Cloud Computing: A Life Cycle View

1

Government Information Forecast Partly Sunny,
Partly Cloudy -- A NARA Lawyers Perspective

• Cloud Computing A Life Cycle View
• MITRE Conference
• McLean, Virginia
• November 9, 2009
• Jason R. Baron
• Director of Litigation
• Office of General Counsel
• National Archives and Records Administration

2
A New Era of Government President Obamas
Memorandum dated 1/21/09 on Transparency and Open
Government http//www.whitehouse.gov/the_press_of
fice/TransparencyandOpenGovernment/
3
Life in the fishbowl

• FOIA
• Federal Records Act
• Privacy Act
• E-Government Act of 2002
• Clinger-Cohen Act (formerly IT Mgmt Reform Act)
• Government Paperwork Elimination Act
• OMB Circular A-130
• Etc.

4
E-Discovery The New Reality
5
A New Legal Term of Art Under the Federal Rules
of Civil ProcedureElectronically Stored
Information or ESI

• Electronically stored information
• The wide variety of computer systems currently in
  use, and the rapidity of technological change,
  counsel against a limiting or precise definition
  of ESIA common example is email The rule
  is intended to encompass future developments in
  computer technology. --Advisory Committee Notes
  to Rule 34(a), 2006 Amendments

6
Rule 26(f) Initial Meet and Confer

• The early meet and confer presents an opportunity
  to show that government gets it on the subject
  of ESI.
• Lead counsel for the government and agency point
  persons should be able to discuss preservation of
  ESI issues fluently, including with respect to
• Scope of ESI holdings (key players and
  custodians of data)
• Preservation of specific types and forms of
  electronic media involved
• Formatting issues (TIFF v native v.
  whatever)
• Access issues (how searches will be conducted)

7

• .The ever increasing volume of ESI is a problem

In a world of limited tools and resources..
8
Web 2.0 Technologies as Weapons of Mass
Collaboration
9
Text messaging, 2009-style
10
Wikis, TWikis
11
Social Software on the Web(e.g., Facebook,
YouTube, etc.)
12
Blogs
13
Microblogs (e.g., NASA tweets from Mars)NEW YORK
(CNN) 2/13/09 NASA was honored Wednesday for
its efforts to inform the public through the
popular social-networking Web site Twitter.
More than 38,000 people followed NASA's "tweets"
of the Mars Phoenix Lander mission. NASA
received the "Shorty Award" for documenting the
mission of the Mars Phoenix Lander. The Mars
Phoenix Lander spent nearly five months in 2008
on the red planet conducting research.Twitter
allows users to post updates or "tweets" in 140
characters or less. NASA said it delivered more
than 600 updates during the 152 days the Phoenix
was operating in the north polar region of
Mars.By the end of the mission in early
November, more than 38,000 people were following
its tweets, NASA said."We created the account,
known as Mars Phoenix, last May with the goal of
providing the public with near real-time updates
on the mission," said Veronica McGregor, a NASA
spokesperson. "The response was incredible. Very
quickly, it became a way not only to deliver news
of the mission, but to interact with the public
and respond to their questions about space
exploration."
14
Virtual worlds

• The Library of Congress virtual Declaration of
  Independence display as officially announced and
  which has opened as an Info Island in Second
  Life. The exhibit includes dioramas, streamed
  audio, text in the form of larger-than-life
  documents, information kiosks and even period
  furniture.

15
Public Records in the Clouds
16
If you build it, the lawyers will come
17
The Intersection of the Public Record Laws and
E-Discovery

• As a baseline, the Federal Records Act
  requires that appropriate preservation be taken
  for electronically stored information which falls
  within the federal record definition (44 USC
  3301)
• The existence of a valid record retention
  policy is a factor used by courts in considering
  whether to impose sanctions when hearing
  allegations of destruction of evidence
• Failures of adequate recordkeeping (and
  information management) easily translate into
  litigation failure

18
Examples of potential federal records in the
clouds

• Google Docs
• Gmail
• Facebook, Twitter, Youtube postings
• Email and structured databases of all kinds
  hosted on private servers
• PDA text messaging hosted on private servers

19

• Email is still the 800 lb. gorilla of ediscovery
  (whether in the clouds or not)

20
The Supreme Court on Record Retention

• Document retention policies, which are created
  in part to keep certain information from getting
  into the hands of others, including the
  Government, are common in business It is,
  of course, not wrongful for a manager to instruct
  his employees to comply with a valid document
  retention policy under ordinary circumstances.
• --Arthur Andersen LLP v. U.S., 125 S. Ct. 2129
  (May 31, 2005)

21
The Litigation Minefield

• U.S. litigation increasingly demands the
  preservation of and access to all relevant
  documents, including in the form of
  electronically stored information or ESI
• Courts impose sanctions on parties for failing to
  preserve evidence under the spoliation doctrine
• Absent saving everything, often it is only with
  20/20 hindsight that one can determine what
  should have been preserved in response to a
  lawsuit
• Recordkeeping solutions that rely on human
  judgment are prone to being second-guessed by
  litigants and judges.

