Law of the cloud: on the supremacy of the user interface over copyright law

Primavera De Filippi, Research and Studies Center of Administrative Science (CERSA/CNRS), Université Paris II (Panthéon-Assas), France
PUBLISHED ON: 18 Jul 2013 DOI: 10.14763/2013.3.175


Cloud computing technologies are commonly used for delivering content or information to users who no longer need to store this data onto their own devices. This is likely to have an important impact on the effectivity of copyright law in the context of online applications, insofar as the underlying infrastructure of the cloud is such that is allows cloud operators to control the manner in which and the extent to which users can exploit such content - regardless of whether it is protected by copyright law or it has already fallen in the public domain. This article analyses the extent to which the provisions of copyright law can potentially be bypassed by cloud computing applications whose interface is designed to regulate the access, use and reuse of online content, and how these online applications can be used to establish private regimes of regulation that often go beyond the scope of the traditional copyright regime.

Citation & publishing information
Received: June 29, 2013 Reviewed: July 11, 2013 Published: July 18, 2013
Licence: Creative Commons Attribution 3.0 Germany
Competing interests: The author has declared that no competing interests exist that have influenced the text.
Keywords: Copyright, User interface, Terms of service, License, Public domain, Enclosure, Private regulation, Cloud computing
Citation: De Filippi, P. (2013). Law of the cloud: on the supremacy of the user interface over copyright law. Internet Policy Review, 2(3). DOI: 10.14763/2013.3.175

Cloud computing technologies are commonly used for delivering content or information to users, who do no longer need to store this information onto their own devices. This is likely to have an important impact on the effectivity of copyright law in the context of online applications, insofar as the underlying infrastructure of the cloud is such as to allow cloud operators to control the manner in which and the extent to which users can exploit such content - regardless of whether it is protected by copyright law or it has already fallen in the public domain.

This article analyses the extent to which the provisions of copyright law can potentially be bypassed by cloud computing applications whose interface is designed to regulate the access, use and reuse of online content, and how these online applications can be used to establish private regimes of regulation that often go beyond the scope of the traditional copyright regime.

Code is law

As originally stated by Lawrence Lessig, Professor of law at Harvard University, “code is the law of cyberspace.” Indeed, the architecture of the internet - its code and network protocols - is what determines what can or cannot be done on the network (Lessig, 2006). Thus, as the underlying code of the network ultimately dictates the rules to which users are compelled to obey (whether or not these rules are actually endorsed by the law), it becomes a de facto law.

In the case of cloud computing applications, it is the overall design of the user interface1 which implements the features and functionalities that users can benefit from. All data and content stored into the cloud can only be accessed through the interface provided by the cloud provider, which specifically determines the manner in which users are actually entitled to interact with them, regardless of their legal status. Hence, it could be said that, in the context of cloud computing, “the user interface is law.”2(De Filippi and Vieira, 2013)

This leads to perhaps one of the most important facets of cloud computing as it relates to copyright law: given that every single user activity or communication necessarily has to pass through centralised cloud applications (such as Facebook, Twitter, or the Google Apps suite), users cannot access, use or reuse content in a way that was not specifically provided for by the user interface. As such, cloud computing might ultimately render many provisions of the copyright regime (such as the fair use doctrine or the private use exception) practically ineffective or - at last - much more difficult to enforce. In the words of Lessig, “code can, and increasingly will, displace law.” (Lessig, 1999)

It is, however, worth mentioning that - especially in the case of cloud computing - the deterministic view of “code as law” needs to be slightly revisited to account for the fact that we are actually in the middle of a tug-of-war, with code currently having the “first mover advantage.”3 While code - as in technology - often acts as a substitute for law or other forms of regulations, on the other hand, legal code - as in law - will always and necessarily affect the way in which technology can operate and evolve (Wu, 2003). Hence, even though it evolves at a slower pace than technology, the law will eventually regulate new technological developments, so as to bring them back in line with the current legislative framework.4 Oftentimes, however, as the law manages to catch up with recently deployed technologies, those have already been displaced by new, unregulated technologies (Lessig, 2003).

This means that it becomes increasingly important for anyone seeking to regulate the dissemination of information on the internet to account not only for the legal norms introduced by the legislators (i.e., the provisions of the copyright regime) and the contractual norms established by private actors (i.e., the contractual clauses of various copyright licensing schemes), but also - and mainly - on the technological framework in which these norms operate, which might either complement or supplement the former two systems of norms.

