Please see the attached documents, and reach out if any questions arise.
2/17/22, 5:46 PM US Legal and Justice Systems
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/us-legal-and-justice-systems.html?ou=622270 1/2
Learning Topic
US Legal and Justice Systems
Violations of cybersecurity laws can result in civil damages or criminal penalties, or both.
Depending on the circumstances surrounding a particular violation, it could be addressed
in both legal forums. Depending on the law violated, the case could be adjudicated in
federal or state court, or even both.
Violations of federal law are explicitly assigned to federal courts; state civil claims are
often heard in federal court, rarely the opposite. Before deciding which jurisdiction to file
a case in, one should first take care to understand the similarities and differences among
the relevant systems, as well as the efficiency of the court system. In the Circuit Court for
Cook County, Illinois, it is not unheard of for a civil claim to take more than five years to
come to trial.
In the United States, federal jurisdiction arises from a specific area reserved to the federal
government by the US Constitution, such as intellectual property law, or through a law
premised on commerce between states. The internet and other interstate communications
fall into the latter category, so almost everything that happens online can be subject to
federal authority.
Governments in the United States are composed of three branches: legislative, judicial,
and executive. While each branch has its own distinct authority, they operate in a deeply
interconnected manner, so that any legal case is likely to involve all three. Checks and
balances are embedded to maintain balance among the branches. These concepts hold
true at the federal, state, and local levels, and they are manifest in both criminal and civil
systems.
Court systems consist of several components intended to ensure a fair and true outcome
to every trial. There are separate courts at the state level to hear civil and criminal
matters, and each of those has a primary or original level, as well as an appellate
jurisdiction. The steps for navigating through each system to attain due process are
explicitly codified by law.
2/17/22, 5:46 PM US Legal and Justice Systems
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/us-legal-and-justice-systems.html?ou=622270 2/2
Courts and the Legal Process
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/courts-and-the-legal-process.html?
ou=622270)
The Legal System in the United States
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/the-legal-system-in-the-united-
states.html?ou=622270)
© 2022 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
Resources
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270
PLEASE READ CAREFULLY
– Please cite your work in your responses
– Please use APA (7th edition) formatting
– All questions and each part of the question should be answered in detail (Go into depth)
– Response to questions must demonstrate understanding and application of concepts covered in class,
– Use in-text citations and at LEAST 2 resources per discussion from the school materials that I provided to support all answers.
– No grammatical errors; Complete sentences are used. Proper formatting is used. Citations are used according to APA
– The use of course materials to support ideas is HIGHLY RECOMMENDED
– Lastly, Responses MUST be organized (Should be logical and easy to follow)
Step 6: Examine the US Legal System and Intellectual Property Laws
Now that you are familiar with security issues, examine and review the
US legal and justice systems
. Since BallotOnline is a software as a service (SaaS) company based in the United States and serving a customer base in the United States, you need to understand how the legal and justice systems work in the United States. Your basic understanding of these systems is crucial for understanding the complexities of the legal system in cyberspace, where cloud-based systems reside.
As a practitioner working in the cloud computing field, you should also have an understanding of the complexities of
intellectual property law
and
cyberspace law
, including how to identify different venues and methods for resolving disputes (such as the court system, arbitration, mediation), how to define and negotiate cloud hosting agreements to avoid potential cyberspace law issues, how to discuss the regulation of cyberspace, and how to handle electronic agreements and digital signatures.
To gain a better understanding of how cyberspace laws are applied to real issues, participate in the analysis of a relevant legal case with your colleagues in a forum titled Discussion: US Legal System and Cyberspace Law.
Step 7: Use Frameworks to Analyze Complex Legal and Compliance Issues
In the previous step, you examined the US legal and justice systems as a building block for understanding the complexities of the legal system in cyberspace, where cloud-based systems reside.
There are several
frameworks for analyzing compliance issues
used to analyze these complex issues. To provide a manageable set of recommendations to the executives, review the frameworks and select the one that is most helpful to use for analyzing these complex issues.
Step 8: Analyze General, Industry, Geographic, Data, and Cloud-Specific Compliance Issues
In the previous step, you examined the complexities of law in cyberspace. In this step, you will expand your understanding of legal and compliance issues related to the cloud by investigating
industry-specific compliance issues
,
geographic-specific compliance issues
such as privacy, and
cloud-specific compliance issues
to determine which are applicable to BallotOnline.
You will also need to analyze
data compliance issues
applicable to companies operating in the European Union, including the recent GDPR regulations, and determine how BallotOnline can be compliant. The organization is concerned about EU compliance issues because the laws there are the most restrictive that BallotOnline will encounter.
Prepare a two- to three-page summary of the data compliance issues that are applicable to BallotOnline and determine how BallotOnline can be compliant. This will be part of your final risk and compliance assessment report.
Step 9: Create a Proposal for a Compliance Program
In previous steps, you have identified potential legal and compliance requirements that BallotOnline may face in migrating to a cloud computing model. Now, you need to determine how BallotOnline can comply with those requirements.
Create a high-level proposal for a compliance program for BallotOnline that enables the organization and its employees to conduct itself in a manner that is in compliance with legal and regulatory requirements. Management has asked you to model the proposal on
existing compliance programs
for other companies that have migrated to the cloud.
Use the
Proposal for Compliance Program template
to record your work and follow the submission instructions below to obtain feedback.
The proposal will be one to two pages in length and should take the form of a high-level outline or flowchart showing the different components and relationships among the components.
Include the following elements that are generally found in an effective program:
· Identification of company employees who have oversight over the program, their roles, and responsibilities
· List of high-level policies and/or procedures that may be required
· List of high-level training and education programs that may be required
· Relationships between components of the program, including (but not limited to):
· communication channels
· dependencies
· Identification of enforcement mechanism
· Identification of monitoring and auditing mechanisms
· How will responses to compliance issues be handled, and how will corrective action plans be developed?
· How are risk assessments handled?
The proposal will be one to two pages in length and should take the form of a high
–
level outline
or flowchart showing the different components and relationships among the components.
Include the following elements that are generally found
in an effective program:
?
Identification of company employees who have oversight over the program, their roles,
and responsibilities
?
List of high
–
level policies and/or procedures that may be required
?
List of high
–
level training and education programs that
may be required
?
Relationships between components of the program, including (but not limited to):
?
communication channels
?
dependencies
?
Identification of enforcement mechanism
?
Identification of monitoring and auditing mechanisms
?
How will responses to complia
nce issues be handled, and how will corrective action
plans be developed?
?
How are risk assessments handled?
The proposal will be one to two pages in length and should take the form of a high-level outline
or flowchart showing the different components and relationships among the components.
Include the following elements that are generally found in an effective program:
? Identification of company employees who have oversight over the program, their roles,
and responsibilities
? List of high-level policies and/or procedures that may be required
? List of high-level training and education programs that may be required
? Relationships between components of the program, including (but not limited to):
? communication channels
? dependencies
? Identification of enforcement mechanism
? Identification of monitoring and auditing mechanisms
? How will responses to compliance issues be handled, and how will corrective action
plans be developed?
? How are risk assessments handled?
2/17/22,6:12 PM Data Compliance
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/data-compliance.html?ou=622270 1/2
Learning Topic
Data Compliance
Data compliance issues can encompass a broad spectrum of areas. A few examples that
you may encounter in cloud computing are indicated in the table below:
Data at Rest This refers to data when stored on persistent media such as a disk,
tape, or optical media (such as a DVD or CD).
Data in Use This refers to active data stored in a computer’s RAM or CPU.
Data in
Transit
This refers to data that flows across a network such as the Internet
or a private network (such as an internal network entirely within a
cloud hosting facility).
Information
Classification
This refers to classifying different types of information based on
who can or should access it. It is common for organizations to have
different classifications for data, such as confidential, public, or
highly restricted.
Data
Portability
This refers to how easily a customer’s data may be moved between
different IT environments. Some entities such as the European
Union have strict requirements on data portability.
2/17/22, 6:12 PM Data Compliance
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/data-compliance.html?ou=622270 2/2
Data Security and Privacy in Cloud Computing
(https://leocontent.umgc.edu/content/dam/course-
content/tgs/cca/cca-
610/document/DataSecurityandPrivacyinCloudComputing_checke
d ?ou=622270)
A Right Too Far? Requiring Cloud Service Providers to Deliver
Adequate Data Security to Consumers
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/a-right-too-far–requiring-cloud-
service-providers-to-deliver-ad.html?ou=622270)
Cloud Computing Information Security and Privacy Considerations
and Key Questions
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/cloud-computing-information-
security-and-privacy-considerations-.html?ou=622270)
© 2022 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
Resources
https://leocontent.umgc.edu/content/dam/course-content/tgs/cca/cca-610/document/DataSecurityandPrivacyinCloudComputing_checked ?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/a-right-too-far–requiring-cloud-service-providers-to-deliver-ad.html?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/cloud-computing-information-security-and-privacy-considerations-.html?ou=622270
2/17/22, 6:10 PM Geographic-Specific Compliance Issues
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/geographic-specific-compliance-issues.html?ou=622270 1/2
Learning Topic
Geographic-Specific Compliance Issues
Different geopolitical entities such as the European Union (EU), Canada, and individual
states, such as California, have specific compliance requirements governing protection of
their citizens.
In the EU, protection of data privacy is considered paramount and violations can result in
criminal or civil penalties. The EU requires that entities protect the flow of data outside of
the borders of EU countries, and this can lead to organizations needing to establish data
protection programs and geographically isolated IT infrastructure.
Canadian and Californian laws aren’t as strict as those of the EU; however, it is important
to understand that global organizations must adhere to a number of different compliance
requirements.
2/17/22, 6:10 PM Geographic-Specific Compliance Issues
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/geographic-specific-compliance-issues.html?ou=622270 2/2
Something’s Got to Give – Cloud Computing, as Applied to Lawyers
– Comparative Approach US and EU and Practical Proposals to
Overcome Differences
(https://leocontent.umgc.edu/content/dam/course-
content/tgs/cca/cca-610/document/SomethingsGotToGive-
CloudComputingAsAppliedToLawyers_checked ?ou=622270)
Microsoft, the USA PATRIOT Act, and European Cloud Computing
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/microsoft–the-usa-patriot-act–and-
european-cloud-computing.html?ou=622270)
Foreign Clouds in the European Sky: How US Laws Affect the
Privacy of Europeans
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/foreign-clouds-in-the-european-sky-
-how-us-laws-affect-the-priva.html?ou=622270)
Legal Issues Associated With Data Management in European
Clouds
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/legal-issues-associated-with-data-
management-in-european-clouds.html?ou=622270)
© 2022 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
Resources
https://leocontent.umgc.edu/content/dam/course-content/tgs/cca/cca-610/document/SomethingsGotToGive-CloudComputingAsAppliedToLawyers_checked ?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/microsoft–the-usa-patriot-act–and-european-cloud-computing.html?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/foreign-clouds-in-the-european-sky–how-us-laws-affect-the-priva.html?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/legal-issues-associated-with-data-management-in-european-clouds.html?ou=622270
2/17/22, 6:09 PM
Industry-Specific Compliance
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/industry-specific-compliance.html?ou=622270 1/3
Learning Topic
Industry-Specific Compliance
Warchi/Signature Collection/Getty Images
Many industries have specific compliance requirements.
Failure to meet those requirements can lead to criminal prosecution, monetary fines,
and/or civil sanctions.
Examples of industry-specific compliance requirements and their respective governing
agencies are listed in the table below.
Industry Compliance Requirements
Payment
Card
Industry
PCI Security Standards
(https://www.pcisecuritystandards.org/pci_security/standards_overview)
https://www.pcisecuritystandards.org/pci_security/standards_overview
2/17/22, 6:09 PM Industry-Specific Compliance
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/industry-specific-compliance.html?ou=622270 2/3
Creating Effective Cloud Computing Contracts for the Federal
Government: Best Practices for Acquiring IT as a Service
(https://leocontent.umgc.edu/content/dam/course-
content/tgs/cca/cca-
610/document/CreatingEffectiveCloudComputingContractsfortheF
ederalGovernment_checked ?ou=622270)
Guidance on HIPAA & Cloud Computing
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/guidance-on-hipaa-and-cloud-
computing.html?ou=622270)
Industry Compliance Requirements
Health
Care
Health Insurance Portability and Accountability Act of 1996
(https://www.hhs.gov/hipaa/for-professionals/index.html) (HIPAA)
Financial Sarbanes-Oxley Act of 2002 (https://www.sec.gov/answers/about-
lawsshtml.html#sox2002) (Sarbanes-Oxley, Sarbox or SOX)
Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010
(https://www.govtrack.us/congress/bills/111/hr4173/summary) (Dodd-
Frank)
Elections Help America Vote Act of 2002
(https://www.eac.gov/about_the_eac/help_america_vote_act.aspx)
(HAVA)
Federal Election Campaign Act of 1971
(https://www.govinfo.gov/content/pkg/STATUTE-86/pdf/STATUTE-86-
Pg3 )
Resources
https://leocontent.umgc.edu/content/dam/course-content/tgs/cca/cca-610/document/CreatingEffectiveCloudComputingContractsfortheFederalGovernment_checked ?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/guidance-on-hipaa-and-cloud-computing.html?ou=622270
https://www.hhs.gov/hipaa/for-professionals/index.html
https://www.sec.gov/answers/about-lawsshtml.html#sox2002
https://www.govtrack.us/congress/bills/111/hr4173/summary
https://www.eac.gov/about_the_eac/help_america_vote_act.aspx
https://www.govinfo.gov/content/pkg/STATUTE-86/pdf/STATUTE-86-Pg3
2/17/22, 6:09 PM Industry-Specific Compliance
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/industry-specific-compliance.html?ou=622270 3/3
© 2022 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
2/17/22, 5:47 PM Intellectual Property Law
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/intellectual-property-law.html?ou=622270 1/2
Learning Topic
Intellectual Property Law
Intellectual property laws, including trademarks, copyright, patents, and industrial design
rights, grant legal protections to the creators of original works such as music, motion
pictures, literature, designs, inventions, words, slogans, phrases, and symbols from
misappropriation by others.
All owners of intellectual property assets must implement safeguards and security
measures to protect from piracy, infringement, counterfeiting, and theft.
Warchi/Signature Collection/Getty Images
2/17/22, 5:47 PM Intellectual Property Law
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/intellectual-property-law.html?ou=622270 2/2
Breathing Space for Cloud-Based Business Models
(https://leocontent.umgc.edu/content/dam/course-
content/tgs/cca/cca-610/document/BreathingSpaceforCloud-
BasedBusinessModels_checked ?ou=622270)
Intellectual Property Rights: Understanding Intellectual Property
Rights
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/intellectual-property-rights–
understanding-intellectual-propert.html?ou=622270)
Intellectual Property Rights: Copyright
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/intellectual-property-rights–
copyright.html?ou=622270)
Law of the Cloud: On the Supremacy of the User Interface over
Copyright Law
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/law-of-the-cloud–on-the-
supremacy-of-the-user-interface-over-co.html?ou=622270)
© 2022 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
Resources
https://leocontent.umgc.edu/content/dam/course-content/tgs/cca/cca-610/document/BreathingSpaceforCloud-BasedBusinessModels_checked ?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/intellectual-property-rights–understanding-intellectual-propert.html?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/intellectual-property-rights–copyright.html?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/law-of-the-cloud–on-the-supremacy-of-the-user-interface-over-co.html?ou=622270
2/17/22, 5:46 PM
Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 1/52
Courts and the Legal Process
Learning Objectives
After reading this document, you should be able to do the following:
1. Describe the two different court systems in the United States, and explain why
some cases can be filed in either court system.
2. Explain the importance of subject matter jurisdiction and personal jurisdiction,
and know the difference between the two.
3. Describe the various stages of a civil action: from pleadings, to discovery, to
trial, and to appeals.
4. Describe two alternatives to litigation: mediation and arbitration.
In the United States, law and government are interdependent. The Constitution
establishes the basic framework of government and imposes certain limitations on the
powers of government. In turn, the various branches of government are intimately
involved in making, enforcing, and interpreting the law. Today, much of the law comes
from Congress and the state legislatures. But it is in the courts that legislation is
interpreted and prior case law is interpreted and applied.
As we go through this document, consider the case of Harry and Kay Robinson. In which
court should the Robinsons file their action? Can the Oklahoma court hear the case and
make a judgment that will be enforceable against all of the defendants? Which law will the
court use to come to a decision? Will it use New York law, Oklahoma law, federal law, or
German law?
Robinson v. Audi
Learning Resource
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 2/52
Harry and Kay Robinson purchased a new Audi automobile from Seaway Volkswagen, Inc.
(Seaway), in Massena, New York, in 1976. The following year the Robinson family, who
resided in New York, left that state for a new home in Arizona. As they passed through
Oklahoma, another car struck their Audi in the rear, causing a fire that severely burned
Kay Robinson and her two children. Later on, the Robinsons brought a products-liability
action in the District Court for Creek County, Oklahoma, claiming that their injuries
resulted from the defective design and placement of the Audi’s gas tank and fuel system.
They sued numerous defendants, including the automobile’s manufacturer, Audi NSU
Auto Union Aktiengesellschaft (Audi); its importer, Volkswagen of America, Inc.
(Volkswagen); its regional distributor, World-Wide Volkswagen Corp. (World-Wide); and
its retail dealer, Seaway.
Should the Robinsons bring their action in state court or in federal court? Over which of
the defendants will the court have personal jurisdiction?
The Relationship Between State and Federal Court Systems in the
United States
Learning Objectives
1. Understand the different but complementary roles of state and federal court
systems.
2. Explain why it makes sense for some courts to hear and decide only certain
kinds of cases.
3. Describe the difference between a trial court and an appellate
court.
Although it is sometimes said that there are two separate court systems, the reality is
more complex. There are, in fact, fifty-two court systems: those of the fifty states, the
local court system in the District of Columbia, and the federal court system. At the same
time, these are not entirely separate; they all have several points of contact.
State and local courts must honor both federal law and the laws of the other states. First,
state courts must honor federal law where state laws are in conflict with federal laws
(under the supremacy clause of the Constitution). Second, claims arising under federal
statutes can often be tried in the state courts, where the Constitution or Congress has not
explicitly required that only federal courts can hear that kind of claim. Third, under the full
faith and credit clause, each state court is obligated to respect the final judgments of
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 3/52
courts in other states. Thus, a contract dispute resolved by an Arkansas court cannot be
relitigated in North Dakota when the plaintiff wants to collect on the Arkansas judgment
in North Dakota. Fourth, state courts often must consider the laws of other states in
deciding cases involving issues where two states have an interest, such as when drivers
from two different states collide in a third state. Under these circumstances, state judges
will consult their own state’s case decisions involving conflicts of laws and sometimes
decide that they must apply another state’s laws to decide the case.
As state courts are concerned with federal law, so federal courts are often concerned with
state law and with what happens in state courts. Federal courts will consider state-law-
based claims when a case involves claims using both state and federal law. Claims based
on federal laws will permit the federal court to take jurisdiction over the whole case,
including any state issues raised. In those cases, the federal court is said to exercise
“pendent jurisdiction” over the state claims. Also, the Supreme Court will occasionally take
appeals from a state supreme court where state law raises an important issue of federal
law to be decided. For example, a convict on death row may claim that the state’s chosen
method of execution using the injection of drugs is unusually painful and involves “cruel
and unusual punishment,” raising an Eighth Amendment issue.
There is also a broad category of cases heard in federal courts that concern only state
legal issues—namely, cases that arise between citizens of different states. The federal
courts are permitted to hear these cases under their so-called diversity of citizenship
jurisdiction (or diversity jurisdiction). A citizen of New Jersey may sue a citizen of New
York over a contract dispute in federal court, but if both were citizens of New Jersey, the
plaintiff would be limited to the state courts. The Constitution established diversity
jurisdiction because it was feared that local courts would be hostile toward people from
other states and that they would need separate courts. In 2009, nearly a third of all
lawsuits filed in federal court were based on diversity of citizenship. In these cases, the
federal courts were applying state law, rather than taking federal question jurisdiction,
where federal law provided the basis for the lawsuit or where the United States was a
party (as plaintiff or defendant).
Why are there so many diversity cases in federal courts? Defense lawyers believe that
there is sometimes a “home-court advantage” for an in-state plaintiff who brings a lawsuit
against a nonresident in his local state court. The defense attorney is entitled to ask
for removal to a federal court where there is diversity. This fits with the original reason for
diversity jurisdiction in the Constitution—the concern that judges in one state court would
favor the in-state plaintiff rather than a nonresident defendant. Another reason there are
so many diversity cases is that plaintiffs’ attorneys know that removal is common and that
filing in federal court to begin with will move the case along faster. Some plaintiffs’
attorneys also find advantages in pursuing a lawsuit in federal court. Federal court
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 4/52
procedures are often more efficient than state court procedures, so that federal dockets
are often less crowded. This means a case will get to trial faster, and many lawyers enjoy
the higher status that comes in practicing before the federal bench. In some federal
districts, judgments for plaintiffs may be higher, on average, than in the local state court.
In short, not only law but also legal strategy factors into the popularity of diversity cases
in federal courts.
State Court Systems
The vast majority of civil lawsuits in the United States are filed in state courts. Two
aspects of civil lawsuits are common to all state courts: trials and appeals. A court
exercising a trial function has original jurisdiction—that is, jurisdiction to determine the
facts of the case and apply the law to them. A court that hears appeals from the trial court
is said to have appellate jurisdiction—it must accept the facts as determined by the trial
court and limit its review to the lower court’s theory of the applicable law.
Limited Jurisdiction Courts
In most large urban states and many smaller states, there are four and sometimes five
levels of courts. The lowest level is that of the limited jurisdiction courts. These are
usually county or municipal courts with original jurisdiction to hear minor criminal cases
(petty assaults, traffic offenses, and breach of peace, among others) and civil cases
involving monetary amounts up to a fixed ceiling (no more than $10,000 in most states
and far less in many states). Most disputes that wind up in court are handled in the
18,000-plus limited jurisdiction courts, which are estimated to hear more than 80 percent
of all cases.
One familiar limited jurisdiction court is the small claims court, with jurisdiction to hear
civil cases involving claims for amounts ranging between $1,000 and $5,000 in about half
the states and for considerably less in the other states ($500 to $1,000). The advantage of
the small claims court is that its procedures are informal, it is often located in a
neighborhood outside the business district, it is usually open after business hours, and it is
speedy. Lawyers are not necessary to present the case and in some states are not allowed
to appear in court.
General Jurisdiction Courts
All other civil and criminal cases are heard in the general trial courts, or courts of general
jurisdiction. These go by a variety of names: superior, circuit, district, or common pleas
court (New York calls its general trial court the supreme court). These are the courts in
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 5/52
which people seek redress for incidents such as automobile accidents and injuries, or
breaches of contract. These state courts also prosecute those accused of murder, rape,
robbery, and other serious crimes. The fact finder in these general jurisdiction courts is
not a judge, as in the lower courts, but a jury of citizens.
Although courts of general jurisdiction can hear all types of cases, in most states more
than half involve family matters (divorce, child custody disputes, and the like). A third were
commercial cases, and slightly over 10 percent were devoted to car accident cases and
other cases.
Most states have specialized courts that hear only a certain type of case, such as landlord-
tenant disputes or probate of wills. Decisions by judges in specialized courts are usually
final, although any party dissatisfied with the outcome may be able to get a new trial in a
court of general jurisdiction. Because there has been one trial already, this is known as a
trial de novo. It is not an appeal, since the case essentially starts over.