22
Two Recent Cautionary Tales

• In re Fannie Mae Litigation, 2009 WL 21528 (D.C.
  Cir. Jan. 6, 2009)
• Aguilar v. ICE Division of US Dept of Homeland
  Security, 2008 WL 5062700 (S.D.N.Y. Nov. 21, 2008)

23
E-Recordkeeping in Government Five Paths

1. Print to hardcopy
2. Backup tapes
3. Preserve in online ad hoc folders
4. DoD 5015.2 recordkeeping
5. 100 email archiving

24
Transformation Strategy E-discovery
strategyPaper recordkeeping ? True E-government
25
Fractal Recordkeeping
26
The Tree The Organizations Knowledge
And Every Users Email Account as a Separate
Twig
27
Electronic Archiving

• What is it?
• 100 snapshot of (typically) email, plus in some
  cases other selected ESI applications
• How does it differ from an RMA?
• Goal is of preservation of evidence, not records
  management per se
• NARA Bulletin 2008-05
• Cloud issues not yet addressed in policy guidance

28
Impact of Technology on E-Records Management
Applications On the Ground and in the Cloud

• A universe of proprietary products exists in the
  marketplace document management and RMAs
• DoD 5015.2 compliant products
• However, scalability issues exist
• Utopia is records mgmt without extra keystrokes
• Agencies must prepare to confront significant
  front-end process issues when transitioning to
  electronic recordkeeping
• Records schedule simplification is key
• Cloud computing adds new wrinkles can existing
  products and services adequately capture
  non-transitory federal record content put up in
  cloudspace?

29
Obama Administration commitment to cloud
architecture

• Vivek Kundra, Chief Information Officer in the
  White House Office of Science and Technology,
  announces launch of Apps.gov
• https//apps.gov/cloud/advantage/main/start_page.d
  o
• With links to Business apps, Productivity apps,
  Social media apps, Cloud computing services

30
Leading case precedent

• Flagg v. City of Detroit, 252 F.R.D. 346 (E.D.
  Mich. 2008) (where City of Detroit, as defendant,
  entered into contract for text messaging services
  with non-party service provider, held, City
  exercised sufficient control over ESI in form of
  text messages so as to require production to
  plaintiff under FRCP 34 standards additionally,
  court ordered plaintiff to make its request under
  FRCP 34, in lieu of Court adjudicating dispute
  over the propriety of plaintiffs pending 3rd
  party subpoena for same material).

31
Applicable Federal Rules of Civil Procedure

• FRCP 34(a)(1) requires a party to produce
  documents and ESI within its possession, custody
  or control
• FRCP 26(a)(1)(A)(ii) requires initial disclosure
  to opposing party of location of information in
  partys possession, custody or control to be used
  in support of claims or defenses
• FRCP 37 governs ESI lost as a result of the
  routine good faith operation of an electronic
  information system
• FRCP 45 covers 3rd party subpoenas

32
Legal issues swirling in the clouds

• Implications for legal holds on stored data
• Preservation of metadata (e.g., access and
  modification logs)
• Who bears the risk (and cost) of spoliation?
• Who bears the risk if provider retains data that
  is subject to authorized destruction under
  pre-existing records retention schedules?
• What are search and retrieval capabilities?

33
Legal issues, cont

• How does ESI get produced in litigation?
• How is privileged information protected?
• Will data be encrypted?
• How will actions of cloud provider be monitored
  for compliance?
• How are cross-border issues dealt with, privacy
  laws in EU, elsewhere?

34
Service provider agreements

• Need to address preservation/retention, access
  and control issues generally
• Subcontracting allowed?
• Define responsibilities when ediscovery hits
• Cloud service providers own retention and backup
  policies clarified
• Law enforcement access to dataset
• Segregation of data from other customers

35
Service provider agreements, cont

• Notification if subpoenas directed to provider
• Shipment of ESI to 3rd parties for processing
• Capability of provider to meet regulatory/complian
  ce requirements
• How is a right to audit clause satisfied?
• Cost allocations
• Security issues
• Cloud provider going out of business, will data
  be returned? What format?

36
Interdisciplinary Approaches-- Three Languages
Legal, RM, and IT
37
What does the road ahead for federal
agencies look like?

38

• The leading rule for the lawyer, as for the man,
  of every calling, is diligence.
• -- Abraham Lincoln

39
(No Transcript)
40

• Jason R. Baron
• Director of Litigation
• Office of General Counsel
• National Archives and Records Administration
• (301) 837-1499
• Email jason.baron_at_nara.gov
• Disclaimer the views expressed in this
  powerpoint presentation are the authors alone,
  and do not necessarily represent the official
  view of any component or institution with which
  he is affiliated.

41
Relevant NARA Publications

• September 2004 Expanding Acceptable Transfer
  Requirements for Permanent Electronic Records
  Web Content
• http//www.archives.gov/records-mgmt/initiatives/w
  eb-content-records.html
• January 2005 NARA Guidance on Managing Web
  Records
• http//www.archives.gov/records-mgmt/policy/managi
  ng-web-records-index.html
• September 2006 - Implications of Recent Web
  Technologies for NARA Web Guidance
• http//www.archives.gov/records-mgmt/initiatives/w
  eb-tech.html
• June 2009 Guidance Concerning Managing Records
  in a Multi-Agency Environment
• http//www.archives.gov/records-mgmt/bulletins/200
  9/2009-02.html

42
Further Reading

• ARMA E-discovery in the Cloud Fog (June 2009)
  (available on the Web)
• Mark Austrian et al., Cloud Computing Meets
  e-Discovery,Cyberspace Lawyer, Vol. 14, Issue 6
  (July 2009)
• NARA Bulletin 2008-05 Concerning use of Email
  Archiving to Store Email, www.archives.gov/records
  -mgmt/bulletins/2008
• George L. Paul and J.R. Baron, Information
  Inflation Can the Legal System Adapt, 13
  Richmond Journal of Law and Technology 10 (2007),
  http//law. richmond.edu/ jolt/v13i3/
  article10.pdf

43
Further Reading (cont)

• The Sedona Conference, Achieving Quality in
  E-Discovery (2009 forthcoming)
• The Sedona Conference, Best Practices Commentary
  on the Use of Search and Information Retrieval in
  E-Discovery (2007)
• The Sedona Conference, The Sedona Principles
  Second Edition (2007)