Firms planning to rely on ‘cloud’ technology for their IT should be aware of the risk of lawful interception by intelligence agencies, the Law Society warns today.
A practice note on cloud computing – in which data is stored and processed via the internet rather than on systems under a firm’s direct control – says the technology can improve resilience, allow more flexibility and cut costs.
However, the guidance warns that cloud systems also pose risks. In particular, it says: ‘There may be circumstances in which police or intelligence agencies at home or abroad can lawfully obtain access to your data via your cloud service provider.’ It advises picking a supplier that will offer ‘appropriate contractual commitments and operational practices’.
Sam de Silva, a partner at commercial firm Penningtons Manches and chair of the Law Society’s technology and law reference group, said that cloud technology increased the risk of interception.
‘If you kept everything in-house then probably the government could access it, but you would have more control and you would notice. There is no empirical evidence but my gut feeling is that cloud systems are more open to interception.’
The practice note also cautions that cloud services constitute outsourcing under the code of conduct, and users must ensure that service providers are required to allow the Solicitors Regulation Authority to inspect records and enter premises. ‘Most service providers don’t have SRA rights of access,’ de Silva said.
Other warnings cover standard ‘click-wrap’ contracts, which may not be applicable to law firms’ special needs, as well as liability for service failure and termination agreements.