Bypassing copyright law with cloud computing

One problem with cloud computing is that, through technology, cloud operators can dictate the manner in which users can access, use and reuse content or information via specific online services or applications. That is, the user interface ultimately dictates what can or cannot be done by end-users, regardless of what they are theoretically entitled to under the the law (De Filippi and Vieira, 2013).

In the context of cloud computing, the provisions of copyright law are becoming more and more difficult to enforce. Indeed, given that most of the content that is made available on cloud computing applications is actually stored in large data centres owned or controlled by large cloud operators, copyright owners are left with only a limited degree of control over their own works. As opposed to actual rights holders, who can only regulate the exploitation of their works by legal means, cloud operators - as the actual content holders - have the ability to precisely stipulate, by contractual and/or technical means, the extent to which users can access and the manner in which they can interact with content or data stored into cloud datacentres (De Filippi and McCarthy, 2012).

This is particularly relevant in the context of web 2.0 applications and social media, where users actually upload their own content (such as blog posts, tweets, photos, music or videos) onto the cloud platforms (Scale, 2009). The question is therefore to determine who actually owns the copyright in these works, and - most importantly - who is legitimately in charge of handling that copyright.

While there is - thus far - no evidence of any cloud operator requiring users to transfer the copyright in any of the content produced or uploaded onto their platform, it is common practice for cloud operators to require users to grant a universal, perpetual and unconditional license for exploiting all content they exported into the cloud (these are the terms and conditions of a majority of cloud computing platforms, such as, for instance, Google5, Twitter6 and Facebook7). Yet, even if they cannot claim a copyright over these works, cloud operators potentially have more control over the exploitation of copyright works over their own cloud platform than their actual rights holders, since they can unilaterally determine the terms and conditions regulating the access to and usage of all content stored onto their servers, regardless of whether or not it is actually eligible for protection under copyright law (De Filippi and Vieira, 2013).

This can be problematic because, for the majority of cloud computing applications, the user interface has not been designed to account for copyright exemptions or fair use. In fact, given the difficulty to objectively assess whether a particular action qualifies as a legitimate activity under the copyright regime (i.e. whether or not it falls within the scope of fair use), the user interface will generally preclude users from doing anything that might potentially be regarded as an infringing activity (such as downloading content onto one's own device, or making derivative works). As such, the user interface might disrupt the traditional balance of copyright law, which is intended to provide a compromise between the interests of authors to prevent others from free-riding their creative endeavours, and the interests of the public to enjoy a maximum number of works for the benefit of society as a whole (Litman, 1986).

Besides, the restrictions imposed by the user interface can also extend further and actually preclude activities which are not, as such, covered by copyright law.8 This is particularly problematic in the case of public domain works, which are theoretically free for everyone to use and reuse, but whose exploitation is effectively limited by the user interface of certain cloud applications (De Filippi and Vieira, 2013). Indeed, unless a distinction is specifically made by the cloud operators, all information stored into the cloud is regarded as mere content, which users can interact with only in the way specified by the user interface, whether it is content protected by copyright law or public domain content.

Both of these issues are not new, as both relate to the concerns raised with the deployment of technological protection measures (TPM) and digital rights management (DRM) systems, which have been criticised by many (Ginsburg, 2002; Samuelson, 2003; Erickson, 2003; Felten, 2003; Koelman, 2004) for introducing a new exclusive right over the mere access to digital content, in ways that often go way beyond the restrictions provided by default under copyright law. Yet, as opposed to these technological measures of protection, whose restrictions can nonetheless be circumvented by experienced users, in the case of cloud computing, users do not even have the ability to bypass the limitations imposed by the user interface, since they do not even have access to the files stored on the servers.

Bypassing copyright licences with cloud computing

Beyond the ability to bypass copyright law, this form of regulation by code is also problematic to the extent that it does not account for the legal status of works which are still protected by copyright but which have been released under specific licences meant to encourage the reproduction, dissemination and reuse of works (such as, for instance, the set of Creative Commons licences). While some of these licences actually allow users to exploit works for commercial or non-commercial purposes, as well as to remix them for the production of new derivative works, users are, however, often precluded to do so insofar as the user interface of the online application does not provide the means for third party users to effectively access, reproduce or modify these works. In all such cases, therefore, the cloud platform de facto stands in the way of the licensing provisions.