Appellate Courts
The losing party in a general jurisdiction court can almost always appeal to either one or
two higher courts. These intermediate appellate courts—usually called courts of appeal—
have been established in forty states. They do not retry the evidence, but rather
determine whether the trial was conducted in a procedurally correct manner and whether
the appropriate law was applied. For example, the appellant (the losing party who appeals)
might complain that the judge wrongly instructed the jury on the meaning of the law, or
improperly allowed testimony of a particular witness, or misconstrued the law in question.
The appellee (who won in the lower court) will ask that the appellant be denied—usually
this means that the appellee wants the lower-court judgment affirmed. The appellate
court has quite a few choices: it can affirm, modify, reverse, or reverse and remand the
lower court decision (return the case to the lower court for retrial).
The last type of appeal within the state courts system is to the highest court, the state
supreme court, which is composed of a single panel of five to nine judges and is usually
located in the state capital. (The intermediate appellate courts are usually composed of
panels of three judges and are situated in various locations around the state.) In a few
states, the highest court goes by a different name: in New York, it is known as the court of
appeals. In certain cases, appellants to the highest court in a state have the right to have
their appeals heard, but more often the supreme court selects the cases it wishes to hear.
For most litigants, the ruling of the state supreme court is final. In a relatively small class
of cases—those in which federal constitutional claims are made—appeal to the US
Supreme Court to issue a writ of certiorari remains a possibility.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 6/52
The Federal Court System
District Courts
The federal judicial system is uniform throughout the United States and consists of three
levels. At the first level are the federal district courts, which are the trial courts in the
federal system. Every state has one or more federal districts; the less populous states
have one, and the more populous states (California, Texas, and New York) have four. The
federal court with the heaviest commercial docket is the US District Court for the
Southern District of New York (Manhattan). There are forty-four district judges and fifteen
magistrates in this district. The district judges throughout the United States commonly
preside over all federal trials, both criminal and civil.
Courts of
Appeal
Cases from the district courts can then be appealed to the circuit courts of appeal, of
which there are thirteen. Each circuit oversees the work of the district courts in several
states. For example, the US Court of Appeals for the Second Circuit hears appeals from
district courts in New York, Connecticut, and Vermont. The US Court of Appeals for the
Ninth Circuit hears appeals from district courts in California, Oregon, Nevada, Montana,
Washington, Idaho, Arizona, Alaska, Hawaii, and Guam. The US Court of Appeals for the
District of Columbia Circuit hears appeals from the district court in Washington, D.C., as
well as from numerous federal administrative agencies. The US Court of Appeals for the
Federal Circuit, also located in Washington, D.C., hears appeals in patent and customs
cases. Appeals are usually heard by three-judge panels, but sometimes there will be a
rehearing at the court of appeals level, in which case all judges sit to hear the case “en
banc.”
There are also several specialized courts in the federal judicial system. These include the
US Tax Court, the Court of Customs and Patent Appeals, and the Court of Claims.
United States Supreme Court
Overseeing all federal courts is the US Supreme Court, in Washington, D.C. It consists of
nine justices—the chief justice and eight associate justices. (This number is not
constitutionally required; Congress can establish any number. It has been set at nine since
after the Civil War.) The Supreme Court has selective control over most of its docket. By
law, the cases it hears represent only a tiny fraction of the cases that are submitted. In
2008, the Supreme Court had numerous petitions (over 7,000, not including thousands of
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 7/52
petitions from prisoners) but heard arguments in only 87 cases. The Supreme Court does
not sit in panels. All the justices hear and consider each case together, unless a justice has
a conflict of interest and must withdraw from hearing the case.
Federal judges—including Supreme Court justices—are nominated by the president and
must be confirmed by the Senate. Unlike state judges, who are usually elected and preside
for a fixed term of years, federal judges sit for life unless they voluntarily retire or are
impeached.
Trial courts and appellate courts have different functions. State trial
courts sometimes hear cases with federal law issues, and federal courts
sometimes hear cases with state law issues. Within both state and
federal court systems, it is useful to know the different kinds of courts
and what cases they can decide.
Exercises
1. Why all of this complexity? Why don’t state courts hear only claims based on
state law, and federal courts only federal-law-based claims?
2. Why would a plaintiff in Iowa with a case against a New Jersey defendant
prefer to have the case heard in Iowa?
3. James, a New Jersey resident, is sued by Jonah, an Iowa resident. After a trial
in which James appears and vigorously defends himself, the Iowa state court
awards Jonah $136,750 in damages for his tort claim. In trying to collect from
James in New Jersey, Jonah must have the New Jersey court certify the Iowa
judgment. Why, ordinarily, must the New Jersey court do so?
The Problem of Jurisdiction
Key Points
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 8/52
Learning Objectives
1. Explain the concept of subject matter jurisdiction and distinguish it from
personal
jurisdiction.
2. Understand how and where the US Constitution provides a set of instructions
as to what federal courts are empowered by law to do.
3. Know which kinds of cases must be heard in federal courts only.
4. Explain diversity of citizenship jurisdiction and be able to decide whether a
case is eligible for diversity jurisdiction in the federal courts.
Jurisdiction is an essential concept in understanding courts and the legal system.
Jurisdiction is a combination of two Latin words: juris (law) and diction (to speak). Which
court has the power “to speak the law” is the basic question of jurisdiction.
There are two questions about jurisdiction in each case that must be answered before a
judge will hear a case: the question of subject matter jurisdiction and the question of
personal jurisdiction. We will consider the question of subject matter jurisdiction first,
because judges do; if they determine, on the basis of the initial documents in the case (the
“pleadings”), that they have no power to hear and decide that kind of case, they will
dismiss it.
The Federal-State Balance: Federalism
State courts have their origins in colonial era courts. After the American Revolution, state
courts functioned (with some differences) much as they did in colonial times. The big
difference after 1789 was that state courts coexisted with federal courts. Federalism was
the system devised by the nation’s founders in which power is shared between states and
the federal government. This sharing requires a division of labor between the states and
the federal government. It is Article III of the US Constitution that spells out the
respective spheres of authority (jurisdiction) between state and federal courts.
Take a close look at Article III of the Constitution. (You can find a printable copy of the
Constitution at http://www.findlaw.com.) Article III makes clear that federal courts are
courts of limited power or jurisdiction. Notice that the only kinds of cases federal courts
are authorized to deal with have strong federal connections. For example, federal courts
have jurisdiction when a federal law is being used by the plaintiff or prosecutor (a “federal
question” case) or the case arises “in admiralty” (meaning that the problem arose not on
land but on sea, beyond the territorial jurisdiction of any state, or in navigable waters
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 9/52
within the United States). Implied in this list is the clear notion that states would continue
to have their own laws, interpreted by their own courts, and that federal courts were
needed only when the issues raised by the parties had a clear federal connection. The
exception to this is diversity jurisdiction, discussed later.
The Constitution was constructed with the idea that state courts would continue to deal
with basic kinds of claims such as tort, contract, or property claims. Since states sanction
marriages and divorce, state courts would deal with “domestic” (family) issues. Since
states deal with birth and death records, it stands to reason that paternity suits, probate
disputes, and the like usually wind up in state courts. You wouldn’t go to the federal
building or courthouse to get a marriage license, ask for a divorce, or probate a will: these
matters have traditionally been dealt with by the states (and the thirteen original colonies
before them). Matters that historically have been raised and settled in state court under
state law include not only domestic and probate matters but also law relating to
corporations, partnerships, agency, contracts, property, torts, and commercial dealings
generally. You cannot get married or divorced in federal court, because federal courts
have no jurisdiction over matters that have been historically (and are still) exclusively
within the domain of state law.
In terms of subject matter jurisdiction, then, state courts will typically deal with the kinds
of disputes just cited. Thus, if you are a Michigan resident and have an auto accident in
Toledo with an Ohio resident, and you each blame each other for the accident, the state
courts ordinarily resolve the matter if the dispute cannot otherwise be settled. Why state
courts? Because when you blame one another and allege that it’s the other person’s fault,
you have the beginnings of a tort case, with negligence as a primary element of the claim,
and state courts have routinely dealt with this kind of claim, from British colonial times
through Independence and to the present. People have had a need to resolve this kind of
dispute long before our federal courts were created, and you can tell from Article III that
the Founders did not specify that tort or negligence claims should be handled by the
federal courts. Again, federal courts are courts of limited jurisdiction, limited to the kinds
of cases specified in Article III. If the case before the federal court does not fall within one
of those categories, the federal court cannot constitutionally hear the case because it
does not have subject matter jurisdiction.
Always remember: a court must have subject matter jurisdiction to hear and decide a
case. Without it, a court cannot address the merits of the controversy or even take the
next jurisdictional step of figuring out which of the defendants can be sued in that court.
The question of which defendants are appropriately before the court is a question
of personal jurisdiction.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 10/52
Because there are two court systems, it is important for a plaintiff to file in the right court
to begin with. The right court is the one that has subject matter jurisdiction over the case
—that is, the power to hear and decide the kind of case that is filed. Not only is it a waste
of time to file in the wrong court system and be dismissed, but if the dismissal comes after
the filing period imposed by the applicable statute of limitations, it will be too late to
refile in the correct court system. Such cases will be routinely dismissed, regardless of
how deserving the plaintiff might be in his or her quest for justice. (The plaintiff’s only
remedy at that point would be to sue his or her lawyer for negligence for failing to mind
the clock and get to the right court in time!)
Exclusive Jurisdiction in Federal Courts
With two court systems, a plaintiff (or the plaintiff’s attorney, most likely) must decide
whether to file a case in the state court system or the federal court system. Federal courts
have exclusive jurisdiction over certain kinds of cases. The reason for this comes directly
from the Constitution. Article III of the US Constitution provides the following:
The judicial Power shall extend to all Cases, in Law and Equity, arising under this
Constitution, the Laws of the United States, and Treaties made, or which shall be made,
under their Authority; to all Cases affecting Ambassadors, other public Ministers and
Consuls; to all Cases of admiralty and maritime Jurisdiction; to Controversies to which the
United States shall be a Party; to Controversies between two or more States; between a
State and Citizens of another State; between Citizens of different States; between
Citizens of the same State claiming Lands under Grants of different States, and between a
State, or the Citizens thereof, and foreign States, Citizens or Subjects.
By excluding diversity cases, we can assemble a list of the kinds of cases that can only be
heard in federal courts. The list looks like this:
1. Suits between states. Cases in which two or more states are a party.
2. Cases involving ambassadors and other high-ranking public figures. Cases arising
between foreign ambassadors and other high-ranking public officials.
3. Federal crimes. Crimes defined by or mentioned in the US Constitution or those
defined or punished by federal statute. Such crimes include treason against the United
States, piracy, counterfeiting, crimes against the law of nations, and crimes relating to the
federal government’s authority to regulate interstate commerce. However, most crimes
are state matters.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 11/52
4. Bankruptcy. The statutory procedure, usually triggered by insolvency, by which a
person is relieved of most debts and undergoes a judicially supervised reorganization or
liquidation for the benefit of the person’s creditors.
5. Patent, copyright, and trademark cases
Patent. The exclusive right to make, use, or sell an invention for a specified period
(usually seventeen years), granted by the federal government to the inventor if the
device or process is novel, useful, and nonobvious.
Copyright. The body of law relating to a property right in an original work of
authorship (such as a literary, musical, artistic, photographic, or film work) fixed in
any tangible medium of expression, giving the holder the exclusive right to
reproduce, adapt, distribute, perform, and display the work.
Trademark. A word, phrase, logo, or other graphic symbol used by a manufacturer or
seller to distinguish its product or products from those of others.
6. Admiralty. The system of laws that has grown out of the practice of admiralty courts:
courts that exercise jurisdiction over all maritime contracts, torts, injuries, and offenses.
7. Antitrust. Federal laws designed to protect trade and commerce from restraining
monopolies, price fixing, and price discrimination.
8. Securities and banking regulation. The body of law protecting the public by regulating
the registration, offering, and trading of securities and the regulation of banking practices.
9. Other cases specified by federal statute. Any other cases specified by a federal statute
where Congress declares that federal courts will have exclusive jurisdiction.
Concurrent Jurisdiction
When a plaintiff takes a case to state court, it will be because state courts typically hear
that kind of case (i.e., there is subject matter jurisdiction). If the plaintiff’s main cause of
action comes from a certain state’s constitution, statutes, or court decisions, the state
courts have subject matter jurisdiction over the case. If the plaintiff’s main cause of action
is based on federal law (e.g., Title VII of the Civil Rights Act of 1964), the federal courts
have subject matter jurisdiction over the case. But federal courts will also have subject
matter jurisdiction over certain cases that have only a state-based cause of action; those
cases are ones in which the plaintiff(s) and the defendant(s) are from different states and
the amount in controversy is more than $75,000. State courts can have subject matter
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 12/52
jurisdiction over certain cases that have only a federal-law-based cause of action. The
Supreme Court has now made clear that state courts have concurrent jurisdiction of any
federal cause of action unless Congress has given exclusive jurisdiction to federal courts.
In short, a case with a federal question can be often be heard in either state or federal
court, and a case that has parties with a diversity of citizenship can be heard in state
courts or in federal courts where the tests of complete diversity and amount in
controversy are met. (See below, “Summary of Rules on Subject Matter Jurisdiction.”)
Whether a case will be heard in a state court or moved to a federal court will depend on
the parties. If a plaintiff files a case in state trial court where concurrent jurisdiction
applies, a defendant may (or may not) ask that the case be removed to federal district
court.
Summary of Rules on Subject Matter Jurisdiction
A court must always have subject matter jurisdiction, and personal jurisdiction over
at least one defendant, to hear and decide a case.
A state court will have subject matter jurisdiction over any case that is not required
to be brought in a federal court.
Some cases can only be brought in federal court, such as bankruptcy cases, cases
involving federal crimes, patent cases, and Internal Revenue Service tax court claims. The
list of cases for exclusive federal jurisdiction is fairly short. That means that almost any
state court will have subject matter jurisdiction over almost any kind of case. If it’s a case
based on state law, a state court will always have subject matter jurisdiction.
A federal court will have subject matter jurisdiction over any case that is either
based on a federal law (statute, case, or US Constitution)
OR
A federal court will have subject matter jurisdiction over any case based on state law
where (1) the parties are from different states and (2) the amount in controversy is at least
$75,000.
(1) The different-states requirement means that no plaintiff can have permanent residence
in a state where any defendant has permanent residence—there must be complete
diversity of citizenship between all plaintiffs and
defendants.
(2) The amount-in-controversy requirement means that a good-faith estimate of the
amount the plaintiff may recover is at least $75,000.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 13/52
NOTE: For purposes of permanent residence, a corporation is considered a resident where
it is incorporated AND where it has a principal place of business.
In diversity cases, the following rules apply.
(1) Federal civil procedure rules apply to how the case is conducted before and during trial
and any appeals, but
(2) State law will be used as the basis for a determination of legal rights and
responsibilities.
This “choice of law” process is interesting but complicated. Basically, each state has
its own set of judicial decisions that resolve conflict of laws. For example, just
because A sues B in a Texas court, the Texas court will not necessarily apply Texas
law. Anna and Bobby collide and suffer serious physical injuries while driving their
cars in Roswell, New Mexico. Both live in Austin, and Bobby files a lawsuit in Austin.
The court there could hear it (having subject matter jurisdiction and personal
jurisdiction over Bobby) but would apply New Mexico law, which governs motor
vehicle laws and accidents in New Mexico. Why would the Texas judge do that?
The Texas judge knows that which state’s law is chosen to apply to the case can
make a decisive difference in the case, as different states have different substantive
law standards. For example, in a breach of contract case, one state’s version of the
Uniform Commercial Code may be different from another’s, and which one the court
decides to apply is often exceedingly good for one side and dismal for the other.
In Anna v. Bobby, if Texas has one kind of comparative negligence statute and New
Mexico has a different kind of comparative negligence statute, who wins or loses, or
how much is awarded, could well depend on which law applies. Because both were
under the jurisdiction of New Mexico’s laws at the time, it makes sense to apply
New Mexico law.
(3) Why do some nonresident defendants prefer to be in federal
court?
In the state court, the judge is elected, and the jury may be familiar with or
sympathetic to the “local” plaintiff.
The federal court provides a more neutral forum, with an appointed, life-tenured
judge and a wider pool of potential jurors (drawn from a wider geographical area).
(4) If a defendant does not want to be in state court and there is diversity, what is to be
done?
Make a motion for removal to the federal court.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 14/52
The federal court will not want to add to its caseload, or docket, but must take the
case unless there is no complete diversity of citizenship or the amount in
controversy is less than $75,000.
To better understand subject matter jurisdiction in action, let’s take an example. Wile E.
Coyote wants a federal judge to hear his products-liability action against Acme, Inc., even
though the action is based on state law. Mr. Coyote’s attorney wants to “make a federal
case” out of it, thinking that the jurors in the federal district court’s jury pool will
understand the case better and be more likely to deliver a “high value” verdict for Mr.
Coyote. Mr. Coyote resides in Arizona, and Acme is incorporated in the state of Delaware
and has its principal place of business in Chicago, Illinois. The federal court in Arizona can
hear and decide Mr. Coyote’s case (i.e., it has subject matter jurisdiction over the case)
because of diversity of citizenship. If Mr. Coyote was injured by one of Acme’s defective
products while chasing a roadrunner in Arizona, the federal district court judge would
hear his action—using federal procedural law—and decide the case based on the
substantive law of Arizona on product liability.
But now change the facts only slightly: Acme is incorporated in Delaware but has its
principal place of business in Phoenix, Arizona. Unless Mr. Coyote has a federal law he is
using as a basis for his claims against Acme, his attempt to get a federal court to hear and
decide the case will fail. It will fail because there is not complete diversity of citizenship
between the plaintiff and the defendant.
Robinson v. Audi
Now consider Mr. and Mrs. Robinson and their products-liability claim against Seaway
Volkswagen and the other three defendants. There is no federal products-liability law that
could be used as a cause of action. They are most likely suing the defendants using
products-liability law based on common-law negligence or common-law strict liability law,
as found in state court cases. They were not yet Arizona residents at the time of the
accident, and their accident does not establish them as Oklahoma residents, either. They
bought the vehicle in New York from a New York–based retailer. None of the other
defendants is from Oklahoma.
They file in an Oklahoma state court, but how will they (their attorney or the court) know
if the state court has subject matter jurisdiction? Unless the case is required to be in a
federal court (i.e., unless the federal courts have exclusive jurisdiction over this kind of
case), any state court system will have subject matter jurisdiction, including Oklahoma’s
state court system. But if their claim is for a significant amount of money, they cannot file
in small claims court, probate court, or any court in Oklahoma that does not have
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 15/52
statutory jurisdiction over their claim. They will need to file in a court of general
jurisdiction. In short, even when filing in the right court system (state versus federal), the
plaintiff must be careful to find the court that has subject matter jurisdiction.
If they wish to go to federal court, can they? There is no federal question presented here
(the claim is based on state common law), and the United States is not a party, so the only
basis for federal court jurisdiction would be diversity jurisdiction. If enough time has
elapsed since the accident and they have established themselves as Arizona residents,
they could sue in federal court in Oklahoma (or elsewhere), but only if none of the
defendants—the retailer, the regional Volkswagen company, Volkswagen of North
America, or Audi (in Germany)—are incorporated in or have a principal place of business in
Arizona. The federal judge would decide the case using federal civil procedure but would
have to make the appropriate choice of state law. In this case, the choice of conflicting
laws would most likely be Oklahoma, where the accident happened, or New York, where
the defective product was sold.
Legal Procedure, Including Due Process and Personal Jurisdiction
In this section, we consider how lawsuits are begun and how the court knows that it has
both subject matter jurisdiction and personal jurisdiction over at least one of the named
defendants.
The courts are not the only institutions that can resolve disputes. In the section
“Alternative Means of Resolving Disputes,” we will discuss other dispute-resolution
forums, such as arbitration and mediation. For now, let us consider how courts make
decisions in civil disputes. Judicial decision making in the context of litigation (civil
lawsuits) is a distinctive form of dispute resolution.
First, to get the attention of a court, the plaintiff must make a claim based on existing
laws. Second, courts do not reach out for cases. Cases are brought to them, usually when
an attorney files a case with the right court in the right way, following the various laws
that govern all civil procedures in a state or in the federal system. (Most US states’
procedural laws are similar to the federal procedural code.)
Once at the court, the case will proceed through various motions (motions to dismiss for
lack of jurisdiction, for example, or insufficient service of process), the proofs (submission
of evidence), and the arguments (debate about the meaning of the evidence and the law)
of contesting parties.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 16/52
This is at the heart of the adversary system, in which those who oppose each other may
attack the other’s case through proofs and cross-examination. Every person in the United
States who wishes to take a case to court is entitled to hire a lawyer. The lawyer works for
his or her client, not the court, and serves as an advocate, or supporter. The client’s goal is
to persuade the court of the accuracy and justness of his or her position. The lawyer’s
duty is to shape the evidence and the argument—the line of reasoning about the evidence
—to advance his or her client’s cause and persuade the court of its rightness. The lawyer
for the opposing party will be doing the same thing, of course, for his or her client. The
judge (or, if one is sitting, the jury) must sort out the facts and reach a decision from this
cross-fire of evidence and argument.
The method of adjudication—the act of making an order or judgment—has several
important features. First, it focuses the conflicting issues. Other, secondary concerns are
minimized or excluded altogether. Relevance is a key concept in any trial. The judge is
required to decide the questions presented at the trial, not to talk about related matters.
Second, adjudication requires that the judge’s decision be reasoned, and that is why
judges write opinions explaining their decisions (an opinion may be omitted when the
verdict comes from a jury). Third, the judge’s decision must not only be reasoned but also
be responsive to the case presented: the judge is not free to say that the case is
unimportant and that he or she therefore will ignore it. Unlike other branches of
government that are free to ignore problems pressing upon them, judges must decide
cases. (For example, a legislature need not enact a law, no matter how many people
petition it to do so.) Fourth, the court must respond in a certain way. The judge must pay
attention to the parties’ arguments, and his or her decision must result from their proofs
and arguments. Evidence that is not presented and legal arguments that are not made
cannot be the basis for what the judge decides. Also, judges are bound by standards of
weighing evidence: the burden of proof in a civil case is generally a “preponderance of the
evidence.”
In all cases, the plaintiff—the party making a claim and initiating the lawsuit (in a criminal
case, the plaintiff is the prosecution)—has the burden of proving his or her case. If he or
she fails to prove it, the defendant—the party being sued or prosecuted—will win.
Criminal prosecutions carry the most rigorous burden of proof: the government must
prove its case against the defendant beyond a reasonable doubt. That is, even if it seems
very likely that the defendant committed the crime, as long as there remains some
reasonable doubt—perhaps he or she was not clearly identified as the culprit, or has an
alibi that could be legitimate—the jury must vote to acquit rather than convict.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 17/52
By contrast, the burden of proof in ordinary civil cases—those dealing with contracts,
personal injuries, and most of the cases in this document—is a preponderance of the
evidence, which means that the plaintiff’s evidence must outweigh whatever evidence the
defendant can muster that casts doubts on the plaintiff’s claim. This is not merely a matter
of counting the number of witnesses or of the length of time that they talk: the judge in a
trial without a jury (a bench trial), or the jury where one is impaneled, must apply the
preponderance of evidence test by determining which side has the greater weight of
credible, relevant evidence.
