The growth of cloud computing has been phenomenal, as companies ranging from early stage start-ups to conservative, blue-chip corporations have sought to take advantage of the cost savings offered by cloud-based solutions. And at the head of this revolution has been Amazon Web Services (AWS), one of the earliest and most popular of the cloud service providers. Indeed, AWS’s cloud platform has proven to be particularly appealing to bloggers, website operators, social media providers and companies seeking to quickly and cost-effectively expand their presence on the Internet.
We have summarized elsewhere the privacy and data security concerns associated with cloud solutions, particularly those based on “public cloud” models. However, in recently reviewing the click-wrap “AWS Customer Agreement” governing access to and use of AWS, among the many standard pro-vendor provisions typically found in any online Terms of Use these days, we were struck by one provision that stood out as being highly unusual and particularly worrisome for AWS corporate users, especially users in the technology industry.
In Section 8.5 of the AWS Customer Agreement, AWS obtains from its customers a covenant not to sue for patent infringement or other intellectual property infringement in connection with AWS-related services. Here’s the relevant language:
“During and after the Term, you will not assert, nor will you authorize, assist, or encourage any third party to assert, against us or any of our affiliates, customers, vendors, business partners, or licensors, any patent infringement or other intellectual property infringement claim regarding any Service Offerings you have used.”
Read literally, this language would appear to impose a covenant on AWS customers not to sue AWS—or its affiliates, customers, vendors, business partners or licensors—for patent, copyright or other intellectual property infringement in connection with web services made available not only by AWS but also by its affiliates. Immunized services purport to include not only AWS’s data hosting services but also associated application programming interfaces and content (although content made available by third parties on the AWS platform would appear to be excluded).
Moreover, if enforceable, the covenant language would prohibit AWS customers from authorizing, assisting or encouraging any third party to pursue intellectual property-related claims against AWS, its affiliates, customers, vendors, business partners or licensors, a broad prohibition that could—if read in the broadest fashion—potentially impact law firms and other entities that provide assistance to patent, copyright and other intellectual property owners.
And the kicker? The provision purports to survive the expiration or termination of the AWS Customer Agreement. So a company’s decision to terminate its relationship with AWS may not relieve such company of its obligations under the “do not assert” provision.
For a number of legal reasons, companies should always proceed with caution whenever considering the use of a cloud platform. Conducting thorough due diligence is essential, and, of course, such due diligence requires careful review of all agreements or policies governing one’s access to or use of the platform under consideration. And, as the AWS Customer Agreement illustrates, companies that have patents or other intellectual property rights covering Internet or cloud-related technologies or works need to be particularly vigilant that, in their drive to reduce storage costs, they are not inadvertently restricting their ability to fully exploit their intellectual property rights.