This is even more critical in the context of user-generated-content, i.e., content which has not been produced by a commercial company or content editor for the purpose of selling the rights to such content to an online media publisher, but rather content which has been produced by users for the mere sake of communicating ideas or information without any underlying commercial motive (Wofford, 2012). Most user-generated-content is either directly created onto a cloud platform (as in the case of Facebook or Wikipedia) or is created by users onto their own devices and subsequently published on online platforms, such as Flickr, Picasa, Soundcloud, YouTube or Vimeo. While a few of these platforms provide full legal and technical access to online works (e.g., Wikipedia), others only provide access to content by means of a restricted user interface (e.g., Facebook, Picasa, Youtube), often precluding users from fully exploiting online works to the extent that they are not given the means to interact with these works in ways that have not been specifically provided for by the user interface (Lametti, 2012; De Filippi and Vieira 2013).

Another critical concern that further reduces users’ ability to access, use or reuse information (in ways that are legitimate under the copyright regime) relates to the issue of accessing the source file of a work (i.e., the text-based version of a pdf, the multi-layered version of an illustration, or the raw footage of a movie, etc). Although this problem is not specific to the cloud, it has, however, been dramatically amplified with the advent of cloud computing technologies9, to the extent that users do not have the opportunity to exploit digital works unless they can download their source files locally onto their own devices so as to later use them in the way that they best see fit. While this is in line with the standard level of protection granted by default under copyright law (which precludes the unauthorised reproduction and redistribution of works), this might however go counter the objectives of certain rights holders who actually have an interest in having their works disseminated onto the network (Lessig, 2004; Fitzgerald & Oi, 2004). These rights holders are thus likely to release their works in open, machine readable formats, as well as to license them under specific licences designed to promote the widest dissemination and the broadest reuse of content (such as for instance most of the Creative Commons licences). Yet, there is no guarantee that the cloud operators will actually respect the terms of the licence, nor that they will practically provide the means for users to download these works in their original format. One could go even further by claiming that the mere fact of uploading content released under a copyleft licence onto a cloud-based service (and thereby granting the cloud operator rights over that content according to the Terms of Service) might actually constitute a violation of the licence to the extent that the terms and conditions include no obligation for the cloud operator to “share alike” the content.

In the software realm, given that access to the source code is regarded as an essential condition for users to be able to both understand and edit the code, this problem has been addressed by most of the Free/Libre/Open Source Software (FLOSS) licences, which require that the source code of the software application be always provided to the public.10 Yet, also in this context, similar concerns emerged as certain companies started to modify the source code of software licensed under a copyleft licence (i.e., a licence requiring that any derivative software be made available under the exact same licence as the original software) without however making these changes available to the public, on the grounds that the licence only applies when software is being redistributed - as opposed to it merely being used on an online server. This concern has led to the development of a new licence - the Affero GPL - which is derived from the GNU General Public Licence (GPL) but which features an additional provision that obliges anyone using a particular software application, or a derivative version thereof, to always provide a link to the source code.

Similarly, in the context of content or information, access to the source file is often necessary (or at least instrumental) to the creation of derivative works. It is, therefore, surprising that - while the problem has been properly identified and resolved in the realm of computer software - thus far, none of the free/open licences for content do actually include a provision concerning the making available of the source file - either directly (via hosting) or indirectly (by providing a link to the source). As a result, today, unless they provide the means for users to download the source files of content stored in their data centres, cloud providers can effectively preclude the exercise of some of the freedoms granted to users under the copyright  licence.

Yet, it has to be acknowledged, that a licence imposing that any cloud-based service displaying a work released under an open or free licence should always and necessarily provide access to the source file to that work would ultimately create an unjustified hurdle to many online operators, and might even discourage users from uploading their content to the cloud - as it seems unlikely that cloud operators will change their Terms of Service (which already collide with the provisions of many open/free licences) so as to comply with even stricter licensing provisions.

Thus, it could be envisioned, instead, that every cloud operator be forced to design the user interface so as to give users the ability to provide a link to the source files of certain files which have been released under that particular licence.


1. We refer here to the “user interface” as the instrument allowing for human-machine interaction to occur. The user interface provides users with a platform to operate, control or interact with the machine, and for the machine to provide dynamic feedback to the user. In the case of cloud computing, the user interface essentially refers to the web application that users must connect to in order to benefit from the services provided by the cloud operator. For the purposes of this article, the API provided by a few cloud-based services is not considered to be part of the user interface, since it constitutes a platform for machine-to-machine interaction.

2. This is, of course, a simplified view of a very complex interaction between the law, the user interface, and the underlying technical code. Although the issue is beyond the scope of this paper, it could be useful to investigate further the extent to which the user interface can actually contribute to regulating and determining user’s behaviour, taking into account theories of media appropriation from media science (Bevort & Breda, 2008; Reia-Baptista, 2009) and the concept of secondary agency and technicity from media studies (Kitchin & Dodge, 2011).

