Understanding Privacy in Cloud Computing: An Interview with Syncplicity
Back in May I did a write up on online storage companies that take information sitting on desktops and laptops and sync that information across all the devices you own. Although it wasn’t a straight review, it highlighted important points about what experiences are valued by the end-users. A discussion about intellectual property and copyright ownership was brought up in comments sections specifically with regards to one company, Syncplicity. Here is an excerpt from their privacy statement.
“While you retain all rights in any Sync Files, by using Site or Services, you hereby grant to Syncplicity a non-exclusive, worldwide, royalty-free, sublicensable, perpetual and irrevocable right and license to use and exploit such Sync Files as necessary to provide you with the Services. In addition, you hereby grant all other Syncplicity Users who you invite to access the Sync Files you indicate a non-exclusive, worldwide, royalty-free, sublicensable, perpetual and irrevocable right and license to use and exploit such Sync Files."
Sounds scary if you share a lot of personal intellectual property. Agreeing with the original comment, I felt that some of the language and diction used in the privacy statement was quite aggressive. Especially when dealing with artistic media, photos, and literary works, words like “sub-licensable,” “irrevocable,” and “exploit,” are just some of the words that leave a sour taste in people’s mouths. This is why I was delighted when Leonard Chung, CEO of Syncplicity, contacted me to set the record straight around what his company is doing ensure a high degree of privacy and protection of intellectual property rights.
Now, our discussion was over the phone and spanned the better part of an hour discussing various other things from enterprise adoption of cloud services, Google Docs integration, and the rigours of start-up life. Below is a Q&A of our discussions around legal issues with storing information on the cloud.
Viral: Hi Leonard, thanks for taking the time to speak with me today.
Leonard: No thank you! I’m really glad we can talk because I think there is a lot that I can clarify about our TOS [terms of service] and privacy policy. Also, thank you for the kind words on your original blog post -- it really means a lot to the team!
Viral: I meant every word of that praise. Now let’s see if we can dig deeper into this whole legal stuff.
Leonard: Great. Essentially, our terms of service and privacy policies have been crafted in the same way most companies deal with it. A lot of the language people see in these policies are a direct result of cases such as the Napster case and the more recent MGM vs. Grokster case. Since these cases, many web companies that interact with intellectual property and copyrighted material put clauses such as ours in the EULAs, TOS, and privacy statements. In fact, as you’re already familiar with SkyDrive, if you look at Microsoft’s policies on SkyDrive, they are very similar.
"Imagine you gave your e-mail address to a company and also uploaded your tax return. By the terms commonly used by others, there are likely to be disclosure and legal requirements around the company revealing your e-mail address and likely none if they disclosed your tax return. This makes no sense to me."
Viral: I’m actually looking at the SkyDrive legal policy now. Section 9 is pretty thorough and understandable. It basically says that Microsoft does not claim ownership of the content, but any content that is publicly shared may be used to promote and operate the service. It doesn’t use words like “irrevocable” or “exploit."
Leonard: I’m glad you brought that up. While SkyDrive doesn’t use those specific words, it uses words that legally mean similar things such as “perpetual”. I asked our legal department why we were using some of the words you brought up. It turns out these words are common, well understood legal shorthand terms. So where Syncplicity’s terms use “sub-licensable”, SkyDrive expands this term to “grant these rights to others.”
Viral: For instance, why do you use the word “irrevocable”? Perpetual essentially means the same thing but irrevocable takes it one step further. It has such a negative connotation. At Microsoft, I’ve only seen the word “irrevocable” used on intellectual property that we give to the community. For example, all the technologies outlined in our Open Specifications Promise are irrevocably given to the community as outlined in those terms and conditions. But in your case, it’s like you’re taking other peoples’ stuff and giving away rights. Isn’t “perpetual” good enough?
Leonard: I’m not a lawyer so I’m unsure if there’s a reason “irrevocable” was used instead of “perpetual”.I’ll take this back to legal and get back to you.
Viral: What about “exploit” ? It’s kinda negative too and nefarious sounding in a way.