Adjudication and the adversary system imply certain other characteristics of courts.
Judges must be impartial; those with a personal interest in a matter must refuse to hear it.
The ruling of a court, after all appeals are exhausted, is final. This principle is known as res
judicata (Latin for “the thing is decided”), and it means that the same parties may not take
up the same dispute in another court at another time. Finally, a court must proceed
according to a public set of formal procedural rules; a judge cannot make up the rules as
he or she goes along. To these rules we now turn.
How a Case Proceeds
Complaint and Summons
Beginning a lawsuit is simple and is spelled out in the rules of procedure by which each
court system operates. In the federal system, the plaintiff begins a lawsuit by filing a
complaint—a document clearly explaining the grounds for suit—with the clerk of the court.
The court’s agent (usually a sheriff, for state trial courts, or a US deputy marshal, in federal
district courts) will then serve the defendant with the complaint and a summons. The
summons is a court document stating the name of the plaintiff and his or her attorney and
directing the defendant to respond to the complaint within a fixed time period.
The timing of the filing can be important. Almost every possible legal complaint is
governed by a federal or state statute of limitations, which requires a lawsuit to be filed
within a certain period of time. For example, in many states a lawsuit for injuries resulting
from an automobile accident must be filed within two years of the accident, or the
plaintiff forfeits his right to proceed. As noted earlier, making a correct initial filing in a
court that has subject matter jurisdiction is critical to avoiding statute of limitations
problems.
Jurisdiction and Venue
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 18/52
The place of filing is equally important, and there are two issues regarding location. The
first is subject matter jurisdiction, as already noted. A claim for breach of contract, in
which the amount at stake is $1 million, cannot be brought in a local county court with
jurisdiction to hear cases involving sums up to only $1,000. Likewise, a claim for copyright
violation cannot be brought in a state superior court, since federal courts have exclusive
jurisdiction over copyright cases.
The second consideration is venue—the proper geographic location of the court. For
example, every county in a state might have a superior court, but the plaintiff is not free
to pick any county. Again, a statute will spell out to which court the plaintiff must go (e.g.,
the county in which the plaintiff resides or the county in which the defendant resides or
maintains an office).
Service of Process and Personal Jurisdiction
The defendant must be “served”—that is, must receive notice that he has been sued.
Service can be done by physically presenting the defendant with a copy of the summons
and complaint. But sometimes the defendant is difficult to find (or deliberately avoids the
marshal or other process server). The rules spell out a variety of ways by which individuals
and corporations can be served. These include using US Postal Service certified mail or
serving someone already designated to receive service of process. A corporation or
partnership, for example, is often required by state law to designate a “registered agent”
for purposes of getting public notices or receiving a summons and complaint.
One of the most troublesome problems is service on an out-of-state defendant. The
personal jurisdiction of a state court over persons is clear for those defendants found
within the state. If the plaintiff claims that an out-of-state defendant injured him in some
way, must the plaintiff go to the defendant’s home state to serve him? Unless the
defendant had some significant contact with the plaintiff’s state, the plaintiff may indeed
have to. For instance, suppose a traveler from Maine stopped at a roadside diner in
Montana and ordered a slice of homemade pie that was tainted and caused him to be sick.
The traveler may not simply return home and mail the diner a notice that he is suing it in a
Maine court. But if out-of-state defendants have some contact with the plaintiff’s state of
residence, there might be grounds to bring them within the jurisdiction of the plaintiff’s
state courts. In Burger King v. Rudzewicz (see “Cases” below), the federal court in Florida
had to consider whether it was constitutionally permissible to exercise personal
jurisdiction over a Michigan franchisee.
Again, recall that even if a court has subject matter jurisdiction, it must also have personal
jurisdiction over each defendant against whom an enforceable judgment can be made.
Often this is not a problem; you might be suing a person who lives in your state or
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 19/52
regularly does business in your state. Or a nonresident may answer your complaint
without objecting to the court’s “in personam” (personal) jurisdiction. But many
defendants who do not reside in the state where the lawsuit is filed would rather not be
put to the inconvenience of contesting a lawsuit in a distant forum. Fairness—and the due
process clause of the Fourteenth Amendment—dictates that nonresidents should not be
required to defend lawsuits far from their home base, especially where there is little or no
contact or connection between the nonresident and the state where a lawsuit is brought.
There are two court systems in the United States. It is important to know
which system—the state court system or the federal court system—has
the power to hear and decide a particular case. Once that is established,
the Constitution compels an inquiry to make sure that no court extends
its reach unfairly to out-of-state residents. The question of personal
jurisdiction is a question of fairness and due process to
nonresidents.
Key Points
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 20/52
Exercises
1. The Constitution specifies that federal courts have exclusive jurisdiction over
admiralty claims. Mr. and Mrs. Shute have a claim against Carnival Cruise Line
for the negligence of the cruise line. Mrs. Shute sustained injuries as a result of
the company’s negligence. Mr. and Mrs. Shute live in the state of Washington.
Can they bring their claim in state court? Must they bring their claim in federal
court?
2. Congress passed Title VII of the Civil Rights Act of 1964. In Title VII,
employers are required not to discriminate against employees on the basis of
race, color, sex, religion, or national origin. In passing Title VII, Congress did
not require plaintiffs to file only in federal courts. That is, Congress made no
statement in Title VII that federal courts had “exclusive jurisdiction” over Title
VII claims. Mrs. Harris wishes to sue Forklift Systems, Inc. of Nashville,
Tennessee, for sexual harassment under Title VII. She has gone through the
Equal Employment Opportunity Commission process and has a right-to-sue
letter, which is required before a Title VII action can be brought to court. Can
she file a complaint that will be heard by a state court?
3. Mrs. Harris fails to go to the Equal Employment Opportunity Commission to
get her right-to-sue letter against Forklift Systems, Inc. She therefore does not
have a viable Title VII cause of action against Forklift. She does, however, have
her rights under Tennessee’s equal employment statute and various court
decisions from Tennessee courts regarding sexual harassment. Forklift is
incorporated in Tennessee and has its principal place of business in Nashville.
Mrs. Harris is also a citizen of Tennessee. Explain why, if she brings her
employment discrimination and sexual harassment lawsuit in a federal court,
her lawsuit will be dismissed for lack of subject matter jurisdiction.
4. Suppose Mr. and Mrs. Robinson find in the original paperwork with Seaway
Volkswagen that there is a contractual agreement with a provision that says,
“All disputes arising between buyer and Seaway Volkswagen will be litigated, if
at all, in the county courts of Westchester County, New York.” Will the
Oklahoma court take personal jurisdiction over Seaway Volkswagen, or will it
require the Robinsons to litigate their claim in New York?
Summary of Rules on Personal Jurisdiction
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 21/52
Learning Objectives
1. Explain how a lawsuit can be dismissed prior to any trial.
2. Understand the basic principles and practices of discovery before a trial.
1. Once a court determines that it has subject matter jurisdiction, it must find at least one
defendant over which it is “fair” (i.e., in accord with due process) to exercise personal
jurisdiction.
2. If a plaintiff sues five defendants and the court has personal jurisdiction over just one,
the case can be heard, but the court cannot make a judgment against the other four.
a. But if the plaintiff loses against defendant 1, he or she can go elsewhere (to
another state or states) and sue defendants 2, 3, 4, or 5.
b. The court’s decision in the first lawsuit (against defendant 1) does not determine
the liability of the nonparticipating defendants.
This involves the principle of res judicata, which means that you can’t bring the same
action against the same person (or entity) twice. It’s like the civil side of double
jeopardy. Res means “thing,” and judicata means “adjudicated.” Thus the “thing” has been
“adjudicated” and should not be judged again. But, as to nonparticipating parties, it is not
over. If you have a different case against the same defendant—one that arises out of a
completely different situation—that case is not barred by res judicata.
3. Service of process is a necessary (but not sufficient) condition for getting personal
jurisdiction over a particular defendant (see rule 4).
a. In order to get a judgment in a civil action, the plaintiff must serve a copy of the
complaint and a summons on the defendant.
b. There are many ways to do this.
i. The process server personally serves a complaint on the defendant.
ii. The process server leaves a copy of the summons and complaint at the
residence of the defendant, in the hands of a competent person.
iii. The process server sends the summons and complaint by certified mail,
return receipt requested.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 22/52
iv. The process server, if all other means are not possible, notifies the
defendant by publication in a newspaper having a minimum number of readers
(as may be specified by law).
4. In addition to successfully serving the defendant with process, a plaintiff must convince
the court that exercising personal jurisdiction over the defendant is consistent with due
process and any statutes in that state that prescribe the jurisdictional reach of that state
(the so-called long-arm statutes). The Supreme Court has long recognized various bases
for judging whether such process is fair.
a. Consent. The defendant agrees to the court’s jurisdiction by coming to court,
answering the complaint, and having the matter litigated there.
b. Domicile. The defendant is a permanent resident of that state.
c. Event. The defendant did something in that state, related to the lawsuit, that
makes it fair for the state to say, “Come back and defend!”
d. Service of process within the state will effectively provide personal jurisdiction
over the nonresident.
Again, let’s consider Mrs. Robinson and her children in the Audi accident. She could file a
lawsuit anywhere in the country. She could file a lawsuit in Arizona after she establishes
residency there. But while the Arizona court would have subject matter jurisdiction over
any products-liability claim (or any claim that was not required to be heard in a federal
court), the Arizona court would face an issue of “in personam jurisdiction,” or personal
jurisdiction: under the due process clause of the Fourteenth Amendment, each state must
extend due process to citizens of all of the other states. Because fairness is essential to
due process, the court must consider whether it is fair to require an out-of-state
defendant to appear and defend against a lawsuit that could result in a judgment against
that defendant.
Almost every state in the United States has a statute regarding personal jurisdiction,
instructing judges when it is permissible to assert personal jurisdiction over an out-of-
state resident. These are called long-arm statutes. But no state can reach out beyond the
limits of what is constitutionally permissible under the Fourteenth Amendment, which
binds the states with its proviso to guarantee the due process rights of the citizens of
every state in the union. The “minimum contacts” test in Burger King v. Rudzewicz (see
“Cases” below) tries to make the fairness mandate of the due process clause more
specific. So do other tests articulated in the case (such as “does not offend traditional
notions of fair play and substantial justice”). These tests are posed by the Supreme Court
and heeded by all lower courts in order to honor the provisions of the Fourteenth
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 23/52
Amendment’s due process guarantees. These tests are in addition to any state long-arm
statute’s instructions to courts regarding the assertion of personal jurisdiction over
nonresidents.
Choice of Law and Choice of Forum Clauses
In a series of cases, the Supreme Court has made clear that it will honor contractual
choices of parties in a lawsuit. Suppose the parties to a contract wind up in court arguing
over the application of the contract’s terms. If the parties are from two different states,
the judge may have difficulty determining which law to apply. But if the contract says that
a particular state’s law will be applied if there is a dispute, then ordinarily the judge will
apply that state’s law as a rule of decision in the case. For example, Kumar Patel (a
Missouri resident) opens a brokerage account with Goldman, Sachs and Co., and the
contractual agreement calls for “any disputes arising under this agreement” to be
determined “according to the laws of the state of New York.” When Kumar claims in a
Missouri court that his broker is “churning” his account, and, on the other hand, Goldman,
Sachs claims that Kumar has failed to meet his margin call and owes $38,568.25 (plus
interest and attorney’s fees), the judge in Missouri will apply New York law based on the
contract between Kumar and Goldman, Sachs.
Ordinarily, a choice-of-law clause will be accompanied by a choice-of-forum clause. In a
choice-of-forum clause, the parties in the contract specify which court they will go to in
the event of a dispute arising under the terms of contract. For example, Harold (a resident
of Virginia) rents a car from Alamo at the Denver International Airport. He does not look
at the fine print on the contract. He also waives all collision and other insurance that
Alamo offers at the time of his rental. While driving back from Telluride Bluegrass Festival,
he has an accident in Idaho Springs, Colorado. His rented Nissan Altima is badly damaged.
On returning to Virginia, he would like to settle up with Alamo, but his insurance company
and Alamo cannot come to terms. He realizes, however, that he has agreed to hear the
dispute with Alamo in a specific court in San Antonio, Texas. In the absence of fraud or
bad faith, any court in the United States is likely to uphold the choice-of-form clause and
require Harold (or his insurance company) to litigate in San Antonio, Texas.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 24/52
Many cases never get to trial. They are disposed of by motions to dismiss
or are settled after extensive discovery makes clear to the parties the
strengths and weaknesses of the parties to the dispute.
Exercises
1. Mrs. Robinson (in the Volkswagen Audi case) never establishes residency in
Arizona, returns to New York, and files her case in federal district court in New
York, alleging diversity jurisdiction. Assume that the defendants do not want to
have the case heard in federal court. What motion will they make?
2. Under contributory negligence, the negligence of any plaintiff that causes or
contributes to the injuries a plaintiff complains of will be grounds for dismissal.
Suppose that in discovery, Mr. Ferlito in Ferlito v. Johnson & Johnson (see
“Cases” below) admits that he brought the cigarette lighter dangerously close
to his costume, saying, “Yes, you could definitely say I was being careless; I had
a few drinks under my belt.” Also, Mrs. Ferlito admits that she never reads
product instructions from manufacturers. If the case is brought in a state
where contributory negligence is the law, on what basis can Johnson &
Johnson have the case dismissed before trial?
Motions and Discovery
Learning Objectives
1. Understand how judges can push parties into pretrial settlement.
2. Explain the meaning and use of directed verdicts.
3. Distinguish a directed verdict from a judgment n.o.v. (“notwithstanding the
verdict”).
Key Points
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 25/52
The early phases of a civil action are characterized by many different kinds of motions and
a complex process of mutual fact-finding between the parties that is known as discovery.
A lawsuit will start with the pleadings (complaint and answer in every case, and in some
cases a counterclaim by the defendant against the plaintiff and the plaintiff’s reply to the
defendant’s counterclaim). After the pleadings, the parties may make various motions,
which are requests to the judge. Motions in the early stages of a lawsuit usually aim to
dismiss the lawsuit, to have it moved to another venue, or to compel the other party to
act in certain ways during the discovery process.
Initial Pleadings and Motions to Dismiss
The first papers filed in a lawsuit are called the pleadings. These include the plaintiff’s
complaint and then (usually after thirty or more days) the answer or response from the
defendant. The answer may be coupled with a counterclaim against the plaintiff. (In effect,
the defendant becomes the plaintiff for the claims he or she has against the original
plaintiff.) The plaintiff may reply to any counterclaim by the defendant.
State and federal rules of civil procedure require that the complaint must state the nature
of the plaintiff’s claim, the jurisdiction of the court, and the nature of the relief that is
being asked for (usually an award of money, but sometimes an injunction, or a declaration
of legal rights). In an answer, the defendant will often deny all the allegations of the
complaint or will admit to certain of its allegations and deny others.
A complaint and subsequent pleadings are usually quite general and give little detail.
Cases can be decided on the pleadings alone in the following situations. (1) If the
defendant fails to answer the complaint, the court can enter a default judgment, awarding
the plaintiff what he or she seeks. (2) The defendant can move to dismiss the complaint
on the grounds that the plaintiff failed to “state a claim on which relief can be granted,” or
that there is no subject matter jurisdiction for the court chosen by the plaintiff, or that
there is no personal jurisdiction over the defendant. The defendant is saying, in effect,
that even if all the plaintiff’s allegations are true, they do not amount to a legal claim that
can be heard by the court. For example, a claim that the defendant induced a woman to
stop dating the plaintiff (a so-called alienation of affections cause of action) is no longer
actionable in US state courts, and any court will dismiss the complaint without any further
proceedings. (This type of dismissal is occasionally still called a demurrer.)
A third kind of dismissal can take place on a motion for summary judgment. If there is no
triable question of fact or law, there is no reason to have a trial. For example, the plaintiff
sues on a promissory note and, at deposition (an oral examination under oath), the
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 26/52
defendant admits having made no payment on the note and offers no excuse that would
be recognizable as a reason not to pay. There is no reason to have a trial, and the court
should grant summary judgment.
Discovery
If there is a factual dispute, the case will usually involve some degree of discovery, where
each party tries to get as much information out of the other party as the rules allow. Until
the 1940s, when discovery became part of civil procedure rules, a lawsuit was frequently
a game in which each party hid as much information as possible and tried to surprise the
other party in court.
Beginning with a change in the Federal Rules of Civil Procedure adopted by the Supreme
Court in 1938 and subsequently followed by many of the states, the parties are entitled to
learn the facts of the case before trial. The basic idea is to help the parties determine
what the evidence might be, who the potential witnesses are, and what specific issues are
relevant. Discovery can proceed by several methods. A party may serve an interrogatory
on his or her adversary—a written request for answers to specific questions. Or a party
may depose the other party or a witness. A deposition is a live question-and-answer
session at which the witness answers questions put to him by one of the parties’ lawyers.
The answers are recorded verbatim and may be used at trial. Each party is also entitled to
inspect books, documents, records, and other physical items in the possession of the
other. This is a broad right, as it is not limited to just evidence that is admissible at trial.
Discovery of physical evidence means that a plaintiff may inspect a company’s accounts,
customer lists, assets, profit-and-loss statements, balance sheets, engineering and quality-
control reports, sales reports, and virtually any other document.
The lawyers, not the court, run the discovery process. For example, one party simply
makes a written demand, stating the time at which the deposition will take place or the
type of documents it wishes to inspect and make copies of. A party unreasonably resisting
discovery methods (whether depositions, written interrogatories, or requests for
documents) can be challenged, however, and judges are often brought into the process to
push reluctant parties to make a fuller disclosure or to protect a party from irrelevant or
unreasonable discovery requests. For example, the party receiving the discovery request
can apply to the court for a protective order if it can show that the demand is for
privileged material (e.g., a party’s lawyers’ records are not open for inspection) or that the
demand was made to harass the opponent. In complex cases between companies, the
discovery of documents can run into tens of millions of pages and can take years.
Depositions can consume days or even weeks of an executive’s time.
The Pretrial and Trial Phase
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 27/52
After considerable discovery, one of the parties may believe that there is no triable issue
of law or fact for the court to consider and may file a motion with the court for summary
judgment. Unless it is very clear, the judge will deny a summary judgment motion, because
that ends the case at the trial level; it is a “final order” in the case that tells the plaintiff
“no” and leaves no room to bring another lawsuit against the defendant for that particular
set of facts (res judicata). If the plaintiff successfully appeals a summary judgment motion,
the case will come back to the trial court.
Prior to the trial, the judge may also convene the parties in an effort to investigate the
possibilities of settlement. Usually, the judge will explore the strengths and weaknesses of
each party’s case with the attorneys. The parties may decide that it is more prudent or
efficient to settle than to risk going to trial.
Pretrial Conference
At various times during the discovery process, depending on the nature and complexity of
the case, the court may hold a pretrial conference to clarify the issues and establish a
timetable. The court may also hold a settlement conference to see if the parties can work
out their differences and avoid trial altogether. Once discovery is complete, the case
moves on to trial if it has not been settled. Most cases are settled before this stage;
perhaps 85 percent of all civil cases end before trial, and more than 90 percent of criminal
prosecutions end with a guilty plea.
Trial
At trial, the first order of business is to select a jury. (In a civil case of any consequence,
either party can request one, based on the Sixth Amendment to the US Constitution.) The
judge and sometimes the lawyers are permitted to question the jurors to be sure that they
are unbiased. This questioning is known as the voir dire (pronounced vwahr-DEER). This is
an important process, and a great deal of thought goes into selecting the jury, especially in
high-profile cases. A jury panel can be as few as six persons, or as many as twelve, with
alternates selected and sitting in court in case one of the jurors is unable to continue. In a
long trial, having alternates is essential; even in shorter trials, most courts will have at
least two alternate jurors.
In both criminal and civil trials, each side has opportunities to challenge potential jurors
for cause. For example, in the Robinsons’ case against Audi, the attorneys representing
Audi will want to know if any prospective jurors have ever owned an Audi, what their
experience has been, and if they had a similar problem (or worse) with their Audi that was
not resolved to their satisfaction. If so, the defense attorney could well believe that such a
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 28/52
juror has a potential for a bias against his or her client. In that case, the defense attorney
could use a challenge for cause, explaining to the judge the basis for the challenge. The
judge, at his or her discretion, could either accept the for-cause reason or reject it.
Even if an attorney cannot articulate a for-cause reason acceptable to the judge, he or she
may use one of several peremptory challenges that most states (and the federal system)
allow. A trial attorney with many years of experience may have a sixth sense about a
potential juror and, in consultation with the client, may decide to use a peremptory
challenge to avoid having that juror on the panel.
After the jury is sworn and seated, the plaintiff’s lawyer makes an opening statement,
laying out the nature of the plaintiff’s claim, the facts of the case as the plaintiff sees
them, and the evidence that the lawyer will present. The defendant’s lawyer may also
make an opening statement or may reserve his or her right to do so at the end of the
plaintiff’s case.
The plaintiff’s lawyer then calls witnesses and presents the physical evidence that is
relevant to his or her proof. The direct testimony at trial is usually far from a smooth
narration. The rules of evidence (which govern the kinds of testimony and documents that
may be introduced at trial) and the question-and-answer format tend to make the
presentation of evidence choppy and difficult to follow.
Anyone who has watched an actual televised trial or a television melodrama featuring a
trial scene will appreciate the nature of the trial itself: witnesses are asked questions
about a number of issues that may or may not be related, the opposing lawyer will
frequently object to the question or the form in which it is asked, and the jury may be
sent from the room while the lawyers argue at the bench before the judge.
After the direct testimony of each witness is over, the opposing lawyer may conduct a
cross-examination. This is a crucial constitutional right; for criminal cases, it is preserved
in the Constitution’s Sixth Amendment (the right to confront one’s accusers in open
court). The formal rules of direct testimony are then relaxed, and the cross-examiner may
probe the witness more informally, asking questions that may not seem immediately
relevant. This is when the opposing attorney may become harsh, casting doubt on a
witness’s credibility, trying to trip the witness up and show that the answers he or she
gave are false or not to be trusted. This use of cross-examination, along with the
requirement that the witness must respond to questions that are at all relevant to the
questions raised by the case, distinguishes common-law courts from those of
authoritarian regimes around the world.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 29/52
Following cross-examination, the plaintiff’s lawyer may question the witness again: this is
called redirect examination and is used to demonstrate that the witness’s original answers
were accurate and that any suggestions otherwise, made by the cross-examiner, were
unwarranted. The cross-examiner may then engage the witness in re-cross-examination,
and so on. The process usually stops after cross-examination or redirect examination.
During the trial, the judge’s chief responsibility is to see that the trial is fair to both sides.
One big piece of that responsibility is to rule on the admissibility of evidence. A judge may
rule that a particular question is out of order—that is, not relevant or appropriate—or that
a given document is irrelevant. Where the attorney is convinced that a particular witness,
a particular question, or a particular document (or part thereof) is critical to his or her
case, he or she may preserve an objection to the court’s ruling by saying “exception,” in
which case the court stenographer will note the exception; on appeal, the attorney may
cite any number of exceptions as adding up to the lack of a fair trial for his or her client
and may request a court of appeals to order a retrial.