3. In marketing, the first-mover advantage refers to the competitive advantage gained by the initial entrant into a new market segment, by virtue of the fact that there are no other players to compete with.

4. There are, indeed, several examples where it is the law that actually shapes the code. One example that could be relevant to cloud computing is the ECJ ruling in Usedsoft GmbH v. Oracle International Corp (C-128/11), where the court ruled that “an author of software cannot oppose the resale of his ‘used’ licenses allowing the use of his programmes downloaded from the internet.” Thus, even though software corporations had deployed their code to impose the non-transferability of licenses, the court commanded that the code be re-shaped to comply with the doctrine of exhaustion (first sale doctrine). Another example is the Australian case of Optus TV Now (Singtel Optus Pty Ltd v National Rugby League Investments Pty Ltd (No 2) [2012] FCA 34), where the Federal Court held that Optus' service did not fall within the time-shifting exception in section 111 of Copyright Act 1968 (Cth), because the section protected only an individual's recording for private or domestic use.

5. According Google’s Terms of Service: “By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services”

6. Twitter’s Terms of Service stipulate that “By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such Content in any and all media or distribution methods (now known or later developed).”

7. Facebook’s Terms of Service stipulate that “For content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License).”

8. Indeed, the copyright regime of many countries provides for a number of exemptions (or fair uses) allowing users to reproduce, distribute, or display portion of copyright works without the authorization of the copyright holders under specific circumstances (such as private use, news reporting, teaching, parody, or for the purposes of criticism or review). Yet, most cloud platforms (such as, most notably, YouTube, Facebook, or Twitter) do not take this into account and simply will take-down any content for which they receive a copyright complaint by the rights holders without considering whether it would fall within the regime of fair use.

9. This statement does not purport to claim that cloud computing services should always and necessarily provide access to the source code of the work they display, but only to highlight the fact that cloud computing often preclude access to any source file of these works.

10. See e.g. the preamble of the GPL licence, which stipulates that: “Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things


Bevort, E., & Breda, I. (2008). Adolescents and the Internet: Media appropriation and perspectives on education. Rivoltella P. CDigital literacy: Tools and methodologies for information society, 140-165.

De Filippi, P., & Vieira, M. S. (2013). The Commodification of Information Commons. International Journal of the Commons, 7(2) (forthcoming).

Erickson, J. S. (2003). Fair use, DRM, and trusted computing.Communications of the ACM, 46(4), 34-39.

Felten, E. W. (2003). A skeptical view of DRM and fair use. Communications of the ACM, 46(4), 56-59.

Fitzgerald, B. F., & Oi, I. (2004). Free culture: Cultivating the creative commons. Media & Arts Law Review, 9(2).

Ginsburg, J. C. (2002). Essay: From Having Copies to Experiencing Works: The Development of an Access Right in US Copyright Law. J. Copyright Soc'y USA, 50, 113.

Kitchin, R., & Dodge, M. (2011). Code, Space: Software and Everyday Life. The MIT Press.

Koelman, K. (2004). Copyright Law & Economics in the Copyright Directive: Is the Droit d'Auteur Passe?. International Review of Intellectual Property and Competition Law, 603-638.

Lametti, D. (2012). The Cloud: Boundless Digital Potential or Enclosure 3.0?.

Lessig, L. (1999). The law of the horse: What cyberlaw might teach. Harvard law review, 113(2), 501-549.

Lessig, L. (2003). Law regulating code regulating law. Loy. U. Chi. LJ, 35, 1.

Lessig, L. (2004). Free culture: How big media uses technology and the law to lock down culture and control creativity. Penguin.

Lessig, L. (2006). Code Version 2.0. Lawrence Lessig.

Litman, J. D. (1986). Copyright Compromise and Legislative History. Cornell L. Rev., 72, 857.

Reia-Baptista, V. (2009). Media literacy and media appropriations by youth.

Samuelson, P. (2003). DRM {and, or, vs.} the law. Communications of the ACM, 46(4), 41-45.

Scale, M. E. (2009). Cloud computing and collaboration. Library Hi Tech News, 26(9), 10-13. doi:10.1108/07419050911010741.

Wofford, J. (2012). User-generated content. New Media & Society, 14(7), 1236-1239.

Wu, T. (2003). When Code Isn't Law. Virginia Law Review, 679-751.

Add new comment