-subchapV-A-partIV-sec551.htm

Children's Online Privacy Protection Act of 1998, (15 U.S.C. §§ 6501–6506) (COPPA). Available at: http://www.law.cornell.edu/uscode/text/15/6501

Communications Assistance for Law Enforcement Act of 2006 (CALEA). Available at: http://www.law.cornell.edu/topn/communications_assistance_for_law_enforcement_act. See also Ask CALEA, http://www.askcalea.net/

CISPA Bill: Cyber Intelligence Sharing and Protection Act (CISPA), (H.R. 624), most recent version 18 April 2013. Available at: http://www.gpo.gov/fdsys/pkg/BILLS-113hr624eh/pdf/BILLS-113hr624eh.pdf

Electronic Communications Privacy Act of 1986 (ECPA) (18 U.S.C. 121) Pub. L. 99-508, 100 Stat. 1848, approved October 21, 1986. Available at: http://www.law.cornell.edu/uscode/text/18/part-I/chapter-121

Executive Order 1636, ‘Improving Critical Infrastructure Cybersecurity’, Federal Register 78, no. 33 (February 19, 2013): 11737–11744. See also CRS commentary. Available at: https://www.fas.org/sgp/crs/misc/R42984.pdf

Fair Credit Reporting Act of 1970, Pub. L. 91-508, 84 Stat. 1114, approved October 26, 1970. Available at: http://www.law.cornell.edu/topn/fair_credit_reporting_act

Foreign Intelligence Surveillance Act of 1978 (FISA), Pub.L. 95-511, 92 Stat. 1783, approved October 25, 1978. Available at: http://www.law.cornell.edu/topn/foreign_intelligence_surveillance_act_of_1978

Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008, Pub L 110-261, 7/10/2008, especially s 1881a. Available at: http://www.govtrack.us/congress/bills/110/hr6304/text or http://thomas.loc.gov/cgi-bin/bdquery/z?d110:hr6304:

Fourth Amendment of the US Constitution. Available at: http://www.law.cornell.edu/constitution/fourth_amendment

Gramm-Leach-Bliley Act (15 U.S.C. § 6802). Available at: http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf

Health Insurance Portability and Accountability Act of 1996 (HIPAA). Available at: http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/html/PLAW-104publ191.htm

Intelligence Reform and Terrorism Prevention Act of 2004, Pub. L. 108-458, 118 Stat. 3638, approved December 17, 2004.

Internal Revenue Service Rules (26 U.S.C. § 6713)

National Security Act of 1947, Pub. L. 80-253, 61 Stat. 495, approved July 26, 1947. Available at: http://www.law.cornell.edu/topn/national_security_act_of_1947

National Security Letter Statute (18 U.S.C. § 2709). Available at: http://www.law.cornell.edu/uscode/text/18/2709

PATRIOT Sunsets Extension Act of 2011, Pub. L. No. 112-14, 125 stat. 216, approved May 26, 2011. Available at: http://www.law.cornell.edu/topn/patriot_sunsets_extension_act_of_2011

Protect America Act of 2007 Pub.L. 110–55, 121 Stat. 552, enacted by S. 1927, approved 5 August 2007. Available at: http://www.law.cornell.edu/jureeka/index.php?doc=USPubLaws&cong=110&no=55 [removed warrant requirements from FISA for targets reasonably believed to be outside US, re-authorised by FISA Amdt Act of 2008 and again in 2012]

Right to Financial Privacy Act of 1978, Pub. L. 95-630, 92 Stat. 3697, approved November 10, 1978. Available at: http://www.law.cornell.edu/topn/right_to_financial_privacy_act_of_1978

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT Act) of 2001, Pub. L. No. 107-56 [H.R. 3162], 115 Stat. 272, approved October 26, 2001.. Available at: http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/html/PLAW-107publ56.htm

USA PATRIOT Improvement and Reauthorization Act of 2005, Pub. L. No. 109-177, 120 stat. 192, approved March 9, 2006. Available at: http://www.law.cornell.edu/topn/ usa_patriot_improvement_and_reauthorization_act_of_2005