For the most part, courts of appeal will not reverse and remand for a new trial unless the
trial court judge’s errors are “prejudicial,” or “an abuse of discretion.” In short, neither party
is entitled to a perfect trial, but only to a fair trial, one in which the trial judge has made
only “harmless errors” and not prejudicial ones.
The purpose of a trial judge is to ensure justice to all parties to the
lawsuit. The judge presides, instructs the jury, and may limit who testifies
and what they testify about what. In all of this, the judge will usually
commit some errors; occasionally these will be the kinds of errors that
seriously compromise a fair trial for both parties. Errors that do seriously
compromise a fair trial for both parties are prejudicial, as opposed to
harmless. The appeals court must decide whether any errors of the trial
court judge are prejudicial or not.
If a judge directs a verdict, that ends the case for the party who hasn’t
asked for one; if a judge grants judgment n.o.v., that will take away a jury
verdict that one side has worked very hard to get. Thus, a judge must be
careful not to unduly favor one side or the other, regardless of his or her
sympathies.
Key Points
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 30/52
Exercises
1. What if there were not a doctrine of res judicata? What would the legal
system be like?
2. Why do you think cross-examination is a “right,” as opposed to a “good thing”?
What kind of judicial system would not allow cross-examination of witnesses
as a matter of right?
At the end of the plaintiff’s case, the defendant presents his or her case, following the
same procedure just outlined. The plaintiff is then entitled to present rebuttal witnesses, if
necessary, to deny or argue with the evidence the defendant has introduced. The
defendant in turn may present “surrebuttal” witnesses.
Learning Objectives
1. Understand the posttrial process—how appellate courts process appeals.
2. Explain how a court’s judgment is translated into relief for the winning party.
When all testimony has been introduced, either party may ask the judge for
a directed verdict—a verdict decided by the judge without advice from the jury. This
motion may be granted if the plaintiff has failed to introduce evidence that is legally
sufficient to meet his or her burden of proof or if the defendant has failed to do the same
on issues on which he or she has the burden of proof. (For example, the plaintiff alleges
that the defendant owes him or her money and introduces a signed promissory note. The
defendant cannot show that the note is invalid. The defendant must lose the case unless
he or she can show that the debt has been paid or otherwise discharged.)
The defendant can move for a directed verdict at the close of the plaintiff’s case, but the
judge will usually wait to hear the entire case before deciding whether to do so. Directed
verdicts are not usually granted, since it is the jury’s job to determine the facts in dispute.
If the judge refuses to grant a directed verdict, each lawyer will then present a closing
argument to the jury (or, if there is no jury, to the judge alone). The closing argument is
used to tie up the loose ends, as the attorney tries to bring together various seemingly
unrelated facts into a story that will make sense to the jury.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 31/52
After closing arguments, the judge will instruct the jury. The purpose of jury instruction is
to explain to the jurors the meaning of the law as it relates to the issues they are
considering and to tell the jurors what facts they must determine if they are to give a
verdict for one party or the other. Each lawyer will have prepared a set of written
instructions that she hopes the judge will give to the jury. These will be tailored to
advance his or her client’s case. Many a verdict has been overturned on appeal because a
trial judge has wrongly instructed the jury. The judge will carefully determine which
instructions to give and often will use a set of pattern instructions provided by the state
bar association or the supreme court of the state. These pattern jury instructions are
often safer because they are patterned after language that appellate courts have used
previously, and appellate courts are less likely to find reversible error in the instructions.
After all instructions are given, the jury will retire to a private room and discuss the case
and the answers requested by the judge for as long as it takes to reach a unanimous
verdict. Some minor cases do not require a unanimous verdict. If the jury cannot reach a
decision, this is called a hung jury, and the case will have to be retried. When a jury does
reach a verdict, it delivers it in court with both parties and their lawyers present. The jury
is then discharged, and control over the case returns to the judge. (If there is no jury, the
judge will usually announce in a written opinion his or her findings of fact and how the
law applies to those facts. Juries just announce their verdicts and do not state their
reasons for reaching them.)
Posttrial Motions
The losing party is allowed to ask the judge for a new trial or for a judgment
notwithstanding the verdict (often called a judgment n.o.v., from the Latin non obstante
veredicto). A judge who decides that a directed verdict is appropriate will usually wait to
see what the jury’s verdict is. If it is favorable to the party the judge thinks should win, he
or she can rely on that verdict. If the verdict is for the other party, the judge can grant the
motion for judgment n.o.v. This is a safer way to proceed, because if the judge is reversed
on appeal, a new trial is not necessary. The jury’s verdict always can be restored, whereas
without a jury verdict (as happens when a directed verdict is granted before the case goes
to the jury), the entire case must be presented to a new jury. Ferlito v. Johnson &
Johnson (see “Cases” below) illustrates the judgment n.o.v. process in a case where the
judge allowed the case to go to a jury that was overly sympathetic to the plaintiffs.
Rule 50(b) of the Federal Rules of Civil Procedure provides the authorization for federal
judges making a judgment contrary to the judgment of the jury. Most states have a similar
rule.
Rule 50(b) says,
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 32/52
Whenever a motion for a directed verdict made at the close of all the evidence is denied
or for any reason is not granted, the court is deemed to have submitted the action to the
jury subject to a later determination of the legal questions raised by the motion. Not later
than 10 days after entry of judgment, a party who has moved for a directed verdict may
move to have the verdict and any judgment entered thereon set aside and to have
judgment entered in accordance with the party’s motion for a directed verdict.… [A] new
trial may be prayed for in the alternative. If a verdict was returned the court may allow the
judgment to stand or may reopen the judgment and either order a new trial or direct the
entry of judgment as if the requested verdict had been directed.
Judgment, Appeal, and Execution
Judgment or Order
The process of conducting a civil trial has many aspects, starting with
pleadings and continuing with motions, discovery, more motions, pretrial
conferences, and finally the trial itself. At all stages, the rules of civil
procedure attempt to give both sides plenty of notice, opportunity to be
heard, discovery of relevant information, cross-examination, and the
preservation of procedural objections for purposes of appeal. All of these
rules and procedures are intended to provide each side with a fair trial.
Key Points
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 33/52
Exercises
1. Mrs. Robinson has a key witness on auto safety who the judge believes is not
qualified as an expert. The judge examines the witness while the jury is in the
jury room and disqualifies him from testifying. The jury does not get to hear
this witness. Her attorney objects. She loses her case. What argument would
you expect Mrs. Robinson’s attorney to make in an appeal?
2. Why don’t appellate courts need a witness box for witnesses to give testimony
under oath?
3. A trial judge in Nevada is wondering whether to enforce a surrogate
motherhood contract. Penelope Barr, of Reno, Nevada, has contracted with
Reuben and Tina Goldberg to bear the in vitro-fertilized egg of Mrs. Goldberg.
After carrying the child for nine months, Penelope gives birth, but she is
reluctant to give up the child, even though she was paid $20,000 at the start
of the contract and will earn an additional $20,000 on handing over the baby
to the Goldbergs. (Barr was an especially good candidate for surrogate
motherhood: she had borne two perfect children and at age 28 drinks no wine,
does not smoke or use drugs of any kind, practices yoga, and maintains a
largely vegetarian diet with just enough meat to meet the needs of the fetus
within.)
At the end of a trial, the judge will enter an order that makes findings of fact (often with
the help of a jury) and conclusions of law. The judge will also make a judgment as to what
relief or remedy should be given. Often it is an award of money damages to one of the
parties. The losing party may ask for a new trial at this point or within a short period of
time following. Once the trial judge denies any such request, the judgment—in the form of
the court’s order—is final.
Appeal
Learning Objectives
1. Explain the requirements for standing to bring a lawsuit in US courts.
2. Describe the process by which a group or class of plaintiffs can be certified to
file a class action case.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 34/52
If the loser’s motion for a new trial or a judgment n.o.v. is denied, the losing party may
appeal but must ordinarily post a bond sufficient to ensure that there are funds to pay the
amount awarded to the winning party. In an appeal, the appellant aims to show that there
was some prejudicial error committed by the trial judge. There will be errors, of course,
but the errors must be significant (i.e., not harmless). The basic idea is for an appellate
court to ensure that a reasonably fair trial was provided to both sides. Enforcement of the
court’s judgment—an award of money, an injunction—is usually stayed (postponed) until
the appellate court has ruled. As noted earlier, the party making the appeal is called the
appellant, and the party defending the judgment is the appellee (or in some courts, the
petitioner and the respondent).
During the trial, the losing party may have objected to certain procedural decisions by the
judge. In compiling a record on appeal, the appellant needs to show the appellate court
some examples of mistakes made by the judge—for example, having erroneously admitted
evidence, having failed to admit proper evidence that should have been admitted, or
having wrongly instructed the jury. The appellate court must determine if those mistakes
were serious enough to amount to prejudicial error.
Appellate and trial procedures are different. The appellate court does not hear witnesses
or accept evidence. It reviews the record of the case—the transcript of the witnesses’
testimony and the documents received into evidence at trial—to try to find a legal error on
a specific request of one or both of the parties. The parties’ lawyers prepare briefs
(written statements containing the facts in the case), the procedural steps taken, and the
argument or discussion of the meaning of the law and how it applies to the facts. After
reading the briefs on appeal, the appellate court may dispose of the appeal without
argument, issuing a written opinion that may be very short or many pages. Often, though,
the appellate court will hear oral argument. (This can be months, or even more than a year
after the briefs are filed.) Each lawyer is given a short period of time, usually no more than
thirty minutes, to present his or her client’s case. The lawyer rarely gets a chance for an
extended statement, because he or she is usually interrupted by questions from the
judges. Through this exchange between judges and lawyers, specific legal positions can be
tested and their limits explored.
Depending on what it decides, the appellate court will affirm the lower court’s
judgment, modify it, reverse it, or remand it to the lower court for retrial or other action
directed by the higher court. The appellate court itself does not take specific action in the
case; it sits only to rule on contested issues of law. The lower court must issue the final
judgment in the case. As we have already seen, there is the possibility of appealing from
an intermediate appellate court to the state supreme court in twenty-nine states and to
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 35/52
the US Supreme Court from a ruling from a federal circuit court of appeal. In cases raising
constitutional issues, there is also the possibility of appeal to the Supreme Court from the
state courts.
Like trial judges, appellate judges must follow previous decisions, or precedent. But not
every previous case is a precedent for every court. Lower courts must respect appellate
court decisions, and courts in one state are not bound by decisions of courts in other
states. State courts are not bound by decisions of federal courts, except on points of
federal law that come from federal courts within the state or from a federal circuit in
which the state court sits. A state supreme court is not bound by case law in any other
state. But a supreme court in one state with a type of case it has not previously dealt with
may find persuasive reasoning in decisions of other state supreme courts.
Federal district courts are bound by the decisions of the court of appeals in their circuit,
but decisions by one circuit court are not precedents for courts in other circuits. Federal
courts are also bound by decisions of the state supreme courts within their geographic
territory in diversity jurisdiction cases. All courts are bound by decisions of the US
Supreme Court, except the Supreme Court itself, which seldom reverses itself but on
occasion has overturned its own precedents.
Not everything a court says in an opinion is a precedent. Strictly speaking, only the exact
holding is binding on the lower courts. A holding is the theory of the law that applies to
the particular circumstances presented in a case. The courts may sometimes declare what
they believe to be the law with regard to points that are not central to the case being
decided. These declarations are called dicta (in the singular, dictum), and the lower courts
do not have to give them the same weight as holdings.
Judgment and Order
When a party has no more possible appeals, it usually pays up voluntarily. If it does not,
then the losing party’s assets can be seized or its wages or other income garnished to
satisfy the judgment. If the final judgment is an injunction, failure to follow its dictates can
lead to a contempt citation, with a fine or jail time imposed.
The Goldbergs have asked the judge for an order compelling Penelope to give up the
baby, who was five days old when the lawsuit was filed. The baby is now a month old as
the judge looks in vain for guidance from any Nevada statute, any federal statute, or any
prior case in Nevada that addressed the issue of surrogate motherhood. He does find
several well-reasoned cases, one from New Jersey, one from Michigan, and one from
Oregon. Are any of these “precedent” that he must follow? May he adopt the reasoning of
any of these courts, if he should find that reasoning persuasive?
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 36/52
When Can Someone Bring a Lawsuit?
Anyone can file a lawsuit, with or without the help of an attorney, but
only those lawsuits where a plaintiff has standing will be heard by the
courts. Standing has become a complicated question and is used by the
courts to ensure that civil cases heard are being pursued by those with
tangible and particular
injuries.
Class actions are a way of aggregating
claims that are substantially similar and arise out of the same facts and
circumstances.
Exercises
Fuchs Funeral Home is carrying the body of Charles Emmenthaler to its resting
place at Forest Lawn Cemetery. Charles’s wife, Chloe, and their two children,
Chucky and Clarice, are following the hearse when the coffin falls on the street and
opens, and the body of Charles Emmenthaler falls out. The wife and children are
shocked and aggrieved and later sue in civil court for damages. Assume that this is a
viable cause of action based on “negligent infliction of emotional distress” in the
state of California and that Charles’s brother, sister-in-law, and multiple cousins also
were in the funeral procession and saw what happened. The brother of Charles,
Kingston Emmenthaler, also sees his brother’s body on the street, but his wife, their
three children, and some of Charles’s other cousins do not.
Charles was actually emotionally closest to Kingston’s oldest son, Nestor, who was
studying abroad at the time of the funeral and could not make it back in time. He is
as emotionally distraught at his uncle’s passing as anyone else in the family and is
especially grieved over the description of the incident and the grainy video shot by
one of the cousins on his cell phone. Who has standing to sue Fuchs Funeral Home,
and who does not?
Almost anyone can bring a lawsuit, assuming they have the filing fee and the help of an
attorney. But the court may not hear it, for a number of reasons. There may be no case or
controversy, there may be no law to support the plaintiff’s claim, it may be in the wrong
Key Points
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 37/52
court, too much time might have lapsed (a statute of limitations problem), or the plaintiff
may not have standing.
Learning Objectives
1. Understand the various ways that lawyers charge for services.
2. Describe the contingent fee system in the United States.
3. Know the difference between the American rule and the British rule with
regard to who pays attorneys’ fees.
Case or Controversy: Standing to Sue
Article III of the US Constitution provides limits to federal judicial power. For some cases,
the Supreme Court has decided that it has no power to adjudicate because there is no
“case or controversy.” For example, perhaps the case has been settled or the “real parties
in interest” are not before the court. In such a case, a court might dismiss the case on the
grounds that the plaintiff does not have “standing” to sue.
For example, suppose you see a sixteen-wheel moving van drive across your neighbor’s
flower bed, destroying her beloved roses. You have enjoyed seeing her roses every
summer, for years. She is forlorn and tells you that she is not going to raise roses there
anymore. She also tells you that she has decided not to sue, because she has made the
decision never to deal with lawyers if at all possible. Incensed, you decide to sue on her
behalf. But you will not have standing to sue, because your person or property was not
directly injured by the moving van. Standing means that only the person whose interests
are directly affected has the legal right to sue.
The standing doctrine is easy to understand in straightforward cases such as this but is
often a fairly complicated matter. For example, can fifteen or more state attorneys general
bring a lawsuit for a declaratory judgment that the health care legislation passed in 2010
is unconstitutional? What particular injury have they (or the states) suffered? Are they the
best set of plaintiffs to raise this issue? Time—and the Supreme Court—will tell.
Class Actions
Most lawsuits concern a dispute between two people or between a person and a
company or other organization. But it can happen that someone injures more than one
person at the same time. A driver who runs a red light may hit another car carrying one
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 38/52
person or many people. If several people are injured in the same accident, they each have
the right to sue the driver for the damage that he caused them. Could they sue as a
group? Usually not, because the damages would probably not be the same for each
person, and different facts would have to be proved at the trial. Plus, the driver of the car
that was struck might have been partially to blame, so the defendant’s liability toward him
might be different from his liability toward the passengers.
If, however, the potential plaintiffs were all injured in the same way and their injuries were
identical, a single lawsuit might be a far more efficient way of determining liability and
deciding financial responsibility than many individual lawsuits.
How could such a suit be brought? All the injured parties could hire the same lawyer, and
he or she could present a common case. But with a group numbering more than a handful
of people, it could become overwhelmingly complicated. So how could, say, a million
stockholders who believed they were cheated by a corporation ever get together to sue?
Litigation is expensive. Getting a lawyer can be costly, unless you get a
lawyer on a contingent fee. Not all legal systems allow contingent fees. In
many legal systems, the loser pays attorneys’ fees for both parties.
Key Points
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 39/52
Exercises
1. Mrs. Robinson’s attorney estimates that they will recover a million dollars from
Volkswagen in the Audi lawsuit. She has Mrs. Robinson sign a contract that
gives her firm one-third of any recovery after the firm’s expenses are
deducted. The judge does in fact award a million dollars, and the defendant
pays. The firm’s expenses are $100,000. How much does Mrs. Robinson get?
2. Harry Potter brings a lawsuit against Draco Malfoy in Chestershire, England,
for slander, a form of defamation. Potter alleges that Malfoy insists on calling
him a mudblood. Ron Weasley testifies, as does Neville Chamberlain. But
Harry loses, because the court has no conception of wizardry and cannot make
sense of the case at all. In dismissing the case, however, who (under English
law) will bear the costs of the attorneys who have brought the case for Potter
and defended the matter for Malfoy?
Because of these types of situations, there is a legal procedure that permits one person or
a small group of people to serve as representatives for all others. This is the class action.
The class action is provided for in the Federal Rules of Civil Procedure (Rule 23) and in the
separate codes of civil procedure in the states. These rules differ among themselves and
are often complex, but in general anyone can file a class action in an appropriate case,
subject to approval of the court. Once the class is “certified,” or judged to be a legally
adequate group with common injuries, the lawyers for the named plaintiffs become, in
effect, lawyers for the entire class.
Learning Objectives
1. Understand how arbitration and mediation are frequently used alternatives to
litigation.
2. Describe the differences between arbitration and mediation.
3. Explain why arbitration is final and binding.
Usually a person who doesn’t want to be in the class can decide to leave. If so, he or she
will not be included in an eventual judgment or settlement. But a potential plaintiff who is
included in the class cannot, if dissatisfied with the outcome, seek to relitigate the issue
after a final judgment is awarded, even though he or she did not participate at all in the
legal proceeding.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 40/52
Relations with Lawyers
Legal Fees
Lawyers charge for their services in one of three different ways: flat rate, hourly rate, and
contingent fee. A flat rate is usually used when the work is relatively routine and the
lawyer knows in advance approximately how long it will take her to do the job. Drawing a
will or doing a real estate closing are examples of legal work that is often paid at a flat
rate. The rate itself may be based on a percentage of the worth of the matter—say, 1
percent of a home’s selling price.
Lawyers generally charge by the hour for courtroom time and for ongoing representation
in commercial matters. Virtually every sizable law firm bills its clients by hourly rates,
which in large cities can range from $300 for an associate’s time to $500 or more for a
senior partner’s time.
A contingent fee is one that is paid only if the lawyer wins—that is, it is contingent, or
depends, upon the success of the case. This type of fee arrangement is used most often in
personal injury cases (e.g., automobile accidents, products liability, and professional
malpractice). Although used quite often, the contingent fee is controversial. Trial lawyers
justify it by pointing to the high cost of preparing for such lawsuits. A typical automobile
accident case can cost at least ten thousand dollars to prepare, and a complicated
products-liability case can cost tens of thousands of dollars. Few people have that kind of
money or would be willing to spend it on the chance that they might win a lawsuit.
Corporate and professional defendants complain that the contingent fee gives lawyers a
license to go big game hunting, or to file suits against those with deep pockets in the
hopes of forcing them to settle.
Trial lawyers respond that the contingent fee arrangement forces them to screen cases
and weed out cases that are weak, because it is not worth their time to spend the
hundreds of hours necessary on such cases if their chances of winning are slim or
nonexistent.
Costs
In England and in many other countries, the losing party must pay the legal expenses of
the winning party, including attorneys’ fees. That is not the general rule in this country.
Here, each party must pay most of its own costs, including (and especially) the fees of
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 41/52
lawyers. (Certain relatively minor costs, such as filing fees for various documents required
in court, are chargeable to the losing side, if the judge decides it.) This type of fee
structure is known as the American rule (in contrast to the British rule).
There are two types of exceptions to the American rule. By statute, Congress and the
state legislatures have provided that the winning party in particular classes of cases may
recover its full legal costs from the loser—for example, the federal antitrust laws so
provide, and so does the federal Equal Access to Justice Act. The other exception applies
to litigants who either initiate lawsuits in bad faith, with no expectation of winning, or
who defend them in bad faith, in order to cause the plaintiff great expense. Under these
circumstances, a court has the discretion to award attorneys’ fees to the winner. But this
rule is not infinitely flexible, and courts do not have complete freedom to award attorneys’
fees in any amount, but only “reasonable” attorney’s fees.
Litigation is not the only way to resolve disputes. Informal negotiation
between the disputants usually comes first, but both mediation and
arbitration are available.
Arbitration
, though, is final and binding. Once
you agree to arbitrate, you will have a final, binding arbitral award that is
enforceable through the courts, and courts will almost never allow you to
litigate after you have agreed to arbitrate.
Key Points
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 42/52
Exercises
1. When Mrs. Robinson buys her Audi from Seaway, there is a paragraph in the
bill of sale, which both the dealer and Mrs. Robinson sign, that says, “In the
event of any complaint by customer/buyer against Seaway regarding the
vehicle purchased herein, such complaint shall not be litigated, but may only
be arbitrated under the rules of the American Arbitration Association and in
accordance with New York law.” Mrs. Robinson did not see the provision,
doesn’t like it, and wants to bring a lawsuit in Oklahoma against Seaway. What
is the result?
2. Hendrik Koster (Netherlands) contracts with Automark, Inc. (a US company
based in Illinois) to supply Automark with a large quantity of valve cap gauges.
He does, and Automark fails to pay. Koster thinks he is owed $66,000. There is
no agreement to arbitrate or mediate. Can Koster make Automark mediate or
arbitrate?
3. Suppose that there is an agreement between Koster and Automark to
arbitrate. It says, “The parties agree to arbitrate any dispute arising under this
agreement in accordance with the laws of the Netherlands and under the
auspices of the International Chamber of Commerce’s arbitration facility.” The
International Chamber of Commerce has arbitration rules and will appoint an
arbitrator or arbitral panel in the event the parties cannot agree on an
arbitrator. The arbitration takes place in Geneva. Koster gets an arbitral award
for $66,000 plus interest. Automark does not participate in any way. Will a
court in Illinois enforce the arbitral award?
Alternative Means of Resolving Disputes
Disputes do not have to be settled in court. No law requires parties who have a legal
dispute to seek judicial resolution if they can resolve their disagreement privately or
through some other public forum. In fact, the threat of a lawsuit can frequently motivate
parties toward private negotiation. Filing a lawsuit may convince one party that the other
party is serious. Or the parties may decide that they will come to terms privately rather
than wait the three or four years it can frequently take for a case to move up on the court
calendar.
Arbitration
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 43/52
Beginning around 1980, a movement toward alternative dispute resolution began to gain
force throughout the United States. Bar associations, other private groups, and the courts
themselves wanted to find quicker and cheaper ways for litigants and potential litigants to
settle certain types of quarrels than through the courts. As a result, neighborhood justice
centers or dispute resolution centers have sprung up in communities. People can come to
these centers for help in settling disputes, of either a civil or a criminal nature, that should
not consume the time and money of the parties or courts in lengthy proceedings.
