You are in: Home > Internet Law
24/7 Software: Software as a Service and privacy concerns
One of my favorite things is getting a new gadget. I bought the Apple iPad and the Apple Iphone 4.0 on the day they came out. Both were inevitable purchases, as I saw how each could make a significant impact in how I stay connected and market my practice. In fact, I was not even contemplating buying the iPad until more and more software that I enjoyed using became cloud based. Cloud computing, otherwise known as Software as a Service (SaaS) has exploded in recent years. To me, SaaS solves one of my biggest problems...bringing everything but the kitchen sink. I am very prepared, and as such like to have information available quickly and efficiently. Enter SaaS.
SaaS programs, such as mobileME, dropbox, clio, and logmein have proved to be the cornerstones of my practice. They are always available via the internet. They are resource efficient. They cost much less than programs I would have to install on my computer. They are constantly updated. It just made sense to me to switch. I no longer have to worry about "losing everything" if one of my hard drives fails. If I'm at a client's office and they want me to send them a document that we can review, I can log on with my iphone or ipad and send the document to them. I am not alone with these sentiments, as SaaS is growing rapidly. Major players in the SaaS community include google, amazon, yahoo, and microsoft. Microsoft recently released its Microsoft Sharepoint Cloud based services for Microsoft Office users. You can store all of your documents online, and that way if you want to work on a project at home you can access it right from the internet.
The SaaS model offers many advantages, including a faster return on investment, rapid deployment, and increased dependency on the part of the consumer to utilize the SaaS. SaaS, however, is not without its faults....and those can be significant.
Three main concerns with SaaS
With the above in mind, there are still issues that have arisen concerning SaaS based services and Cloud Computing, including:
1) Privacy
2) Data Security
3) Who has access to the data
All three are imperative to address early on for both the consumer and the SaaS company. I have seen agreements that, because they were so poorly written, develop into major lawsuits. This is because most don't consider the fact that the SaaS agreement involves several parties. Parties to the agreement include: the software developer, the data hosting company, third party platforms that implement the application or provide services for the SaaS product. By having several different agreements, there is no cohesion to the framework of the services that are being offered. To make matters worse, this creates even more uncertainty for the end user. Which leads to the drawback of SaaS from developers perspective. Unlike the typical software license, the SaaS user purchases the subscription to the service. Normally, there are no lengthy contracts and the user can cancel at any time. As you can see it is not the software that is the focal point, rather it is the "service" being provided. Theoretically, a customer could cancel the service at the end of any given month if they do not like the service. Thus, with each additional customer would come an expectation that the fixed costs of the company would be reduced. Just like any other business, a company without customers is doomed to fail. A company will fail if it does not provide its customers with what they want, when they want it, and with impeccable customer service.
As I said before, the three main concerns for consumers when it comes to SaaS is privacy, data security, and accessibility. New case law is emerging every day that will shape how the SaaS company operates. For instance, in the case of In re Reed Elsevier (FTC 2008). The FTC complaint alleged that REI and Seisient's lax security program allowed identity thieves to access the personal information of hundreds of thousands of individuals contained in the companies' databases. Specifically the FTC alleged that REI (which acquired Seisient) and Seiseint: (1) failed to make user IDs and passwords required to access the databases hard to guess; 2) failed to require periodic changes of user IDs and passwords; 3) failed to suspend users IDs after a certain number of unsuccessful log-in attempts; 4) allowed customers to store their user IDs and passwords in a vulnerable format in cookies on their computers; 5) failed to require customers to encrypt or protect their user IDs and passwords, search queries, or search results in transit between customer computers and Seisint's web sites; 6) allowed customers to create new user IDs and/or passwords without confirming that the new credentials were created by customers, rather than identity thieves; 7) permitted users to share user names and/or passwords; 8 ) did not adequately assess the vulnerability of Seisint's web applications and computer network to commonly known attacks; and 9) did not implement simple, low-cost, and readily available defenses to such attacks.
The Reed case is just one of many cases that address privacy, and there will be more. Thus, it is imperative that the SaaS company provide security measures that instill a sense of confidence in the end user.
Head in the Clouds
When it comes to cloud computing, I believe that a dose of healthy skepticism can benefit both the SaaS developer and the end user. The SaaS company needs to realize that it is offering a service, while the end user needs to realize that a good service needs customer support and input. Thus, I advise an open line of communication between the SaaS developer and the customer as it will foster a personal relationship. This personal relationship is the result of the highly dependant relationship between the parties. For instance, Clio encourages users to not only provide feedback on existing features that the SaaS offers but features that the user would like to see implemented. Once implemented, they cost nothing to use and do not require any installation.
While this may not be true for all SaaS providers, it is one of the key reasons why I have made the shift to SaaS for most of my software requirements.
Online Attorney
This article is copyright