US Federal Rules of Civil Procedure. Available at: http://www.law.cornell.edu/rules/frcp

Video Privacy Protection Act of 1998 (18 U.S.C. § 2710). Available at: http://www.law.cornell.edu/topn/video_privacy_protection_act_of_1988

Violence Against Women Act of 1994, amended February 2013. Available at: http://www.gpo.gov/fdsys/pkg/BILLS-113s47enr/pdf/BILLS-113s47enr.pdf

Canada

Personal Information Protection and Electronic Documents Act 2000, S.C. 2000, c. 5. Available at: http://laws-lois.justice.gc.ca/PDF/P-8.6.pdf

Europe

Data Protection Directive (95/46/EC), ‘Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data’. Available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:NOT

Data Retention Directive (2006/24/EC) of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, O.J. L 105, April 13, 2006

Directive on privacy and electronic communications (2002/58/EC) (as revised by 2009/136/EC), a.k.a. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector. Available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:NOT.
Amending document 2009/136/EC.
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32009L0136:en:NOT

General Data Protection Regulation, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, January 25, 2012. Available at: http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf

4. Conventions, treaties and international agreements

Agreement on mutual legal assistance between the European Union and the United States of America, O.J. L 19 July 2003. Available at: http://www.foreign.senate.gov/treaties/109-13

Agreement of the 23rd July 2007 between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS), O.J. L August 4, 2007. Available at: http://eur-lex.europa.eu/LexUriServ/site/en/oj/2007/l_204/l_20420070804en00180025.pdf

Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program, Council Decision 2010/412/EU, O.J. L 195, July 27, 2010. Available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX: 32010D0412:EN:NOT

Australia-US Free Trade Agreement [2005] ATS 1, Washington 18 May 2004, entry into force 1 January 2005. Available at: http://www.austlii.edu.au/au/other/dfat/treaties/2005/1.html or http://www.dfat.gov.au/fta/ausfta/final-text/index.html

Convention on Cybercrime, Council of Europe, CETS 185. Available at: http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm

Convention for the Protection of Human Rights and Fundamental Freedoms, November 4, 1950, ETS No. 2; 213 UNTS 222.

Treaty between the Government of Australia and the Government of the United States of America on Mutual Assistance in Criminal Matters, and Exchange of Notes, [1999] ATS 19, entry into force 30 September 1999 (‘Mutual Legal Assistance Treaty’). Available at: http://www.austlii.edu.au/au/other/dfat/treaties/1999/19.html

5. Cases, rulings and decisions

John Doe Inc., et al. v. Mukasey, et al., Docket 07-4943-cv, December 15, 2008. Available at: http://www.aclu.org/pdfs/safefree/doevmukasey_decision.pdf

EU Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the Safe Harbour privacy principles and related frequently asked questions issued by the US, 2000, O.J. L 215/7.

EU Commission Decision of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC, 4 April 2001, 2001/497/EC: OJ L 181/19 (notified under document number C(2001) 1539). Available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32001D0497:en:NOT

EU Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council, 2010, 2010/87/EU, O.J. L39/5. Available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF

Freedman v. Am. Online, Inc., 303 F. Supp. 2d 121 (D. Conn. 2004), at 126. [statutory warrants]

Gonzales v. Google, Inc., 234 F.R.D. 674 (N.D.Cal, 2006). Available at: http://www.google.com/press/images/ruling_20060317.pdf

In re National Security Letter, Docket C 11-02173 SI, US DC Northern District California, Order Granting Petition to Set Aside NSL, 15 March 2013. Available at: https://www.eff.org/node/73523. (See also Zimmerman M, ‘In Depth: The District Court's Remarkable Order Striking Down the NSL Statute’, EFF, 18 March 2013. Available at: https://www.eff.org/deeplinks/2013/03/depth-judge-illstons-remarkable-order-striking-down-nsl-statute)

In re Uranium Antitrust Litigation, 480 F. Supp. 1138, 1144 (N.D. Ill. 1979). Available at: http://www.utexas.edu/law/journals/tlr/sources/Issue%2087.5/Cohan/fn48.In%20re%20Uranium%20Antitrust.pdf