These alternative forums use a variety of methods, including arbitration, mediation, and
conciliation, to bring about agreement or at least closure of the dispute. These methods
are not all alike, and their differences are worth noting.
Arbitration is a type of adjudication. The parties use a private decision maker, the
arbitrator, and the rules of procedure are considerably more relaxed than those that apply
in the courtroom. Arbitrators might be retired judges, lawyers, or anyone with the kind of
specialized knowledge and training that would be useful in making a final, binding decision
on the dispute. In a contractual relationship, the parties can decide even before a dispute
arises to use arbitration when the time comes. Or parties can decide after a dispute arises
to use arbitration instead of litigation. In a predispute arbitration agreement (often part of
a larger contract), the parties can spell out the rules of procedure to be used and the
method for choosing the arbitrator. For example, they may name the specific person or
delegate the responsibility of choosing to some neutral person, or they may each
designate a person and the two designees may jointly pick a third arbitrator.
Many arbitrations take place under the auspices of the American Arbitration Association,
a private organization headquartered in New York, with regional offices in many other
cities. The association uses published sets of rules for various types of arbitration (e.g.,
labor arbitration or commercial arbitration); parties who provide in contracts for
arbitration through the association are agreeing to be bound by the association’s rules.
Similarly, the National Association of Securities Dealers provides arbitration services for
disputes between clients and brokerage firms. International commercial arbitration often
takes place through the auspices of the International Chamber of Commerce. A
multilateral agreement known as the Convention on the Recognition and Enforcement of
Arbitral Awards provides that agreements to arbitrate—and arbitral awards—will be
enforced across national boundaries.
Arbitration has two advantages over litigation. First, it is usually much quicker, because
the arbitrator does not have a backlog of cases and because the procedures are simpler.
Second, in complex cases, the quality of the decision may be higher, because the parties
can select an arbitrator with specialized knowledge.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 44/52
Under both federal and state law, arbitration is favored, and a decision rendered by an
arbitrator is binding by law and may be enforced by the courts. The arbitrator’s decision is
final and binding, with very few exceptions (such as fraud or manifest disregard of the law
by the arbitrator or panel of arbitrators). Saying that arbitration is favored means that if
you have agreed to arbitration, you can’t go to court if the other party wants you to
arbitrate. Under the Federal Arbitration Act, the other party can go to court and get a stay
against your litigation and also get an order compelling you to go to arbitration.
Mediation
Unlike adjudication, mediation gives the neutral party no power to impose a decision. The
mediator is a go-between who attempts to help the parties negotiate a solution. The
mediator will communicate the parties’ positions to each other, will facilitate the finding
of common ground, and will suggest outcomes. But the parties have complete control:
they may ignore the recommendations of the mediator entirely, settle in their own way,
find another mediator, agree to binding arbitration, go to court, or forget the whole thing!
Cases
Burger King v. Rudzewicz
Burger King Corp. v. Rudzewicz
471 U.S. 462 (U.S. Supreme Court 1985)
Summary
Burger King Corp. is a Florida corporation with principal offices in Miami. It principally
conducts restaurant business through franchisees. The franchisees are licensed to use
Burger King’s trademarks and service marks in standardized restaurant facilities.
Rudzewicz is a Michigan resident who, with a partner (MacShara), operated a Burger King
franchise in Drayton Plains, Michigan. Negotiations for setting up the franchise occurred
in 1978 largely between Rudzewicz, his partner, and a regional office of Burger King in
Birmingham, Michigan, although some deals and concessions were made by Burger King in
Florida. A preliminary agreement was signed in February of 1979. Rudzewicz and
MacShara assumed operation of an existing facility in Drayton Plains, and MacShara
attended prescribed management courses in Miami during the four months following
February 1979.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 45/52
Rudzewicz and MacShara bought $165,000 worth of restaurant equipment from Burger
King’s Davmor Industries division in Miami. But before the final agreements were signed,
the parties began to disagree over site-development fees, building design, computation of
monthly rent, and whether Rudzewicz and MacShara could assign their liabilities to a
corporation they had formed. Negotiations took place between Rudzewicz, MacShara, and
the Birmingham regional office, but Rudzewicz and MacShara learned that the regional
office had limited decision-making power and turned directly to Miami headquarters for
their concerns. The final agreement was signed by June 1979; it provided that the
franchise relationship was governed by Florida law, and called for payment of all required
fees and forwarding of all relevant notices to Miami headquarters.
The Drayton Plains restaurant did fairly well at first, but a recession in late 1979 caused
the franchisees to fall far behind in their monthly payments to Miami. Notice of default
was sent from Miami to Rudzewicz, who nevertheless continued to operate the restaurant
as a Burger King franchise. Burger King sued in federal district court for the southern
district of Florida. Rudzewicz contested the court’s personal jurisdiction over him, since he
had never been to Florida.
The federal court looked to Florida’s long arm statute and held that it did have personal
jurisdiction over the non-resident franchisees. It awarded Burger King a quarter of a
million dollars in contract damages and enjoined the franchisees from further operation of
the Drayton Plains facility. Franchisees appealed to the 11th Circuit Court of Appeals and
won a reversal based on lack of personal jurisdiction. Burger King petitioned the Supreme
Court for a writ of certiorari.
Justice Brennan delivered the opinion of the court.
The Due Process Clause protects an individual’s liberty interest in not being subject to the
binding judgments of a forum with which he has established no meaningful “contacts, ties,
or relations.” International Shoe Co. v. Washington. By requiring that individuals have “fair
warning that a particular activity may subject [them] to the jurisdiction of a foreign
sovereign,” the Due Process Clause “gives a degree of predictability to the legal system
that allows potential defendants to structure their primary conduct with some minimum
assurance as to where that conduct will and will not render them liable to suit.”
Where a forum seeks to assert specific jurisdiction over an out-of-state defendant who
has not consented to suit there, this “fair warning” requirement is satisfied if the
defendant has “purposefully directed” his activities at residents of the forum, and the
litigation results from alleged injuries that “arise out of or relate to” those activities. Thus
“[t]he forum State does not exceed its powers under the Due Process Clause if it asserts
personal jurisdiction over a corporation that delivers its products into the stream of
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 46/52
commerce with the expectation that they will be purchased by consumers in the forum
State” and those products subsequently injure forum consumers. Similarly, a publisher
who distributes magazines in a distant State may fairly be held accountable in that forum
for damages resulting there from an allegedly defamatory story.…
…[T]he constitutional touchstone remains whether the defendant purposefully established
“minimum contacts” in the forum State.…In defining when it is that a potential defendant
should “reasonably anticipate” out-of-state litigation, the Court frequently has drawn from
the reasoning of Hanson v. Denckla, 357 U.S. 235, 253 (1958):
The unilateral activity of those who claim some relationship with a nonresident defendant
cannot satisfy the requirement of contact with the forum State. The application of that
rule will vary with the quality and nature of the defendant’s activity, but it is essential in
each case that there be some act by which the defendant purposefully avails itself of the
privilege of conducting activities within the forum State, thus invoking the benefits and
protections of its laws.
This “purposeful availment” requirement ensures that a defendant will not be haled into a
jurisdiction solely as a result of “random,” “fortuitous,” or “attenuated” contacts, or of the
“unilateral activity of another party or a third person.” [Citations] Jurisdiction is proper,
however, where the contacts proximately result from actions by the defendant himself
that create a “substantial connection” with the forum State. [Citations] Thus where the
defendant “deliberately” has engaged in significant activities within a State, or has created
“continuing obligations” between himself and residents of the forum, he manifestly has
availed himself of the privilege of conducting business there, and because his activities are
shielded by “the benefits and protections” of the forum’s laws it is presumptively not
unreasonable to require him to submit to the burdens of litigation in that forum as well.
Jurisdiction in these circumstances may not be avoided merely because the defendant did
not physically enter the forum State. Although territorial presence frequently will enhance
a potential defendant’s affiliation with a State and reinforce the reasonable foreseeability
of suit there, it is an inescapable fact of modern commercial life that a substantial amount
of business is transacted solely by mail and wire communications across state lines, thus
obviating the need for physical presence within a State in which business is conducted. So
long as a commercial actor’s efforts are “purposefully directed” toward residents of
another State, we have consistently rejected the notion that an absence of physical
contacts can defeat personal jurisdiction there.
Once it has been decided that a defendant purposefully established minimum contacts
within the forum State, these contacts may be considered in light of other factors to
determine whether the assertion of personal jurisdiction would comport with “fair play
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 47/52
and substantial justice.” International Shoe Co. v. Washington, 326 U.S., at 320. Thus
courts in “appropriate case[s]” may evaluate “the burden on the defendant,” “the forum
State’s interest in adjudicating the dispute,” “the plaintiff’s interest in obtaining convenient
and effective relief,” “the interstate judicial system’s interest in obtaining the most
efficient resolution of controversies,” and the “shared interest of the several States in
furthering fundamental substantive social policies.” These considerations sometimes serve
to establish the reasonableness of jurisdiction upon a lesser showing of minimum contacts
than would otherwise be required. [Citations] Applying these principles to the case at
hand, we believe there is substantial record evidence supporting the District Court’s
conclusion that the assertion of personal jurisdiction over Rudzewicz in Florida for the
alleged breach of his franchise agreement did not offend due process.…
In this case, no physical ties to Florida can be attributed to Rudzewicz other than
MacShara’s brief training course in Miami. Rudzewicz did not maintain offices in Florida
and, for all that appears from the record, has never even visited there. Yet this franchise
dispute grew directly out of “a contract which had a substantial connection with that
State.” Eschewing the option of operating an independent local enterprise, Rudzewicz
deliberately “reach[ed] out beyond” Michigan and negotiated with a Florida corporation
for the purchase of a long-term franchise and the manifold benefits that would derive
from affiliation with a nationwide organization. Upon approval, he entered into a carefully
structured 20-year relationship that envisioned continuing and wide-reaching contacts
with Burger King in Florida. In light of Rudzewicz’ voluntary acceptance of the long-term
and exacting regulation of his business from Burger King’s Miami headquarters, the
“quality and nature” of his relationship to the company in Florida can in no sense be
viewed as “random,” “fortuitous,” or “attenuated.” Rudzewicz’ refusal to make the
contractually required payments in Miami, and his continued use of Burger King’s
trademarks and confidential business information after his termination, caused
foreseeable injuries to the corporation in Florida. For these reasons it was, at the very
least, presumptively reasonable for Rudzewicz to be called to account there for such
injuries.
…Because Rudzewicz established a substantial and continuing relationship with Burger
King’s Miami headquarters, received fair notice from the contract documents and the
course of dealing that he might be subject to suit in Florida, and has failed to demonstrate
how jurisdiction in that forum would otherwise be fundamentally unfair, we conclude that
the District Court’s exercise of jurisdiction pursuant to Fla. Stat. 48.193(1)(g) (Supp. 1984)
did not offend due process. The judgment of the Court of Appeals is accordingly reversed,
and the case is remanded for further proceedings consistent with this opinion.
It is so ordered.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 48/52
Case Questions
1. Why did Burger King sue in Florida rather than in Michigan?
2. If Florida has a long-arm statute that tells Florida courts that it may exercise
personal jurisdiction over someone like Rudzewicz, why is the court talking about
the due process clause?
3. Why is this case in federal court rather than in a Florida state court?
4. If this case had been filed in state court in Florida, would Rudzewicz be required to
come to Florida? Explain.
Ferlito v. Johnson & Johnson
Ferlito v. Johnson & Johnson Products, Inc.
771 F. Supp. 196 (U.S. District Ct., Eastern District of Michigan 1991)
Gadola, J.
Plaintiffs Susan and Frank Ferlito, husband and wife, attended a Halloween party in 1984
dressed as Mary (Mrs. Ferlito) and her little lamb (Mr. Ferlito). Mrs. Ferlito had constructed
a lamb costume for her husband by gluing cotton batting manufactured by defendant
Johnson & Johnson Products (“JJP”) to a suit of long underwear. She had also used
defendant’s product to fashion a headpiece, complete with ears. The costume covered Mr.
Ferlito from his head to his ankles, except for his face and hands, which were blackened
with Halloween paint. At the party Mr. Ferlito attempted to light his cigarette by using a
butane lighter. The flame passed close to his left arm, and the cotton batting on his left
sleeve ignited. Plaintiffs sued defendant for injuries they suffered from burns which
covered approximately one-third of Mr. Ferlito’s body.
Following a jury verdict entered for plaintiffs November 2, 1989, the Honorable Ralph M.
Freeman entered a judgment for plaintiff Frank Ferlito in the amount of $555,000 and for
plaintiff Susan Ferlito in the amount of $70,000. Judgment was entered November 7,
1989. Subsequently, on November 16, 1989, defendant JJP filed a timely motion for
judgment notwithstanding the verdict pursuant to Fed.R.Civ.P. 50(b) or, in the alternative,
for new trial. Plaintiffs filed their response to defendant’s motion December 18, 1989; and
defendant filed a reply January 4, 1990. Before reaching a decision on this motion, Judge
Freeman died. The case was reassigned to this court April 12, 1990.
MOTION FOR JUDGMENT NOTWITHSTANDING THE VERDICT
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 49/52
Defendant JJP filed two motions for a directed verdict, the first on October 27, 1989, at
the close of plaintiffs’ proofs, and the second on October 30, 1989, at the close of
defendant’s proofs. Judge Freeman denied both motions without prejudice. Judgment for
plaintiffs was entered November 7, 1989; and defendant’s instant motion, filed November
16, 1989, was filed in a timely manner.
The standard for determining whether to grant a j.n.o.v. is identical to the standard for
evaluating a motion for directed verdict:
In determining whether the evidence is sufficient, the trial court may neither weigh the
evidence, pass on the credibility of witnesses nor substitute its judgment for that of the
jury. Rather, the evidence must be viewed in the light most favorable to the party against
whom the motion is made, drawing from that evidence all reasonable inferences in his
favor. If after reviewing the evidence…the trial court is of the opinion that reasonable
minds could not come to the result reached by the jury, then the motion for j.n.o.v. should
be granted.
To recover in a “failure to warn” product liability action, a plaintiff must prove each of the
following four elements of negligence: (1) that the defendant owed a duty to the plaintiff,
(2) that the defendant violated that duty, (3) that the defendant’s breach of that duty was
a proximate cause of the damages suffered by the plaintiff, and (4) that the plaintiff
suffered damages.
To establish a prima facie case that a manufacturer’s breach of its duty to warn was a
proximate cause of an injury sustained, a plaintiff must present evidence that the product
would have been used differently had the proffered warnings been given. By “prima facie
case,” the court means a case in which the plaintiff has presented all the basic elements of
the cause of action alleged in the complaint. If one or more elements of proof are missing,
then the plaintiff has fallen short of establishing a prima facie case, and the case should
be dismissed (usually on the basis of a directed verdict). [Citations omitted] In the absence
of evidence that a warning would have prevented the harm complained of by altering the
plaintiff’s conduct, the failure to warn cannot be deemed a proximate cause of the
plaintiff’s injury as a matter of law. [In accordance with procedure in a diversity of
citizenship case, such as this one, the court cites Michigan case law as the basis for its
legal interpretation.]…
A manufacturer has a duty “to warn the purchasers or users of its product about dangers
associated with intended use.” Conversely, a manufacturer has no duty to warn of a
danger arising from an unforeseeable misuse of its product. [Citation] Thus, whether a
manufacturer has a duty to warn depends on whether the use of the product and the
injury sustained by it are foreseeable. Gootee v. Colt Industries Inc., 712 F.2d 1057, 1065
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 50/52
(6th Cir. 1983); Owens v. Allis-Chalmers Corp., 414 Mich. 413, 425, 326 N.W.2d 372
(1982). Whether a plaintiff’s use of a product is foreseeable is a legal question to be
resolved by the court. Trotter, supra. Whether the resulting injury is foreseeable is a
question of fact for the jury. Note the division of labor here: questions of law are for the
judge, while questions of “fact” are for the jury. Here, “foreseeability” is a fact question,
while the judge retains authority over questions of law. The division between questions of
fact and questions of law is not an easy one, however. Thomas v. International Harvester
Co., 57 Mich. App. 79, 225 N.W.2d 175 (1974).
In the instant action no reasonable jury could find that JJP’s failure to warn of the
flammability of cotton batting was a proximate cause of plaintiffs’ injuries because
plaintiffs failed to offer any evidence to establish that a flammability warning on JJP’s
cotton batting would have dissuaded them from using the product in the manner that
they did.
Plaintiffs repeatedly stated in their response brief that plaintiff Susan Ferlito testified that
“she would never again use cotton batting to make a costume…However, a review of the
trial transcript reveals that plaintiff Susan Ferlito never testified that she would never
again use cotton batting to make a costume. More importantly, the transcript contains no
statement by plaintiff Susan Ferlito that a flammability warning on defendant JJP’s
product would have dissuaded her from using the cotton batting to construct the costume
in the first place. At oral argument counsel for plaintiffs conceded that there was no
testimony during the trial that either plaintiff Susan Ferlito or her husband, plaintiff Frank
J. Ferlito, would have acted any different if there had been a flammability warning on the
product’s package. The absence of such testimony is fatal to plaintiffs’ case; for without it,
plaintiffs have failed to prove proximate cause, one of the essential elements of their
negligence claim.
In addition, both plaintiffs testified that they knew that cotton batting burns when it is
exposed to flame. Susan Ferlito testified that she knew at the time she purchased the
cotton batting that it would burn if exposed to an open flame. Frank Ferlito testified that
he knew at the time he appeared at the Halloween party that cotton batting would burn if
exposed to an open flame. His additional testimony that he would not have intentionally
put a flame to the cotton batting shows that he recognized the risk of injury of which he
claims JJP should have warned. Because both plaintiffs were already aware of the danger,
a warning by JJP would have been superfluous. Therefore, a reasonable jury could not
have found that JJP’s failure to provide a warning was a proximate cause of plaintiffs’
injuries.
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 51/52
The evidence in this case clearly demonstrated that neither the use to which plaintiffs put
JJP’s product nor the injuries arising from that use were foreseeable. Susan Ferlito
testified that the idea for the costume was hers alone. As described on the product’s
package, its intended uses are for cleansing, applying medications, and infant care.
Plaintiffs’ showing that the product may be used on occasion in classrooms for decorative
purposes failed to demonstrate the foreseeability of an adult male encapsulating himself
from head to toe in cotton batting and then lighting up a cigarette.
ORDER
NOW, THEREFORE, IT IS HEREBY ORDERED that defendant JJP’s motion for judgment
notwithstanding the verdict is GRANTED.
IT IS FURTHER ORDERED that the judgment entered November 2, 1989, is SET ASIDE.
IT IS FURTHER ORDERED that the clerk will enter a judgment in favor of the defendant
JJP.
Case Questions
1. The opinion focuses on proximate cause. According to tort law, a negligence case
cannot be won unless the plaintiff shows that the defendant has breached a duty
and that the defendant’s breach has actually and proximately caused the damage
complained of. What, exactly, is the alleged breach of duty by the defendant here?
2. Explain why Judge Gadola reasoned that JJP had no duty to warn in this case. After
this case, would they then have a duty to warn, knowing that someone might use
their product in this way?
Licenses and Attributions
Chapter 3: Courts and the Legal Process (https://saylordotorg.github.io/text_advanced-
business-law-and-the-legal-environment/s06-courts-and-the-legal-
process.html) from Advanced Business Law and the Legal Environment v. 1.0 was
adapted by Saylor Academy and is available under a Creative Commons Attribution-
NonCommercial-ShareAlike 3.0 Unported (https://creativecommons.org/licenses/by-nc-
sa/3.0/) license without attribution as requested by the work’s original creator or
licensor. UMGC has modified this work and it is available under the original license.
© 2022 University of Maryland Global Campus
https://saylordotorg.github.io/text_advanced-business-law-and-the-legal-environment/s06-courts-and-the-legal-process.html
https://creativecommons.org/licenses/by-nc-sa/3.0/
2/17/22, 5:46 PM Courts and the Legal Process
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/courts-and-the-legal-process.html?ou=622270 52/52
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
CreatingEffective Cloud Computing Contracts for the Federal Government: Best Practices for
Acquiring IT as a Service comprises public domain material from the U.S. Chief Information
Officer and the Federal CIO Council. UMGC has modified this work.
February 24, 2012
Creating Effective Cloud
Computing Contracts for
the Federal Government
Best Practices for Acquiring IT as a Service
A joint publication of the
In coordination with the
Federal Cloud
Compliance Committee
[ i ]
Table of Contents
Executive Summary …………………………………………………………………………………………………………………. 1
Introduction ……………………………………………………………………………………………………………………………. 3
Selecting a Cloud Service …………………………………………………………………………………………………………. 5
Infrastructure, Platform, or Software-as-a-Service …………………………………………………………………… 5
Private, Public, Community, or Hybrid Deployment Models ………………………………………………………. 5
CSP and End-User Agreements …………………………………………………………………………………………………. 6
Terms of Service Agreements ………………………………………………………………………………………………… 6
Non-Disclosure Agreements ………………………………………………………………………………………………….. 7
Service Level Agreements ………………………………………………………………………………………………………… 7
Terms and Definitions …………………………………………………………………………………………………………… 7
Measuring SLA Performance ………………………………………………………………………………………………….. 8
SLA Enforcement Mechanisms ………………………………………………………………………………………………. 8
CSP, Agency, and Integrator Roles and Responsibilities ………………………………………………………………. 8
Contracting with Integrators ………………………………………………………………………………………………….. 9
Clearly Defined Roles and Responsibilities ………………………………………………………………………………. 9
Standards ……………………………………………………………………………………………………………………………….. 9
Reference Architecture ……………………………………………………………………………………………………….. 10
Agency Roles in the Use of Cloud Computing Standards ………………………………………………………….. 11
Internet Protocol v6 ……………………………………………………………………………………………………………. 11
Security ………………………………………………………………………………………………………………………………… 11
FedRAMP …………………………………………………………………………………………………………………………… 12
Clear Security Authorization Requirements …………………………………………………………………………… 12
Continuous Monitoring ……………………………………………………………………………………………………….. 13
Incident Response ………………………………………………………………………………………………………………. 14
Key Escrow ………………………………………………………………………………………………………………………… 15
Forensics …………………………………………………………………………………………………………………………… 15
Two-Factor Authentication using HSPD-12 …………………………………………………………………………….. 15
Audit …………………………………………………………………………………………………………………………………. 16
Privacy………………………………………………………………………………………………………………………………….. 16
Compliance with the Privacy Act of 1974 and Related PII Requirements …………………………………… 17
Privacy Impact Assessments (PIA)…………………………………………………………………………………………. 19
[ ii ]
Privacy Training ………………………………………………………………………………………………………………….. 20
Data Location …………………………………………………………………………………………………………………….. 21
Breach Response ………………………………………………………………………………………………………………… 22
E-Discovery …………………………………………………………………………………………………………………………… 23
Information Management in the Cloud …………………………………………………………………………………. 25
Locating Relevant Documents ……………………………………………………………………………………………… 25
Preservation of Data in the Cloud …………………………………………………………………………………………. 26
Moving Documents through the E-Discovery Process ……………………………………………………………… 27
Potential Cost Avoidance by Incorporating E-Discovery Tools into the Cloud …………………………….. 28
FOIA Access …………………………………………………………………………………………………………………………… 28
Conducting a Reasonable Search to Meet FOIA Obligations …………………………………………………….. 29
Processing ESI Pursuant to FOIA …………………………………………………………………………………………… 30
Tracking and Reporting Pursuant to FOIA ………………………………………………………………………………. 30
Federal Recordkeeping ………………………………………………………………………………………………………….. 30
Proactive Records Planning ………………………………………………………………………………………………….. 31
Timely and Actual Destruction of Records Required by Record Schedules …………………………………. 32
Permanent Records …………………………………………………………………………………………………………….. 33
Transition of Records to New CSPs ……………………………………………………………………………………….. 33
Conclusion ……………………………………………………………………………………………………………………………. 34
Suggested Procurement Preparation Questions: ………………………………………………………………………….. 35
General Questions ……………………………………………………………………………………………………………… 35
Service Level Agreement ……………………………………………………………………………………………………… 37
CSP and End User Agreements …………………………………………………………………………………………….. 37
E-Discovery Questions ………………………………………………………………………………………………………… 37
Cybersecurity Questions ……………………………………………………………………………………………………… 39
Privacy Questions ……………………………………………………………………………………………………………….. 39
FOIA Questions ………………………………………………………………………………………………………………….. 40
Recordkeeping Questions ……………………………………………………………………………………………………. 41
[ 1 ]
Executive Summary
The US Federal Government spends approximately $80 billion dollars on Information
Technology (IT) annually
1
. However, a significant portion of this spending goes towards
maintaining aging and duplicative infrastructure. Instead of highly efficient IT assets enabling
agencies to deliver mission services, much of this spending is characterized by low asset
utilization, long lead times to acquire new services, and fragmented demand. To compound this
problem, Federal agencies are being asked to do more with less while maintaining a high level
of service to the American public.