Leonard: I already took that bit of feedback back to legal. Basically lawyers don’t speak the same English as you and I. While “exploit” is a well-defined shorthand word used in the art between lawyers, I understand the common connotation is different from legal interpretation. We’ve since changed that section to remove the word “exploit” to better clarify our intent.
"We believe that it is important to protect the privacy of our customers as well as their stored data and it’s wrong to support the distinction others have been making. Your data is your data, in whatever form it takes."
Viral: Wow, this is easier than I thought.
Leonard: This is one of the reasons I wanted to speak with you because I think there have been a few people singling us out for this kind of stuff and spreading a lot of FUD. “Syncplicity Terms of Servitude” was particularly harsh and caught us off guard. The reality is we have the most lenient TOS and strongest privacy policies in the space.
Viral: Really? Those are pretty strong words.
Leonard: When the company was created we wanted to ensure that our privacy standards went above and beyond what is currently required by law. Syncplicity makes stronger commitments and voluntarily takes on more legal liability around data protection than any other company in this space. You can see this if you compare us with some of the others from your blog post.
Viral: What specifically do you do above and beyond?
Leonard: As you know, all states have different data protection and data breach notification laws. These laws cover things like personal information, bank records, and credit data. What you see from most companies is a carefully crafted and tightly worded privacy policy that limits liability to only your personal information. This means that while they make the required legal commitments to information such as your e-mail address and name, they specifically distinguish this from your file data. This is done to sidestep the regulatory laws around data protection and limit the claims end-users can make to the breach of stored data. This why personal information protection and data protection are usually in separately worded clauses.
Viral: So what you’re saying is that whether it is personal information or your backup data, Syncplicity takes on the additional legal exposure to protect both equally.
Leonard: Correct. Imagine you gave your e-mail address to a company and also uploaded your tax return. By the terms commonly used by others, there are likely to be disclosure and legal requirements around the company revealing your e-mail address and likely none if they disclosed your tax return. This makes no sense to me.
We believe that it is important to protect the privacy of our customers as well as their stored data and it’s wrong to support the distinction others have been making. Your data is your data, in whatever form it takes. It is a disservice to users to claim otherwise. Syncplicity doesn’t make this distinction. We define Personal Information as a large umbrella which includes file data as well. I think we have the best privacy policy in the industry and I hope others follow our lead.
Viral: Well you’ve changed my mind and taught me something about data protection laws. Let’s talk about your service, it’s in open beta now right?
Leonard: Yes, anyone who signs up will get an account immediately.
Viral: How is pricing going to work?
Leonard: I don’t have anything to announce today, but I will say we’ve got a lot of big announcements next week. Stay tuned!
Viral: What about Syncplicity for businesses? I imagine that once you “clean up” your privacy policy, companies will love your solution, especially the Google Docs integration.
Leonard: Some businesses are using Syncplicity today and we’ve been pleased thus far with our adoption in that space. Google Docs syncing was a particularly challenging bit of engineering but it's receiving a very warm reception.
Viral: Thanks Leonard!
Leonard: My pleasure. Thanks for your time Viral – I’m happy you picked up on this. People are entrusting their data to providers in the Cloud. Doing the right thing and earning the users’ trust is something critically important to the industry. We’ve thought a lot about it and I’m proud that Syncplicity has taken a leadership position in this area.
Coming out of the discussion I definitely felt more positive about the company than going in. Not that had any reason to expect anything less than an open and frank conversation but what was most amazing was how receptive Leonard was to the feedback and suggestions. It’s also cool to see the overall agility that start-ups like Syncplicity have in correcting problems before they become, well…problems.
As to the other players in the field, I hope the others likes of Mozy and Carbonite pick up on these issues as their privacy policy does not reflect the stated of goal of ensuring privacy of identity and data.
-VT
**UPDATE**
Syncplicity announced pricing
Comments
- Anonymous
January 01, 2003
Leonard Chung, CEO of Syncplicity.com, discusses issues around web privacy and data protection laws his