Lawson v. Accusearch Inc., (F.C.), 2007 FC 125, [2007] 4 F.C.R. 314, Canada, February 5 2007, Docket:T-2228-05. Available at: http://reports.fja.gc.ca/eng/2007/2007fc125/2007fc125.html

Lukowski v. County of Seneca, W.D.N.Y., No. 08-CV-6098 (Feb. 24, 2009); see ‘Privacy Interest in ISP-Stored Identifying Data Held to Depend on Terms of Service’, 8 PVLR 397 (Mar. 9, 2009). Available at: http://scholar.google.com.au/scholar_case?case=3815755423038708833

Rehberg v. Paulk, No. 10–788, 611 F. 3d 828, 132 S. Ct. (April 11, 2012. Available at: http://www.law.cornell.edu/supremecourt/text/10-788
[confirming a “complaining official” has absolute immunity from damages for false testimony].

Quon v. Arch Wireless, 529 F.3d 892 (9th Cir. 2008); and City of Ontario v. Quon, No. 08-1332, 130 S.Ct. 2619, 560 U.S. (17 June 2010). Available at: http://www.law.cornell.edu/supremecourt/text/08-1332. See also "Reasonable Expectation of Privacy: City of Ontario v. Quon", Harvard Law Review 124 (1): 179–188. Available at: http://www.harvardlawreview.org/media/pdf/ vol_12401city_ontario_v_quon.pdf [SC declines to set precedent on application of 4th Amdt to email/pager, found no privacy breach on facts]

Swedish Data Inspection Board, 10 June 2013, Supervision of Personal Data Act (1998:204) - Follow-up decision in Case 263-2011. Available at: http://www.datainspektionen.se/press/nyheter/ 2013/fortsatt-nej-for-kommun-att-anvanda-molntjanst/. See also commentary at: http://www.privacysurgeon.org/ blog/incision/swedens-data-protection-authority-bans-google-apps/

Warshak v U.S., 490 F.3d 455 (6th Cir. 2007). Available at: http://www.ca6.uscourts.gov/opinions.pdf/10a0377p-06.pdf

Worldwide Film Entertainment LLC v. Does 1-749, DDC, No. 10-38 (May 17, 2010). Available at: http://www.gpo.gov/fdsys/pkg/USCOURTS-dcd-1_10-cv-00038. See also commentary ‘Web user lacked privacy interest in account data’, 9 PVLR 768 (May 24, 2010).

U.S. v. Ahrndt, No. 08-468, 2010 WL 373994, 2010 U.S. Dist. LEXIS 7821, (D. Or. Jan. 28, 2010). Available at: http://scholar.google.com.au/scholar_case?case=3916365313928937969. See also ‘No Fourth Amendment, ECPA Privacy Claims in Documents Shared on Unsecured Network’, 9 PVLR 257 (Feb. 15, 2010).

U.S. v. Bynum, No. 08-4207, 4th Cir. (May 5, 2010). Available at: http://scholar.google.com.au/scholar_case?case=14236170365545326917. See also ‘Yahoo! User Lacked Privacy Expectation in Account Data Shared with Yahoo!, Others,’ 9 PVLR 707 (May 17, 2010).

U.S. v. Perrine, 518 F.3d 1196 (10th Cir. March 11 2008) No. 06-3336. Available at: http://ca10.washburnlaw.edu/cases/2008/03/06-3336.pdf. See also ‘Tenth Circuit Finds no Expectation of Privacy in Data Given Freely to ISP’, 7 PVLR 418 (Mar. 24, 2008).

U.S. v. Li, No. 07-CR-2915, 2008 U.S. Dist. LEXIS 22283, (S.D. Cal. Mar. 20, 2008); see also ‘No SCA Reasonable Privacy Expectation for ISP Customer IP Address, Log-In Data’, 7 PVLR 501 (Apr. 7, 2008).