Cloud computing presents the Federal Government with an opportunity to transform its IT
portfolio by giving agencies the ability to purchase a broad range of IT services in a utility- based
model. This allows agencies to refocus their efforts on IT operational expenditures and only pay
for IT services consumed instead of buying IT with a focus on capacity. Procuring IT services in a
cloud computing model can help the Federal Government to increase operational efficiencies,
resource utilization, and innovation across its IT portfolio, delivering a higher return on our
investments to the American taxpayer
.
In order to leverage the power of cloud computing across the Federal Government’s IT
portfolio, the Administration established a “Cloud First” policy in the 25 Point Implementation
Plan to Reform Federal Information Technology published in December of 2010
2
. Under this
policy, Federal agencies are required to “default to cloud-based solutions whenever a secure,
reliable, cost-effective cloud option exists.”
Subsequent to the publication of the 25 Point Plan, the Administration published the Federal
Cloud Computing Strategy in February of 2011
3
. This document represented the first step in
providing guidance to Federal agencies on successfully implementing the “Cloud First” policy
and catalyzing more rapid adoption of cloud computing services across the Federal IT
landscape
.
Additionally, in December of 2011, the Federal Chief Information Officer released a new policy,
Security Authorization of Information Systems in Cloud Computing Environments, detailing the
new Federal Risk and Authorization Management Program (FedRAMP). FedRAMP provides
Federal agencies with a unified way to secure cloud computing services through the use of a
standardized baseline set of security controls for authorizing cloud systems. This standard
approach to securing cloud computing systems works in concert with the elements detailed in
this paper to create a solid foundation of transparent standards and processes the government
should use when buying cloud computing systems.
1 http://www.itdashboard.gov.
2 http://www.cio.gov/documents/25-Point-Implementation-Plan-to-Reform-Federal%20IT .
3 http://www.cio.gov/documents/Federal-Cloud-Computing-Strategy .
[ 2 ]
The adoption of cloud computing across the Federal IT portfolio represents a dramatic shift in
the way Federal agencies buy IT – a shift from periodic capital expenditures to lower cost
and
predictable operating expenditures. With this shift comes a learning curve within government
regarding the effective procurement of cloud-based services. Simultaneously, this move has
created a burgeoning market in which private industry can provide these cloud-based services
to the Federal Government.
This paper is the next step in providing Federal agencies more specific guidance in effectively
implementing the “Cloud First” policy and moving forward with the “Federal Cloud Computing
Strategy” by focusing on ways to more effectively procure cloud services within existing
regulations and laws. Since the Federal Government holds the position as the single largest
purchaser in this new market, Federal agencies have a unique opportunity to shape the way
that cloud computing services are purchased and consumed.
The design, procurement, and use of cloud computing services involve unique and different
equities within a Federal agency. Proactive planning with all necessary agency stakeholders
(e.g. chief information officers (CIO), general counsels, privacy officers, records managers, e-
discovery counsel, Freedom of Information Act (FOIA) officers, and procurement staff), is
essential when evaluating and procuring cloud computing services.
In developing this paper, we reached out to working groups under the Office of Management
and Budget, Federal CIO Council (Information Security and Identity Management Committee
(ISIMC), Cloud Computing Executive Steering Committee, etc.), procurement specialists who
have issued Federal cloud computing services implementations, and other related experts (IT
security, privacy, general counsel’s office, etc.) both internal and external to the Federal
Government
4
. This paper brings together these collective inputs to highlight unique contracting
requirements related to cloud computing contracts that will allow Federal agencies to
effectively and safely procure cloud services for agency consumption
5
.
By highlighting the areas in which cloud computing presents unique requirements compared to
the traditional IT contracts, this paper will help to continue the forward momentum the Federal
Government has made in adopting cloud computing. By understanding these unique
requirements and following the proposed recommendations, agencies can implement cloud
computing contracts that deliver better outcomes for the American people at a lower cost.
4 We would like to express our appreciation to Scott Renda, Matthew Goodrich, Allison Stanton, Jonathan
Cantor, Jodi Cramer, and the Federal Cloud Compliance Committee for their tremendous efforts in helping to
develop this paper.
5 This paper is not intended to be the definitive source for guidance on cloud services contracts for Federal
agencies. Instead it is meant to be guidance developed from the best practices across government
and
industry for agencies to use when entering the procurement process.
[ 3 ]
Introduction
As a result of the Administration’s goal to accelerate the adoption of cloud computing, Federal
agencies are increasingly migrating systems of growing importance to the cloud. As agencies
embrace this “Cloud First” policy, there are lessons to be learned and best practices to be
shared from early adopters.
The most consistent lessons learned from the early adopters show that the Federal
Government needs to buy, view, and think about IT differently. Cloud computing presents a
paradigm shift that is larger than IT, and while there are technology changes with cloud
services, the more substantive issues that need to be addressed lie in the business and
contracting models applicable to cloud services. This new paradigm requires agencies to re-
think not only the way they acquire IT services in the context of deployment, but also how the
IT services they consume provide mission and support functions on a shared basis
. Federal
agencies should begin to design and/or select solutions that allow for purchasing based on
consumption in the shared model that cloud-based architectures provide.
Cloud computing allows consumers to buy IT in a new, consumption-based model. Given the
dynamic nature of taxpayer needs, the traditional method of acquiring IT has become less
effective in ensuring the Federal Government effectively covers all of its requirements. By
moving from purchasing IT in a way that requires capital expenditures and overhead, and
instead purchasing IT “on-demand” as an agency consumes services, unique requirements have
arisen that Federal agencies need to address when contracting with cloud service providers
(CSPs).
At this point in time, the following ten areas require improved collaboration and alignment
during the contract formation process by agency program, CIO, general counsel, privacy and
procurement offices when acquiring cloud computing services:
6
Selecting a Cloud Service: Choosing the appropriate cloud service and deployment
model is the critical first step in procuring cloud
services
;
CSP and End-User Agreements: Terms of Service and all CSP/customer required
agreements need to be integrated fully into cloud contracts
;
Service Level Agreements (SLAs): SLAs need to define performance with clear terms and
definitions, demonstrate how performance is being measured, and what enforcement
mechanisms are in place to ensure SLAs are met;
6 Federal agencies must ensure cloud environments are compliant with all existing laws and regulations when
they move IT services to the cloud. This paper focuses on a number of requirements that require a special
analysis when acquiring cloud services. The paper does not address other procurement and acquisition
requirements, such as but not limited to compliance with Section 508 of the Rehabilitation Act of 1973 or
confidential statistical information (as protected by the Confidential Information Protection and Statistical
Efficiency Act of 2002 or similar statutes that protect the confidentiality of information collected solely for
statistical purposes under a pledge of confidentiality).
[ 4 ]
CSP, Agency, and Integrator Roles and Responsibilities: Careful delineation between
the responsibilities and relationships among the Federal agency, integrators, and the
CSP are needed in order to effectively manage cloud services;
Standards: The use of the NIST cloud reference architecture as well as agency
involvement in standards are necessary for cloud procurements;
Security: Agencies must clearly detail the requirements for CSPs to maintain the security
and integrity of data existing in a cloud environment;
Privacy: If cloud services host “privacy data,” agencies must adequately identify
potential privacy risks and responsibilities and address these needs in the contract;
E-Discovery: Federal agencies must ensure that all data stored in a CSP environment is
available for legal discovery by allowing all data to be located, preserved, collected,
processed, reviewed, and produced;
Freedom of Information Act (FOIA): Federal agencies must ensure that all data stored in
a CSP environment is available for appropriate handling under the FOIA; and
E-Records: Agencies must ensure CSP’s understand and assist Federal agencies in
compliance with the Federal Records Act (FRA) and obligations under this law.
These ten unique areas of focus are not an exhaustive list of unique issues with cloud
computing. Through government working groups under the OMB, the Federal CIO Council,
reviews of existing cloud contracts, reviewing industry and academia papers and studies, and
speaking with procurement and legal experts across the Federal Government, these ten areas
were identified as requiring the most attention at this time. By addressing these unique areas
to cloud computing in addition to traditional contracting best practices and bringing the
relevant stakeholders together proactively, Federal agencies will be able to more effectively
procure and manage IT as a service.
[ 5 ]
Selecting a Cloud Service
The primary driver behind purchasing any new IT service is to effectively meet a commodity,
support, or mission requirement that the agency has. Part of the analysis of that need or
problem is determining the appropriate solution. When the solution involves technology, the
Administration’s “Cloud First” and “Shared First” policies dictate that an agency must default to
using a cloud computing solution if a safe and secure one exists. However, choosing the cloud is
only the first step in this analysis. It is also critical for Federal agencies to decide which cloud
service and deployment model best meets their needs.
Infrastructure, Platform, or Software-as-a-Service
The National Institute of Standards and Technology (NIST) has defined three cloud computing
service models: Infrastructure as a Service, Platform as a Service, and Software as a Service
7
.
These service models can be summarized as:
Infrastructure: the provision of processing, storage, networking and other fundamental
computing resources;
Platform: the deployment of applications created using programming languages,
libraries, services, and tools supported by a cloud provider; and
Software: the use of applications running on a cloud infrastructure environment.
Each service model offers unique functionality depending on the class of user, with control of
the environment decreasing as you move from Infrastructure to Platform to Software.
Infrastructure is most suitable for users like network administrators as agencies can place
unique platforms and software on the infrastructure being consumed. Platform is most suitable
for users like server or system administrators in development and deployment activities.
Software is most appropriate for end users since all functionalities are usually offered out of the
box. Understanding the degree of functionality and what users in an agency will consume the
services is critical for Federal agencies in determining the appropriate cloud service to procure.
Private, Public, Community, or Hybrid Deployment Models
NIST has also defined four deployment models for cloud services: Private, Public, Community,
and Hybrid
8
. These service deployments can be summarized as:
Private: For use by a single organization;
Public: For use by general public;
Community: For use by a specific community of organizations with a shared purpose;
and
Hybrid: A composition of two or more cloud infrastructures (public, private,
community).
These deployment models determine the number of consumers (multi-tenancy), and the nature
of other consumers’ data that may be present in a cloud environment. A public cloud does not
7 See NIST Special Publication 800-145.
8 Id.
[ 6 ]
allow a consumer to know or control who the other consumers of a cloud service provider’s
environment are. However, a private cloud can allow for ultimate control in selecting who has
access to a cloud environment. Community clouds and Hybrid clouds allow for a mixed degree
of control and knowledge of other consumers. Additionally, the cost for cloud services typically
increases as the control over other consumers and knowledge of these consumers increases.
When consuming cloud services, it is important for Federal agencies to understand what type of
government data they will be placing in the environment, and select the deployment type that
corresponds to the appropriate level of control and data sensitivity.
To choose a cloud service that will properly meet a unique need, it is vital to first determine the
proper level of service and deployment. Federal agencies should endeavor to understand not
only what functionality they will receive when using a cloud service, but also how the
deployment model a cloud service utilizes will affect the environment in which government
data is placed.
CSP and End-User Agreements
CSPs enforce common acceptable use standards across all users to effectively maintain how a
consumer uses a CSP environment. Thus, use of a CSP environment usually requires Federal
agency end-users to sign Terms of Service Agreements (TOS). Additionally, Federal agencies can
also require CSPs to sign Non-Disclosure Agreements (NDAs) to enforce acceptable CSP
personnel behavior when dealing with Federal data. TOS and NDAs need to be fully
contemplated and agreed upon by both CSPs and Federal agencies to ensure that all parties
fully understand the breadth and scope of their duties when using cloud services. These
agreements are new to many IT contracts because of the nature of the interaction of end-users
with CSP environments – both due to Federal agency access to cloud services through CSP
interfaces and CSP personnel access and control of Federal data.
Terms of Service Agreements
Federal agencies need to know if a CSP requires an end-user to agree to TOS in order to use the
CSP’s services prior to signing a contract. TOS restrict the ways Federal agency consumers can
use CSP environments. They include provisions that detail how end-users may use the services,
responsibilities of the CSP, and how the CSP will deal with customer data. Provisions within a
TOS may contradict unique aspects of Federal law that apply only to agencies as well as the
terms of the contract between a Federal agency and a CSP. Given that, Federal agencies are
advised to work with CSPs to understand what they require in order for Federal agency end-
users to access a CSP environment and at the same time ensure that any TOS document
incorporated into the contract is acceptable to the Federal agency. If the TOS are not directly
within the contract but referenced within the contract, the TOS should be negotiated and
agreed upon prior to contract award.
Additionally, TOS sometimes include provisions relating to CSP responsibilities, controlling law,
indemnification and other issues that are more appropriate for the terms and conditions of the
[ 7 ]
contract. If these provisions are included within service agreements, they should be clearly
defined. Furthermore, any agreements must address time requirements that a CSP will need to
follow to comply with Federal agency rules and regulations
9
. Any contract provisions regarding
controlling law, jurisdiction, and indemnification arising out of a Federal agency’s use of a CSP
environment must align with Federal statutes, policies, and regulations; and compliance should
be defined before a contract award. This may be done through a separate document or be
included in the actual contract.
Non-Disclosure Agreements
Federal agencies often require CSP personnel to sign NDAs when dealing with Federal data.
These are usually requested by Federal agencies in order to ensure that CSP personnel protect
non-public information that is procurement-sensitive, or affects pre-decisional policy, physical
security, etc. Federal agencies will need to consider the requirements and enforceability of
NDAs with CSP personnel. The acceptable behavior prescribed by NDAs requires Federal agency
oversight, including examining the NDAs’ requirements in the rules of behavior and monitoring
of end-users activities in the cloud environment. Federal agencies should ensure that they
do
not overlook such provisions when creating NDAs. CSP and end-user agreements such as TOS
and NDAs are important to both Federal agencies and CSPs in order to clearly define the
acceptable behavior by end-users and CSP personnel when using cloud services. These
agreements should be fully contemplated by both CSPs and Federal agencies prior to cloud
services being procured. All such agreements should be incorporated, either by full text or by
reference, into the CSP contract in order to avoid the usually costly and time-consuming
process of negotiating these agreements after the enactment of a cloud computing contract.
Service Level Agreements
Service Level Agreements (SLAs) are agreements under the umbrella of the overall cloud
computing contract between a CSP and a Federal agency. SLAs define acceptable service levels
to be provided by the CSP to its customers in measurable terms. The ability of a CSP to perform
at acceptable levels is consistent among SLAs, but the definition, measurement and
enforcement of this performance varies widely among CSPs. Federal agencies should ensure
that CSP performance is clearly specified in all SLAs, and that all such agreements are fully
incorporated, either by full text or by reference, into the CSP contract.
Terms and Definitions
SLAs are necessary between a CSP and customer to contractually agree upon the acceptable
service levels expected from a CSP. SLAs across CSPs have many common terms, but definitions
and performance metrics can vary widely among vendors. For instance, CSPs can differ in their
definition of uptime (one measure of reliability) by stating uptime is not met only when services
are unavailable for periods exceeding one hour. To further complicate this, many CSPs define
9 This includes statutory requirements and associated deadlines, such as those found under FISMA and FOIA,
and applicable regulatory structures, such as those governing Inspector General (IG) investigations and
audits.
[ 8 ]
availability (another measure of reliability sometimes used within the definition of uptime) in a
way that may exclude CSP planned service outages. Federal agencies need to fully understand
any ambiguities in the definitions of cloud computing terms in order to know what levels of
service they can expect from a CSP.
Measuring SLA Performance
When Federal agencies place Federal data in a CSP environment, they are inherently giving up
control over certain aspects of the services that they consume. As a best practice, SLAs should
clearly define how performance is guaranteed (such as response time resolution/mitigation
time, availability, etc.) and require CSPs to monitor their service levels, provide timely
notification of a failure to meet the SLAs, and evidence that problems have been resolved or
mitigated. SLA performance clauses should be consistent with the performance clauses within
the contract. Agencies should enforce this by requiring in the reporting clauses of the SLA and
the contract that CSPs submit reports or provide a dashboard where Federal agencies can
continuously verify that service levels are being met. Without this provision, a Federal agency
may not be able to measure CSP performance.
SLA Enforcement Mechanisms
Most standard SLAs provided by CSPs do not include provisions for penalties if an SLA is not
met. The consequence to a customer if an SLA is not met can be catastrophic (unavailability
during peak demand, for example). However, without a penalty for CSPs in the SLA, CSPs may
not have sufficient incentives to meet the agreed-upon service levels. In order to incentivize
CSPs to meet the contract terms, there should be a credible consequence (for example, a
monetary or service credit) so that a failure to meet the agreed to terms creates an undesired
business outcome for the CSP in addition to the customer.
With many of the high profile cases of cloud service provider failures relating to provisions
covered by SLAs, as a best practice, Federal agencies need SLAs that provide value and can be
enforced when a service level is not met. SLAs with clearly defined terms and definitions,
performance metrics measured and guaranteed by CSPs, and enforcement mechanisms for
meeting service levels, will provide value to Federal agencies and incentives for CSPs to meet
the agreed upon terms.
CSP, Agency, and Integrator Roles and Responsibilities
Many Federal agencies procure cloud services through integrators
10
. In these cases, integrators
can provide a level of expertise within CSP environments which Federal agencies may not have,
thus making a Federal agency’s transition to cloud services easier. Integrators may also provide
a full range of services from technical support to help desk support that CSPs might not provide.
When deciding to use an integrator, the Federal agency may procure services directly from a
CSP and separately with an integrator, or it may procure cloud services through an integrator,
10 For ease of discussion, “integrators” is being used as an umbrella term to include service providers such as
system integrators, resellers, etc.
[ 9 ]
as the prime contractor and the CSP as subcontractor. Whichever method the Federal agency
decides to use, the addition of an integrator to a cloud computing implementation creates
contractual relationships with at least three unique parties, and the roles and responsibilities
for all parties need to be clearly defined.
Contracting with Integrators
Integrators can be contracted independently of CSPs or can act as an intermediary with CSPs.
This flexibility allows Federal agencies to choose the most effective method for contracting with
integrators to help implement their cloud computing solutions. As a best practice, Federal
agencies need to consider the technical abilities and overall service offerings of integrators and
how these elements impact the overall pricing of an integrator’s proposed services.
Additionally, if a Federal agency contracts with an integrator acting as an intermediary, the
Federal agency must consider how this affects the Federal agency’s continued use of a CSP
environment when the contract with an integrator ends.
Clearly Defined Roles and Responsibilities
Whether an agency contracts with an integrator independently or uses one as an intermediary,
roles and responsibilities need to be clearly defined. Scenarios that need to be clearly defined
within a cloud computing solution that incorporate an integrator include: how a Federal agency
interacts with a CSP to manage the CSP environment, what access an integrator has to Federal
data within a CSP environment, and what actions an integrator may take on behalf of a Federal
agency. Failure to address the roles and responsibilities of each party can hinder the end-user’s
ability to fully realize the benefits of cloud computing. For instance, if initiating a new instance
of a virtual machine requires a Federal agency to interact with an integrator, then this
interaction breaks the on-demand essential characteristic of cloud computing.
The introduction of integrators to cloud computing solutions can be a critical element of
success for many Federal agencies. However, the introduction of an additional party to a cloud
computing contract requires Federal agencies to fully consider the most effective method of
contracting with an integrator and clearly define the roles and responsibilities among CSPs,
Federal agencies, and integrators.
Standards
When Federal agencies procure cloud solutions, U.S. laws and associated policy require the use
of international, voluntary consensus standards except where inconsistent with law or
otherwise impractical
11
. Standards Developing Organizations (SDOs) are continuing to develop
conceptual models, reference architectures, and standards to facilitate communication, data
exchange, and security for cloud computing applications. Standards are already available in
support of many of the functions and requirements for cloud computing. While many of these
11 Trade Agreements Act of 1979, as amended (TAA), the National Technology Transfer and Advancement Act
(NTTAA), and the Office of Management and Budget (OMB) Circular A-119 Revised: Federal Participation in
the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities.
[ 10 ]
standards were developed in support of pre-cloud computing technologies, such as those
designed for web services and the Internet, they also support the functions and requirements
of cloud computing. Other standards are now being developed in specific support of cloud
computing functions and requirements, such as virtualization.
The National Institute of Standards and Technology (NIST) publishes guidance and standards for
agencies to follow when procuring cloud and other technologies, as well as roadmaps for
agencies to understand the development of standards for future use. These publications
address, for example, security, interoperability, and portability
12
. NIST Special Publication 500-
291, NIST Cloud Computing Roadmap, presents these standards in the context of the NIST
Cloud Computing Reference Architecture using the NIST taxonomy in NIST Special Publication
500-292, NIST Cloud Computing Reference Architecture.
When procuring cloud solutions, it is important for Federal agencies to understand:
1. How vendor solutions and agency roles map to the NIST Reference Architecture; and
2. The role of Federal agencies in the use of cloud computing standards.
Reference Architecture
Understanding the roles and responsibilities among all actors deploying a cloud solution is
critical to successful implementations. The NIST Reference Architecture describes five major
actors with their roles and responsibilities using the newly developed Cloud Computing
Taxonomy. The five major participating actors are: (1) Cloud Consumer; (2) Cloud Provider; (3)
Cloud Broker; (4) Cloud Auditor; and (5) Cloud Carrier
13
.
These core actors have key roles in the realm of cloud computing. For example, an agency or
department normally functions as a Cloud Consumer that acquires and uses cloud products and
services. The purveyor of products and services is the Cloud Provider
14
. A Cloud Broker may act
as the intermediate between Cloud Consumer and Cloud Provider to help Consumers through
the complexity of cloud service offerings and may also offer value-added cloud services. A
Cloud Auditor provides a valuable function for the government by conducting the independent
performance and security monitoring of cloud services. A Cloud Carrier is an organization who
has the responsibility of transferring the data, akin to the power distributor for the electric grid.
