During a Tuesday panel at the 2022 Global Gaming Expo in Las Vegas, panelist and Pechanga tribal attorney Steve Bodmer argued that storing data in the cloud does not threaten tribal sovereignty, provided certain precautions are taken. He noted tribes need to consider several important factors: 1. How is your cloud contract written? 2. What do you put on the cloud? 3. Coordinate details with your technical teams in IT, regulation, and cybersecurity. He said an important condition to note is “who owns the data?” and he urged tribes to be cautious of any contract that specifies joint ownership of the data by the cloud provider.
Author and software developer Andrew Cardno was a bit more pessimistic, noting that at least 555 government agencies have investigative and subpoena powers, and nearly 150 providers offer cloud services. He said from those multiple angles, a tribe might not know its data has been compromised until long after it’s gone. He likened it to property ownership, where important matters like water rights could be lost by government action before a tribe is aware it has been attacked.
Cardno described a frightening scenario where a state could decide to tax Indian casinos on all the money wagered by their guests and use “cloud” data from slot systems to justify its actions. Bodmer said he’d heard about such ideas, but noted his tribe has not put any of its gaming data or gaming products on the cloud.
The panel also discussed the wave of data privacy protection laws that originated in Europe but have been adopted by many states including California. Moderator and attorney Elizabeth Homer said federal law trumps state law on many issues, but Bodmer pointed out that “cowboy judges” in multiple jurisdictions are constantly challenging native sovereignty in state courts.
When discussing data security in the cloud, Cardno noted that sovereignty and security are separate issues, but are closely related. He said the only way to guarantee total protection is simply to “cut the cord” to the internet. He warned this could lead to minor issues of reduced guest convenience, but that it might be worth it in the end.
Bodmer raised the issue that despite tribal sovereignty, government subpoenas could grab tribal data stored in clouds with servers not located on sovereign land (which is mostly the case). He said his IT professionals have ensured him that most of this data is encrypted and therefore is safe, but it was still concerning.
He brought up the prospect of a tribe, or several tribes, building their own server cloud farms on reservation land, thereby double-protecting the data via sovereignty. He said that such a solution has been discussed for some time, and is gaining momentum as cloud issues become more common.
Homer, like many of us, said she feels forced to use the cloud because of convenience, and has the fear that “you simply can’t get away from it.”