6. Industry reports and policy documents

Business Software Alliance. Lockout: How a New Wave of trade Protectionism Is Spreading through the World’s Fastest-Growing It Markets — and What to Do about It, June 2012. Available at: http://www.bsa.org/~/media/Files/Policy/Trade/BSA_MarketAccess_Report_FINAL_WEB_062012.pdf. See also http://blog.bsa.org/2012/06/20/lockout-market-access-report/

Business Software Alliance. BSA Global Cloud Computing Scorecard 2013. Available at: http://cloudscorecard.bsa.org/2013/

Capgemini. “Business Cloud: The State of Play Shifts Rapidly: Fresh Insights into Cloud Adoption Trends,” November 2012. Available at: http://www.capgemini.com/insights-and-resources/by-publication/business-cloud-the-state-of-play-shifts-rapidly/

Citi Research. Cloud Computing – a two part series, Part 1: Overview, Drivers and Service Types, November 2012; Part 2: Market Sizing, Barriers, Value Network and Outlook, December 2012, Citigroup Global Markets.

Continuity Central. ‘Cloud contracts need more transparency to assist availability, recovery and data protection management.’ 2 August 2013. Available at: http://www.continuitycentral.com/news06878.html

Frost & Sullivan. Australian Contact Centre Market 2012. See also http://www.prnewswire.com/news-releases/frost--sullivan-cloud-based-contact-centre-solutions-poised-to-challenge-traditional-on-premise-model---growing-awareness-of-cloud-based-contact-centre-solutions-177556851.html

Heiser, Jay and Bona, Alexa. “Cloud Contracts Need Security Service Levels to Better Manage Risk,” Gartner Research, 15 March 2013. Summary and link available at: http://www.gartner.com/newsroom/id/2567015

GeoTrust. ‘Choosing a Cloud Provider with Confidence’. 2011. Available at: http://www.geotrust.com/resources/whitepapers/choosing-cloud-provider.pdf

Klein, Paula. ‘A CIO’s Guide to Negotiating Cloud Contracts’, Microsoft Services. Available at: https://www.microsoft.com/microsoftservices/en/us/article_CIO_Guide_to_Negotiating_Cloud_Contracts.aspx

Microsoft. ‘Building Confidence in the Cloud: A Proposal for Industry and Government Action for Europe to Reap the Benefits of Cloud Computing’, Submission No 2 to European Commission, Data Protection: Legal Framework, January 2010. Available at: http://ec.europa.eu/justice/news/consulting_public/0003/contributions/organisations/microsoft_corporation_2nd_document_en.pdf

National Foreign Trade Council. Promoting Cross-Border Data Flows: Priorities for the Business Community, 3 November 2011. Available at: http://www.nftc.org/default/Innovation/PromotingCrossBorderDataFlowsNFTC.pdf

Ponemon Institute. 2013 Cost of Data Breach Study: Australia, May 2013. Available at: http://www.symantec.com/content/en/us/about/media/pdfs/b-cost-of-a-data-breach-australia-report-2013.en-us.pdf

Stone, Greg. Microsoft ‘Microsoft feedback on the draft Community Cloud Governance Better Practice Guide’, comment on Dept of Finance feedback page, 6 August 2012. Available at: http://agict.gov.au/blog/2012/05/22/seeking-feedback-draft-community-cloud-governance-better-practice-guide

Verizon. 2013 Data Breach Investigations Report. April 2013. Available at: http://www.verizonenterprise.com/DBIR/2013/



Acknowledgements

This bibliography is part of a Data Sovereignty and the Cloud research project assisted by contributions by infrastructure provider NEXTDC, law firm Baker& McKenzie (Adrian Lawrence and Patrick Fair) and insurer AON (Kevin Kalinich), and the efforts of Cyberspace Law and Policy Community/Centre interns including Michael Altit, Tim Chiang, Boonie Chow, Aley Greenblo, Peter Key-Matuszak, Sasha Kolodkina, Justin Huang, Felix Liu, Tia Singh, and Mark Susanto.

Digital Object Identifier URL: 

Cite this article as: 

David Vaile. 2013. Data sovereignty and the Cloud – a structured bibliography. Australian Journal of Telecommunications and the Digital Economy, Vol 1, No 1, Article 15. http://doi.org/10.18080/ajtde.v1n1.15. Published by Telecommunications Association Inc. ABN 34 732 327 053. https://telsoc.org

Categories