In order to fully delineate the roles and responsibilities of all parties in a cloud computing
contract, Federal agencies should align all actors with NIST Reference Architecture.
12 Special Publication 500-291, NIST Cloud Computing Standards Roadmap, lists relevant standards for
security (see Table 5), interoperability (see Table 6), and portability (see Table 7).
13 For more information relating to the definitions and roles and responsibilities of the five major actors
described above, please reference NIST Special Publication 500-292, NIST Cloud Computing Reference
Architecture.
14 Because of the possible service offerings (Software, Platform or Infrastructure) allowed for by the Cloud
Provider, the level of responsibilities related to some aspects of the scope of control, security, and
configuration need to be re-evaluated when procuring cloud services.
[ 11 ]
Agency Roles in the Use of Cloud Computing Standards
There are several means by which agencies can ensure the availability of technically sound and
timely standards to support their missions.
1. Standards specification: In accordance with Office of Management and Budget (OMB)
Circular A-119, Federal Participation in the Development and Use of Voluntary
Consensus Standards and in Conformity Assessment Activities, agencies should specify
relevant voluntary consensus standards in their procurements. The NIST Standards.gov
website includes a useful list of questions that agencies should consider before selecting
standards for agency use
15
.
2. Standards requirements: Federal agencies should contribute clear and comprehensive
mission requirements to help support the definition of performance-based cloud
computing standards by the private sector
16
.
Federal agencies should request that cloud service providers categorize their services using the
NIST Cloud Computing Reference Architecture. This can be accomplished by the vendor’s
“mapping” of services to the reference architecture, and presenting this “mapping” along with
the vendor’s customized marketing and technical information. The reference architecture
mapping provides a common and consistent frame of reference to compare vendor offerings
when evaluating and procuring cloud services.
Internet Protocol v6
In support of IPv6, the Civilian Agency Acquisition Council and the Defense Acquisition
Regulations Council issued a final rule in December 2009 amending the Federal Acquisition
Regulation (FAR) to require all new information technology acquisitions using Internet Protocol
(IP) to include IPv6 requirements expressed using the USGv6 Profile and to require vendors to
document their compliance with those requirements through the USGv6 Testing Program.
Accordingly, agencies shall institute processes to include language in solicitations and contracts,
where applicable.
17
Security
Placing agency data on an information system involves risk, so it is critical for Federal agencies
to ensure that the IT environment in which they are storing and accessing data is secure. As
such, all IT systems used by Federal agencies must meet the requirements of the Federal
Information Security and Management Act (FISMA) and related agency-specific policies. FISMA
requires that all systems undergo a formal security authorization which details the
15 See: http://standards.gov/egov-analysis-private-sector-standards.cfm.
16 Agencies should participate in the cloud computing standards development process. Agency support for
concurrent development of conformity and interoperability assessment schemes will help to accelerate the
development and use of technically sound cloud computing standards and standards-based products,
processes, and services.
17 For a summary of the relevant FAR amendments, refer to http://edocket.access.gpo.gov/2009/pdf/E9-
28931 . To review these amendments in their full context, refer to
https://www.acquisition.gov/far/index.html.
[ 12 ]
implementation and continuous monitoring of security controls CSPs must maintain. After the
CSP’s environment has gone through a security authorization, a Federal agency must review the
risks posed by placing Federal data in that system, and if this risk level is acceptable, the agency
may grant an authority to operate (ATO).
FedRAMP
On December 8, 2011, OMB released a policy memo addressing the security authorization
process for cloud computing services. Specifically, this memo requires all Federal agencies to
use the Federal Risk and Authorization Management Program (FedRAMP) when procuring and
subsequently authorizing cloud computing solutions. Specifically, each agency must:
1. Use FedRAMP when authorizing cloud services;
2. Use the FedRAMP process and security requirements as a baseline for authorizing cloud
services;
3. Require CSPs to comply with FedRAMP security requirements;
4. Establish a continuous monitoring program for cloud services;
5. Ensure that maintenance of FedRAMP security authorization requirements is addressed
contractually;
6. Require that CSPs route their traffic through a Trusted Internet Connection (TIC); and
7. Provide an annual list of all systems that do not meet FedRAMP requirements to OMB.
FedRAMP will assist agencies to acquire, authorize and consume cloud services by adequately
addressing security from a baseline perspective. FedRAMP will allow Federal agencies to
coordinate assessment and authorization activities from the first step in authorizing cloud
services to the ongoing assessment of the risk posture of a cloud service provider’s
environment. However, FISMA requires that Federal agencies authorize and accept the risk for
placing Federal data in an IT system. Consistent with existing law, agencies will maintain this
responsibility within FedRAMP. However, FedRAMP will standardize and streamline the
processes agencies use to accomplish assessment and authorization activities, saving time and
money.
When Federal agencies consider implementing a cloud computing solution, there are seven key
security areas they need to address: clear security authorization requirements, continuous
monitoring, incident response, key escrow, forensics, two-factor authentication with HSPD-12,
and auditing.
Clear Security Authorization Requirements
Because of the variability in risk postures amongst different CSP environments and differing
agency mission and needs, the determination of the appropriate levels of security vary across
Federal agencies and across CSP environments. Federal agencies must evaluate the type of
[ 13 ]
Federal data they will be placing into a CSP environment and categorize their security needs
accordingly
18
.
Based on the level of security that a Federal agency determines a CSP environment must meet,
the agency then must determine which security controls a CSP will implement within the cloud
environment based on NIST Special Publication 800-53 (as revised) and agency-specific policies.
Within this framework, Federal agencies need to explicitly state not only the security impact
level of the system (i.e., the CSP environment must meet FISMA high, moderate, or low impact
level), but agencies must also specify the security controls associated with the impact level the
CSP must meet.
In order for Federal agencies to adequately provide clear security authorization requirements,
they must:
Analyze the type of Federal data to be placed in the cloud and categorize the data
according to Federal Information Processing Standard (FIPS) 199 and 200; and
Include contractual provisions with CSPs that specify not only what security impact level
a CSP environment must meet, but also what specific security controls must be
implemented to ensure a CSP environment meets the security needs of the agency.
Continuous Monitoring
19
After Federal agencies complete a security authorization of a system based on clear and
defined security authorization requirements detailing the security controls a CSP must
implement on their system, Federal agencies must continue to ensure a CSP environment
maintains an acceptable level of risk. In order to do this, Federal agencies should work with
CSPs to implement a continuous monitoring program
20
. Continuous monitoring programs are
designed to ensure that the level of security through a CSP’s initial security authorization is
maintained while Federal data resides within a CSP’s environment.
Continuous monitoring programs must be developed in accordance with the NIST Publication
800-137 framework and Department of Homeland Security (DHS) guidance, detailed
contractually, and must at a minimum address updates to the authorization based on any
significant changes to a CSP environment, address new FISMA requirements, and provide
updates to control implementations on a basis frequent enough to make on-going risk based
decisions. By implementing an effective continuous monitoring program, Federal agencies
ensure they have the proper view into a CSP environment. This allows Federal agencies to
provide for the ongoing security and continued use of a CSP environment at an acceptable level
of risk.
18 Agencies should refer to NIST FIPS 199 and 200 when categorizing the security level of the information
systems they use to store Federal data.
19 See NIST Publication 800-137 and NIST Special Publication 800-53.
20 See DHS’ National Cyber Security Division memo: “FY 2011 Chief Information Officer Federal Information
Security Management Act Reporting Metrics.”
[ 14 ]
In order to effectively implement a continuous monitoring program, Federal agencies
should:
Fully understand the risks associated with a CSP environment when granting an ATO for
use with Federal data;
Work with CSPs to develop and implement a continuous monitoring program to ensure
the level of security provided during the initial security authorization is maintained while
Federal data resides within the CSP environment;
Ensure that CSPs update their continuous monitoring program (and possibly security
authorization) whenever significant changes occur to a CSP environment;
Ensure that CSPs address all FISMA requirements as they are updated; and
Ensure the CSP’s continuous monitoring program is designed in accordance with the
NIST framework and DHS guidance and provides updates with a frequency sufficient to
make ongoing risk-based decisions on whether to continue to place Federal data in a
CSP environment.
Incident Response
Incident response refers to activities addressing breaches of systems, leaks/spillage of data, and
unauthorized access to data. Federal agencies need to work with CSPs to ensure CSPs employ
satisfactory incident response plans and have clear procedures regarding how the CSP responds
to incidents as specified in Federal agencies’ Computer Security Incident Handling guides.
Federal agencies must ensure that contracts with CSPs include CSP liability for data security. A
Federal agency’s ability to effectively monitor for incidents and threats requires working with
CSPs to ensure compliance with all data security standards, laws, initiatives, and policies
including FISMA, the Trusted Internet Connection (TIC) Initiative, ISO 27001, NIST standards,
and agency specific policies. By doing this, Federal agencies will be able to adhere to DHS U.S.
Computer Emergency Readiness Team (U.S. CERT) guidance on incident response and threat
notifications and work with the U.S. CERT to stay aware of changes in risk postures to CSP
environments.
Generally, CSPs take ownership of their environment but not the data placed in their
environment. As a best practice, cloud contracts should not permit a CSP to deny responsibility
if there is a data breach within its environment. Federal agencies should make explicit in cloud
computing contracts that CSPs indemnify Federal agencies if a breach should occur and the CSP
should be required to provide adequate capital and/or insurance to support their indemnity. In
instances where expected standards are not met, then the CSP must be required to assume the
liability if an incident occurs directly related to the lack of compliance. In all instances, it is vital
for Federal agencies to practice vigilant oversight.
When incidents do occur, CSPs should be held accountable for incident responsiveness to
security breaches and for maintaining the level of security required by the government. Federal
agencies should work with CSPs to define an acceptable time period for the CSP to mitigate and
re-secure the system.
[ 15 ]
At a minimum, Federal agencies should ensure when implementing an incident response policy
that:
They contractually ensure CSPs comply with the Federal agency’s Computer Security
Incident Handling guides; and
CSPs must be accountable for incident responsiveness, including providing specific time
frames for restoration of secure services in the event of an incident.
Key Escrow
Key escrow (also known as a fair cryptosystem or key management) is an arrangement in which
the keys needed to decrypt encrypted data are held in escrow so that, under certain
circumstances, an authorized third-party may gain access to those keys. Procedural and
regulatory regimes in environments where the Federal agencies own the systems storing and
transporting encrypted data are fairly well settled. These regimes, however, become
increasingly complex when inserted into a cloud environment.
Federal agencies should carefully evaluate CSP solutions to understand completely how a CSP
fully does key management to include how the key’s encrypted data are escrowed and what
terms and conditions of escrow apply to accessing encrypted data.
Forensics
When Federal agencies use a CSP environment, the agency should ensure that a CSP only
makes changes to the environment on pre-agreed upon terms and conditions; or as required by
the Federal agency to defend against an actual or potential incident. Federal agencies should
require CSPs to allow forensic investigations for both criminal and non-criminal purposes, and
these investigations should be able to be conducted without affecting data integrity and
without interference from the CSP. In addition, CSPs should only be allowed to make changes to
the cloud environment under specific standard operating procedures agreed to by the CSP and
Federal agency in the contract. As a best practice, cloud systems should include the Federal
banner language so that users are aware that the site is monitored and could be subject to
forensic investigations.
To ensure that Federal agencies are able to properly do forensics in a CSP environment, they
should:
Determine who will conduct forensics on a CSP environment;
Ensure appropriate forensic tools can reach all devices based on an approved timetable;
and
Ensure CSPs only install forensic or software with the permission of the Federal agency.
Two-Factor Authentication using HSPD-12
When Federal agencies use cloud services where authentication, encryption, and digital
signatures services are provided, they are required to use two-factor authentication based on
[ 16 ]
standard technologies
21
through the use of Personal Identity Verification (PIV) cards. The PIV
cards must be compliant with Homeland Security Presidential Directive 12 (HSPD-12) which
mandates a Federal standard for secure and reliable forms of identification.
Two-factor authentication to gain access to a CSP environment using HSPD-12 provides various
benefits that add heightened security to agency use of cloud services. These benefits include
(but are not limited to):
Digital signature, encryption, and archiving of data;
High trust in identity credentials;
High confidence in an asserted identity when logging onto government networks from
remote locations; and
Use of a single authentication token for access to CSP environments.
When two-factor authentication is needed for cloud services, agencies are advised to include
contract language requiring CSPs to use HSPD-12 compliant PIV cards. Such language would
supplement the existing FAR requirements related to using the PIV card for contractor access.
Audit
FISMA requires Federal agencies to preserve audit logs
22
. Federal agencies must work with CSPs
to ensure audit logs of a CSP environment are preserved with the same standards as is required
by Federal agencies. Federal agencies must outline which CSP personnel have access to audit
logs prior to placing Federal data in the CSP environment. All CSP personnel who have access to
the audit logs must have the proper clearances as required by the Federal agency.
Some key considerations for Federal agencies to focus on when ensuring that CSPs maintain
audit logs to meet FISMA requirements:
All audit/transaction files should be made available to authorized personnel in read only
mode;
Audit transaction records should never be modified or deleted;
Access to online audit logs should be strictly controlled. Only authorized users may be
allowed to access audit transaction files; and
Audit/transaction records should be backed up and stored safely off site per agency
direction.
Privacy
23
Federal agencies have a duty to recognize and consider the privacy rights of individuals as well
as identify and address potential privacy risks and responsibilities that result from any data they
place in a cloud computing environment. Federal agencies and employees can be subject to
both criminal and civil penalties for misuse and erroneous disclosures of data that contains
21 Such as Security Assertion Markup Language 2.0 (SAML 2.0).
22 See NIST Special Publication 800-53.
23 The agency’s Chief Privacy Officer, Senior Agency Official for Privacy, or other privacy staff will be a
valuable resource in conducting this analysis.
[ 17 ]
protected information, even when this data is in a CSP environment. Personal information, and
specifically Personally Identifiable Information (PII), can relate to information about Federal
agency employees, other internal users, and a broad array of individual members of the public
and can be found in email, agency reports, memos, or even web pages
24
. Federal agencies
should consult their legal counsel and privacy offices to obtain advice and guidance on
particular laws and regulations when data they place in a CSP environment will contain PII.
Five areas identified as key factors for Agencies to consider when PII is or could be a part of the
data moved to the cloud environment are: compliance with the Privacy Act of 1974 and related
PII requirements, privacy impact assessments (PIAs), privacy training, data location, and how a
CSP responds to a breach. How a CSP addresses privacy concerns within their environment may
impact the overall price and technical structure for a proposed solution, so Federal agencies are
advised to gather privacy requirements as early as possible in order to fully understand how a
CSP will enable an agency to maintain its duty to protect PII.
Compliance with the Privacy Act of 1974 and Related PII Requirements
The first step a Federal agency must take when outsourcing any information system, including
cloud computing solutions, is to determine if the Privacy Act of 1974 (“The Privacy Act”), as
amended,
25
applies to the data that will be stored or processed. The Privacy Act establishes a
wide range of privacy protection for covered Federal records in which information about an
individual is retrieved by name or other personal identifier
26
. Subsection (m) of the Act makes
the Act applicable to any systems of records
27
operated by a government contractor, including
a CSP that operates a system of records containing such data
28
. CSPs and Federal agencies
should be mindful that there are both civil and criminal implications whenever the Federal
agency or the contractor knowingly and willfully acts or fails to act as described in the Act
29
. If a
system operated by a CSP is covered by the Privacy Act, Federal agencies must ensure that CSPs
understand the applicable requirements, and that contracting officers include the specific
clauses required by the FAR in the solicitations and contracts for such cloud services
30
.
24 Under OMB guidance, PII is broadly defined as “information which can be used to distinguish or trace an
individual’s identity, such as their name, social security number, biometric records, etc. alone or when
combined with other personal or identifying information which is linked or linkable to a specific individual,
such as date and place of birth, mother’s maiden name, etc.” Available at
http://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2007/m07-16 .
25 5 U.S.C. § 552a.
26 Id. at § 552a(a)(4)-(5).
27 Id. at § 552a(a)(5).
28 5 U.S.C. § 552a(m)(1). For guidance concerning this provision, see OMB Guidelines, 40 Fed. Reg. 28,948,
28,951, 28,975-76, (July 9, 1975), available at
http://www.whitehouse.gov/sites/default/files/omb/assets/omb/inforeg/implementation_guidelines .
29 When a CSP is determined to be a subsection (m) contractor, the records being handled by the CSP must
not only comply with the Privacy Act’s requirements, but the CSP will also be subject to the criminal penalties
provision of the Act.
30 See FAR Subpart 24-1, Protection of Individual Privacy; FAR 52.224-1 – 52.224-2 (2010).
[ 18 ]
When the Privacy Act applies to data Federal agencies will place in a CSP environment, the
following are some key actions to consider:
Determine the extent to which the Privacy Act will apply to data about individuals that
will be maintained by the CSP solution, i.e., will any of that data be retrieved by name or
other personal identifier?
31
;
Ensure that, before the system is operated, the Federal agency has published or
amended the applicable system of records notice(s) (SORN(s)) that covers the records in
the Federal Register, and that the SORN includes all necessary routine uses,
32
including a
routine use that will permit disclosure of the records to the CSP for maintenance,
storage, or any other CSP-provided service or use;
Consider how the Federal agency and/or the CSP will provide individuals with the right
to access and/or amend their records within a CSP environment, under the time frames
legally specified in the Privacy Act
33
;
Determine how the Federal agency and/or the CSP will provide individuals with the
required statement of authority, purpose, etc., in a CSP environment, if the CSP solution
will be used to collect information from individuals;
Ensure the CSP can either meet or is contractually obligated to assist the Agency in
meeting all other requirements of the Privacy Act (e.g. maintenance requirements,
protecting against unauthorized disclosure, developing and maintaining an accounting
of disclosures from any Privacy Act system operated by the CSP); and
Ensure that the contract or other appropriate documentation clearly defines agency and
CSP roles and responsibilities, including responsibilities in the event of any request for
disclosure, subpoena, or other judicial process seeking access to records subject to the
Privacy Act.
Furthermore, Federal agencies and CSPs must exercise care whenever they are handling any
type of PII on behalf of a Federal agency, regardless of Privacy Act coverage
34
. PII includes all
information about an individual and because that information may be used in unanticipated
ways leading to harm and embarrassment, PII must be appropriately protected. Handling
sensitive PII requires the agency and CSP to take even greater care because of the increased risk
of harm to an individual if the sensitive PII is compromised. Sensitive PII may generally be
thought of as PII, which if lost, compromised, or disclosed without authorization, could result in
31 It is possible that moving data to a CSP will provide the Agency with a new or different method of
organizing and retrieving records that will change whether the Privacy Act applies. For example, prior to
moving data to the CSP, the agency may have retrieved records sequentially, and will instead under the CSP
solution retrieve them by name or other identifier that would trigger the Privacy Act.
32 5 U.S.C. § 552a(a)(7) states “the term ‘routine use’ means, with respect to the disclosure of a record, the use
of such record for a purpose which is compatible for the purpose it was collected.”
33 5 U.S.C. § 552a(d), (f).
34 The Privacy Act requires Federal agencies and contractors to have adequate safeguards and procedures for
any systems of records subject to that Act. 5 U.S.C. § 552a(e)(10). This requirement is consistent with the
requirement in FISMA that Agencies have system security plans for all Federal information systems, as
discussed elsewhere in this document.
[ 19 ]
substantial harm, embarrassment, inconvenience, or unfairness to an individual. Further, the
context and combination in which PII is used or located may also determine whether PII may be
deemed sensitive, such as a list of employee names with poor performance ratings or a list of
individuals with sub-standard credit ratings. Federal agencies and CSPs must, as appropriate,
contractually document how sensitive PII will be secured by a CSP. Aspects of that agreement
should discuss the following key areas:
Federal agencies must assess all categories of PII they might place in a CSP
environment;
35
Collection of sensitive PII must be authorized by Federal agencies;
Federal agencies should limit, to the maximum extent possible, the collection of
sensitive PII;
Federal agency and CSP copying or proliferating of sensitive PII should be restricted to
the maximum extent possible; and
How a CSP ensures the constant security of sensitive PII should be clearly defined.
Privacy Impact Assessments (PIA)
The PIA process helps ensure that Federal agencies evaluate and consider how they will
mitigate privacy risks, and comply with applicable privacy laws and regulations governing an
individual’s privacy, to ensure confidentiality, integrity, and availability of an individual’s
personal information at every stage of development and operation. Section 208 of the E-
Government Act of 2002
36
requires PIAs when an agency proposes “new uses of an existing IT
system, including application of new technologies [that] significantly change how information in
identifiable form is managed in the system.”
37
Typically, Federal agencies conduct a PIA during
the security authorization process for IT systems before operating a new system and update as
required by FISMA. A PIA must be made publicly available, usually on the agency’s web site.
When a Federal agency places any data in an information system, and in particular a cloud
computing environment, the agency must complete a privacy threshold analysis and, if
warranted, a PIA. Because CSPs may have different approaches for backup, disaster recovery,
disposal, authentication, access control, and server locations, Federal agencies must fully
35 This should include an assessment of whether the records contain any category of PII with unique statutory
or regulatory protection in addition to the Privacy Act, such as, but not limited to, those records like protected
health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule
(45 C.F.R. Parts 160 and 164 (2010)), tax information protected by the Internal Revenue Code (26 U.S.C. §
6103, et seq.) certain educational records protected by the Family Education Rights and Privacy Act (20 U.S.C.
§ 1232g), and Census records (13 U.S.C. § 9). Obligations under these authorities may limit the options
available for cloud deployments.
36 PIAs are required under section 208 of the E-Government Act of 2002. See Public Law 107-347, codified at
44 U.S.C. § 101, et seq.
37 See OMB Memorandum M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-
Government Act of 2002 (Sept. 26, 2003), available at http://www.whitehouse.gov/omb/memoranda_m03-
22/. This requirement also applies to any electronic information collection activity (e.g. online form,
questionnaire, or survey to ten or more persons) subject to OMB review and clearance under the Paperwork
Reduction Act.
[ 20 ]
understand a CSP environment and any third party tools used to develop them in order to
properly conduct a PIA. Some of the normal PIA considerations to include are:
What information will be collected and put into the CSP environment;
Why the information is being collected;
Intended use of the information;
With whom the information might be shared (either by the Federal agency or CSP);
Whether individuals will be notified that their information will be maintained in a CSP
environment and what opportunities individuals have to decline to provide information
that will be maintained in a CSP environment;
What ability individuals have to consent to particular uses of the information, and how
individuals can grant consent;
How the Federal agency and CSP will secure information in the cloud; and
Whether the Federal agency is creating a system of records under the Privacy Act (see
above).
In addition, a cloud computing PIA should focus specific attention on:
The physical location of the data maintained by the CSP;
The retention policies that apply to the data maintained in a CSP environment;
The mechanism by which a Federal agency maintains control over Federal data (e.g. by
contractual provisions, non-disclosure agreements) that is maintained by CSPs; and
The means by which the CSP will terminate storage and delete data at the end of the
contract or project lifecycle.
Privacy Training
When Federal agencies place PII in cloud computing environments, they still maintain the duty
to protect the data as if the data was stored on internal government environments
38
. Federal
agencies must ensure that CSPs are aware of the criteria the agency uses to identify certain
data elements as PII, as well as the controls, safeguards, and training the agency expects the
CSP to maintain, on its behalf, over the collection, use, retention, and disposal of PII.
If a Federal agency places PII in a CSP environment, Federal agencies must provide information
privacy training and awareness to CSP personnel in accordance with FISMA, the Privacy Act, and
existing policy
39
. This includes general awareness and job-specific training for those who work
with PII. FISMA does not make a distinction between CSP personnel and Federal agency
employees who work with Federal data. As noted above, the Privacy Act, which also requires
training, extends to contractors operating systems of records about individuals. In addition
under FISMA, Federal agencies must prepare and make available to CSP personnel a training
module, electronic or hardcopy, addressing the criteria the agency uses for determining how
38 See, e.g. 5 U.S.C. § 552a(m).
39 44 U.S.C. § 3541, et seq.
[ 21 ]
data is classified as PII or sensitive PII
40
. Further, the training must include information on
Federal privacy laws, regulations, policies, and penalties for inappropriate access and
disclosure. Pertinent CSP personnel must be required to acknowledge their completion of the
training module at the inception of the agreement, and on a periodic (typically annually) basis
thereafter. The overarching objective is for anyone who has access to Federal data to
understand their role in identifying and safeguarding personal information.
Key considerations for training include:
Negotiating and allocating responsibility and costs of training (i.e. whether the Agency
and/or the CSP will administer it and who will pay for it);
Which CSP personnel shall be required to have training;
What training shall be required, depending on the category of personnel to be trained;
How often training shall be conducted (e.g. annually, quarterly, upon assignment to or
employment under the contract); and
What testing or other verification of training must be required.
Data Location
Many CSP environments involve the storage of data across multiple facilities, often across the
globe. Where Federal data resides changes a Federal agency’s applicable legal rights,
expectations, and privileges based on the laws of the country where the data is located. Federal
agencies need to first consider the type of data they plan to place in a cloud environment, and
then the laws and policies of the country where the cloud providers’ servers are located in
order to fully understand who may have access to this data, as well as what ability a Federal
agency has to retrieve privacy data as required by Federal law.
Almost every country has different standards and laws for handling personal information that
CSPs must meet if they maintain facilities within their borders. Some countries allow persons
with rights of access to personal information that may not directly align with the legal
framework in the United States
41
. Other countries may permit law enforcement to request
more data from cloud providers than within the United States. It may not be clear how the
privacy laws and protections apply in these situations. In any situation where a CSP
environment goes outside of U.S. territories, there is a potential for conflict of law; and Federal
40 See OMB Memorandum M-10-15, FY 2010 Reporting Instructions for the Federal Information Security
Management Act and Agency Privacy Management (Apr. 21, 2010), available at:
http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda_2010/m10-15 .
41 See generally Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement of such
data, available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML.
See also The Personal Information Protection and Electronic Documents Act (Canada), available at
http://www.priv.gc.ca/leg_c/leg_c_p_e.cfm.
[ 22 ]
agencies must take sufficient time to proactively consult with legal counsel about the possible
ramifications
42
.
Under the Privacy Act, Federal agencies must be able to inform individuals, in the applicable
SORN, where their data is being maintained, which can be complicated in a CSP environment
43
.
The storage of Privacy Act records in non-U.S. facilities potentially subject to foreign law could
also potentially affect the CSP’s ability to secure such records adequately from access by
unauthorized individuals, or to make such records readily available to the Agency or the
individuals who have a right to review or amend their records under the Act
44
. The location of
this data may also alter the privacy risks, and how the Agency describes and mitigates those
risks in its PIA,
45
what privacy training the agency would provide, and how the agency and/or
CSP will respond to breach incidents
46
.
Before signing a cloud computing contract, a Federal agency should take care to understand the
CSP environment and where Federal data might reside. Some key things to consider include:
Ensure the contract clearly defines the specific requirements for data in motion and
data at rest (including the location of data servers and redundant servers);
Fully incorporate the security controls as articulated in NIST Guidance in the agreement
and understand how CSPs will implement those controls;
47
and
Contractually define a procedure for what CSPs must do in the event of any request for
disclosure, subpoena, or other judicial process from outside the United States seeking
access to agency data.
Breach Response
When placing Federal data that contains PII in a CSP environment, Federal agencies need to be
aware of issues related to data loss incidents or breaches that are specific to the CSP
environment. Federal agencies have longstanding specific requirements related to reporting
and responding to incidents of possible or confirmed exposure of PII, no matter how a Federal
42 In addition, other Federal agencies may have negotiated arrangements on behalf of the United States with
other countries or international organizations such as the EU or the Asia Pacific Economic Cooperation
(APEC) that may help resolve some of these difficult issues. For example, the Department of Commerce,
International Trade Administration has negotiated Safe Harbor agreements with the European Union and
Switzerland with respect to cross border data flows that may serve as a model for future agreements.
http://export.gov/SafeHarbor/.
43 5 U.S.C. § 552a(e)(4)(A).
44 For example, the release of data by a CSP complying with the laws of a foreign jurisdiction to foreign law
enforcement or other entity may result in unintended consequences for the agency and CSP.
45 See OMB Memorandum M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-
Government Act of 2002 (Sept. 26, 2003), available at http://www.whitehouse.gov/omb/memoranda_m03-
22/ for a discussion of privacy impact assessments.
46 As with all contract requirements, requirements dealing with location of a CSP and its facilities should not
be arbitrary and based on unfounded and poorly defined terms; they should be precise, well-defined, and
based on a clear rationale.
47 See generally NIST Special Publication 800-53.
[ 23 ]
agency becomes aware of the breach
48
. This response and possible notification cannot be
delayed while the legal responsibility for the breach is determined. However, existing agency
breach response and notification policies, plans, and resources require evaluation and
modification to adequately address the new relationship between Federal agencies and CSPs.
Federal agencies need to ensure that they can expand their breach policies and plans as
required to ensure compliance with existing requirements for response. These policies must
specify which parties are responsible for the cost and containment or mitigation of harm and
for notifying affected individuals where required, as well as provide for instruction and
requirements on terminating storage and deleting data upon expiration of the agreement, or
agreement term and extension options
49
. Finally, any change to a breach policy is dependent on
the agency privacy office being fully informed of the contractual and other responsibilities of
the CSP and Federal agency in the event of incidents or breaches.
In order for a Federal agency to adequately respond to an incident or breach, the following are
key factors to consider in a cloud
computing contract:
Ensure that an agency’s breach policies and plans adequately address the new
relationship between the Federal agency and CSP, including the assignment of specific
roles and tasks between the agency and the CSP, even before determination of ultimate
responsibility in the case of a data breach;
Establish clear contractual duties and liability of the CSP for timely breach reporting,
mitigation (i.e., administrative, technical, or physical measures to contain or remedy the
breach), and costs, if any, of providing notice, credit monitoring, or other appropriate
relief to affected individuals as appropriate under the circumstances;
Address when the termination of services, and assertion of the Government’s rights of
ownership, custody, transfer (return) or deletion of any data stored in a CSP
environment will be invoked by the agency as a remedy for a breach; and
Ensure that there are appropriate audit rights to permit compliance reviews under
applicable laws to allow the Federal agency to meet its duty as the data owner.
E-Discovery
50
Federal agencies will always be involved in litigation, whether it is employment litigation,
contract disputes, policy defense, statute enforcement, or other legal actions. Federal agency
data will always be a necessary component of litigation. Even now, IT resources are called upon
to assist in responding to necessary litigation requests. Given the inevitability of agency
litigation and the great potential costs and benefits of moving data to a CSP environment,
48 See OMB Memorandum 06-19, Reporting Incidents Involving Personally Identifiable Information and
Incorporating the Cost for Security in Agency Information Technology Investments (July 12, 2006),
http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-19 ; OMB Memorandum 07-16,
Safeguarding Against and Responding to the Breach of Personally Identifiable Information (May 22, 2007),
http://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2007/m07-16 ; and NIST Special
Publication 800-61, Computer Security Incident Handling Guide (Jan. 2004),
http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1 .
49 When applicable this could include funding for identity protection/credit monitoring services. See id.
50 The agency’s e-discovery counsel or office will be a valuable resource in assisting in this analysis.
[ 24 ]
agencies must proactively plan for how to manage agency data in the cloud for litigation (both
in preparing for and responding to legal requests).
In civil litigation, parties are permitted to request hardcopy documents or electronically stored
information (ESI) from the opposing party that is relevant to any parties’ claim or defense
51
.
This is part of the “discovery” process permitted under court rules and case law. Electronic
discovery (e-discovery) is the process of locating, preserving, collecting, processing, reviewing,
and producing ESI in the context of civil litigation or investigation
52
. The legal basis for e-
discovery can be found both in established rules of civil procedure
53
and in court decisions.
Current case law requires that certain e-discovery steps be taken not only when litigation has
commenced but when it is reasonably anticipated
54
.
In contrast to traditional discovery of hardcopy documents, e-discovery has the potential to be
vastly more expensive due to the sheer volume of ESI that Federal agencies generate and are
required to maintain. Without proper pre-litigation preparation and discovery planning, the
costs to Federal agencies for establishing compliance with discovery obligations can be
exceedingly high. These costs result from not only the inefficient use of agency IT and legal
resources to preserve, search, collect, and produce ESI, but may result from court sanctions for
noncompliance with e-discovery obligations. For example, the court in In Re Fannie Mae
Securities, held an agency in contempt for failing to meet discovery deadlines even though the
agency had already spent $6 million (9% of its total budget) on discovery
55
. Costs are also
incurred if the court requires Federal agencies to redo discovery processes not properly
conducted initially. Courts also have the power to sanction individuals – including counsel and
in-house personnel – for discovery failures. At least one Federal court has noted that the United
States “should take this duty more seriously than any other litigant.”
56
Forethought, therefore,
should be given to how data will be managed in a CSP environment, as agency data plays a
central role in litigation.
When a Federal agency places Federal data in a CSP environment, it remains responsible for
complying with legal requirements, including those relating to discovery. Federal agencies will
51 See generally Federal Rules of Civil Procedure 26(b) and 34(a).
52 See The Sedona Conference Glossary
(http://www.thesedonaconference.org/content/miscFiles/TSCGlossary_12_07 ) and the EDRM model
(www.edrm.net). The Sedona Conference Glossary also contains many helpful definitions of common e-
discovery terms and concepts (both legal and technical).
53 See e.g. Federal Rules of Civil Procedure: Rule 16 (Agreements/Scheduling Order); Rule 26(f) (Meet &
Confer re ESI); Rule 26 (b)(2) (Inaccessible ESI); Rule 33 (ESI Interrogatories); Rule 34(a) (ESI New
Category); and Rule 34(b) (Form ESI).
54 See e.g. Micron Tech., Inc. v. Rambus Inc., 2011 WL 1815975 (Fed. Cir. May 13, 2011) (“the proper standard
for determining when the duty to preserve documents attaches is the flexible one of reasonably foreseeable
litigation….”); Zubulake v. UBS Warburg, 220 F.R.D. 212 (S.D.N.Y. 2003) (“Zubulake IV”) (at the very start of a
case or when litigation is reasonably anticipated, a litigation hold must be issued to prevent the spoliation of
potential evidence).
55 In Re Fannie Mae Securities, 552 F.3d 814 (D.C. Cir. 2009); see also Moore v. Napolitano, 2010 WL 2780914
(D.D.C. July 15, 2010) (upholding sanctions).
56 See United Medical Supply Co., Inc. v. U.S., 77 Fed. Cl. 257 (Ct. Fed. Cl. 2007).
[ 25 ]
have to locate, preserve, collect, process, review, and produce ESI that resides in CSP
environments.
Five key e-discovery areas have been identified for Federal agencies to consider when
implementing cloud solutions: information management, locating relevant documents,
preservation of data, movement of documents, and potential cost avoidance through the
incorporation of e-discovery tools in CSP environments.
Information Management in the Cloud
As with any information system, Federal agencies must be able to access and retrieve data in a
CSP environment in a timely fashion for normal work purposes as well as litigation, discovery,
and public access requests, including FOIA requests as discussed below. One consideration for
Federal agencies is determining who should have access to Federal data in a CSP environment.
A Federal agency must determine if it is appropriate for only the IT department or system
owner to have access or if other agency employees, such as legal counsel and records
managers, can access the data when needed without IT department involvement.
Another consideration is the possibility of third-party requests/demands (e.g. state or federal
court subpoenas) sent directly to the CSP (and related subcontractors) for agency ESI. Federal
agencies should ensure that the cloud agreement states that agency ESI in the cloud is owned
by the agency and not the CSP or subcontractors. The agreement should also provide for notice
to the Federal agency within a short period of time of any third-party request/demand for the
agencies’ data.
Further discussion of information management is found below in the FOIA and Records
sections, but two key considerations of Federal agencies regarding information management in
a CSP environment include:
Explicitly define data ownership and access protocols; expressly provide that ESI in the
CSP environment is owned by the Federal agency and no other entity; and
Clearly state that notice must be given to the Federal agency when and if a third-party
request or demand is made for agency data.
Locating Relevant Documents
A CSP’s ability to locate specific information is key for e-discovery because discovery hinges
upon the preservation, collection, and production of the relevant ESI. Cloud computing
contracts should specify the process, time, and cost for CSPs to act upon these Federal agency
requests. It is important that a CSP be able to document the process and specific timeframes
(within hours/days) needed in order to comply with ESI requests. Additionally, Federal agencies
should determine what costs are associated with a CSP locating and providing the relevant ESI
as well as any additional charges for unusually large or expedited requests.
In order to ensure that CSPs have the ability to locate specific ESI required in e-discovery,
Federal agencies should investigate specific software used for searching ESI in the cloud or
[ 26 ]
incorporate standards for searching and retrieving information into the cloud agreement. For
example, does a CSP have built-in features for e-discovery, so another software program does
not have to be procured? Or does the cloud service only allow access for search, preservation,
collection, and production by an external application, such as agency e-discovery application or
another cloud-based e-discovery service? A CSP should explicitly explain the functionality of any
e-discovery tool included with their cloud services.
Prior to signing a cloud computing contract, Federal agencies should ensure that their contract:
Details the process by which a CSP stores, searches, collects, and otherwise handles
Federal agency ESI;
Clarifies who (Federal agency or CSP) will pay for ESI requests/searches and how the
information will be identified;
Defines what abilities a CSP has to search and retrieve specific information by source;
Addresses potential data access issues or cross-border ESI transfer issues that may arise
from data located in other jurisdictions
57
;
Clearly identifies procedures in place for proper chain of custody. Ideally chain of
custody should be automated to eliminate erroneous access of data and to immediately
identify individuals accessing data; and
Identifies what access methods/protocols will be available for access by external
services/applications.
Preservation of Data in the Cloud
Litigation, or the prospect of litigation, requires Federal agencies to maintain data they may not
otherwise have to maintain. As such, Federal agencies must be able to halt the destruction of
agency data done in the normal course of business in a CSP environment when needed.
The process by which litigation holds are implemented in a CSP environment should be clearly
established by the Federal agency and CSP before procuring cloud services. Typical CSP ESI
recycling processes and procedures involve the destruction of vast amounts of data across the
entire cloud environment affecting more customers than just the Federal agency. Thus, a CSP
may not be able to suspend these retention procedures without affecting other unrelated
customers. Federal agencies should contractually ensure any requirements for data
preservation related to litigation holds are clearly understood and realized by CSPs.
Additionally, metadata associated with agency data should be preserved
58
. In some cases,
courts have sanctioned parties that did not produce metadata associated with their
documents
59
. Depending on the system configuration and cloud service, the original metadata
57 See generally “Data Location” on page 22.
58 Metadata has been defined by some as the electronically-stored information that describes the history,
tracking, or management of an electronic document. It is created automatically when a user creates, modifies,
accesses, or takes other actions with respect to an electronic document. Metadata may show prior edits,
editorial comments, author, file creation date, document access, or spreadsheet formulas. See Aguilar v. ICE,
255 F.R.D. 350, 354-55 (S.D.N.Y. 2008).
59 See, e.g. Bray & Gillespie Mgmt. LLC v. Lexington Ins. Co., 2009 WL 546429 (M.D. Fla. Mar. 4, 2009).
[ 27 ]
for ESI stored in the cloud may no longer technically exist. However, metadata can often assist
in establishing the authenticity of the data and may be needed for a variety of e-discovery
processing, review, or admissibility functions. Federal agencies should address this need with
CSPs in the contracting process and when developing the agreement.
Key considerations for Federal agencies regarding data preservation in a CSP environment
include:
Federal agencies and CSPs should clearly define what retention procedures control
agency data;
Federal agencies should address how litigation holds can be implemented in a CSP
environment upon direction from the Federal agency. Questions Federal agencies
should ask CSPs include:
Can litigation holds be implemented by limiting the scope by custodian, key word,
date, or a combination of these criteria?
How can a Federal agency verify that all the data is actually being held?
What additional cost will a Federal agency incur because of a litigation hold?
Once a hold is placed, how can a CSP change or modify the hold?
Does the CSP support multiple, simultaneous holds being in place? For example, a
single custodian may be involved in multiple cases each with differing hold
parameters.
Federal agencies should incorporate needs to preserve metadata into the contract and
information management procedures.
Moving Documents through the E-Discovery Process
Federal agencies may primarily focus on how data will be secured and stored in a CSP
environment; however, key e-discovery concerns focus on the need to export or prepare data
for production outside of a CSP environment. Federal agencies should proactively plan for the
full life-cycle of data which includes having to potentially transfer a subset of data out of the
cloud for litigation purposes. Federal agencies need to consider the means by which CSPs
provide for searching and de-duplicating documents prior to transferring data out of the CSP
environment and how data will be moved from the cloud to, for example, an e-discovery review
database. CSPs must also enable Federal agencies to export ESI from the cloud in specific
formats. The format of the data impacts not only litigation discovery strategies and
negotiations, but the cost of discovery. Federal agencies must ensure that they clearly establish
that the CSP can export and format the data in the agency’s manner of choice.
Eventually the data will be needed in court or other official proceeding. The agency should plan
ahead and make sure that the CSP will have forensic or litigation experts available to answer
questions and to sign affidavits regarding the data storage and retrieval process. The
authenticity of the data, (i.e. potential evidence), may still be raised when using data from a
cloud environment. A chain of custody log may be needed. In addition to having CSP experts
available, Federal agencies should discuss in advance whether CSP personnel will sign chain of
[ 28 ]
custody affidavits to demonstrate the integrity of a specific search or specific ESI when needed
for litigation purposes.
Key considerations for Federal agencies moving data through the e-discovery process include:
How the data will be moved out of the cloud and into the e-discovery process; and
Identification of the collection method and timing as well as who controls these actions
to minimize impact on litigation budgets and strategies.
Potential Cost Avoidance by Incorporating E-Discovery Tools into the Cloud
The high cost of litigation and e-discovery is well known
60
. Using e-discovery tools to streamline
search, collection, and processing could help Federal agencies avoid great cost in litigations,
congressional requests, investigations, and other types of data requests. Federal agencies
should inquire if there is an option or offering for e-discovery capabilities as part of the cloud
services provided. If the right e-discovery functionality and tools are incorporated into an
agency’s CSP environment, there may be a potential for additional and significant cost
avoidance and IT efficiencies.
Key considerations for Federal agencies for potential cost avoidance by incorporating e-
discovery tools into cloud services:
Federal agencies should explore the efficiencies of having e-discovery capabilities, such
as data search and collection, incorporated into the CSP solution being procured.
Federal agencies should evaluate the e-discovery resources needed when building
requirements for the cloud in order to comply with e-discovery obligations as well as
capitalize on the potential efficiencies and cost benefits of the CSP environment.
FOIA Access
61
As with the other topics discussed above, an agency’s obligations to comply with the FOIA
62
do
not change as an agency’s IT system moves to a CSP environment. The FOIA generally provides
that anyone may request agency records, including information that is maintained in electronic
form or in traditional paper files. Storing records in a cloud environment does not affect their
agency record status
63
. Agencies are required to produce information in any form or format
requested by the person if the record is readily reproducible by the agency in that format
64
.
60 In one case alone it cost ~$1 million to collect, process, review, and produce 1 terabyte of data. In a mid-
size case of ~350GB of ESI, for example, one agency spent approximately $140,000 for processing and had
agency attorneys review documents for 528 hours. Another agency, for a smaller case of 210GB, paid
~$42,000 just to have the data collected from 20 employees. It then took 400 labor hours of one agency
employee to search the material for production.
61 The agency’s Freedom of Information Act (FOIA) staff will be valuable resources in assisting in this analysis.
62 5 U.S.C. 552(b). See DOJ Office of Information Policy web page for general guidance, at
http://www.justice.gov/oip/oip-guidance.html.
63 The FOIA, as amended by the OPEN Government Act of 2007, specifically includes within the definition of
an agency record “any information . . . that is maintained for an agency by en entity under Government
contract, for the purposes of records management.” See 5 U.S.C. § 552(f)(2)(B) (2006 & Supp. III 2009).
64 5 U.S.C. 552(a)(3)(B).
[ 29 ]
Cloud solutions present possibilities for efficiencies in Federal agency abilities to do robust
enterprise searches for records responsive to FOIA requests. If a Federal agency uses a CSP
environment, an integrated centralized searching component would expand the ability to
locate, de-duplicate, and index responsive records. It could also save tremendous amounts of
time and reduce search and processing costs to requesters.
Conducting a Reasonable Search to Meet FOIA Obligations
Federal agencies must be able to access and retrieve data in a CSP environment in a timely and
efficient fashion because of judicially-enforceable statutory time limits that apply to agencies’
processing of FOIA requests. The Federal agencies may need to process large volumes of
information to respond. In order to ensure agencies have the ability to search and locate
specific ESI required for a given FOIA request, agencies should focus on search capabilities in
the cloud. This may include considering specific software or the methods used for searching, or
incorporating search and retrieval standards. Furthermore, agencies may consider whether a
CSP has the capability to de-duplicate, de-conflict, thread, and redact documents, in order to
prepare for production material that is potentially responsive to a FOIA request.
It is also possible that a CSP only allows cloud access for search, preservation, collection and
production by an external application or another cloud-based tool. A CSP should explain the
functionality of any ESI review tool included with their cloud services and how they can export
out of the CSP environment. A CSP should document the process and specific time needed in
order to comply with ESI searches – either those done by the agency or those done by CSP staff
at the agency’s request – in the event that such costs are passed on to FOIA requesters.
Records searches undertaken pursuant to FOIA requests are extensive and encompass a variety
of search methods which are employed based on the manner in which the agency (or agency
component) maintains its records and the nature of the information being requested. Those
searches may be conducted by a variety of agency personnel, depending on agency procedures,
including staff in a FOIA office or staff in a program office that are likely to have responsive
records. This search includes examining records custodians’ paper files, e-mails, and other
electronic files.
The search may also include examining records storage facilities. Furthermore, it is common for
a single FOIA request to require a search across the agency to identify all potentially responsive
material and this could implicate a variety of paper and electronic search methods. Given these
complexities, the result can be a large volume of files which must be de-duplicated, de-
conflicted, and indexed before an analysis regarding responsiveness to the FOIA request and
before an analysis for releasability under the FOIA, may be completed.
Finally, Federal agencies should consider whether cloud environments are searchable by the
end-user. Agencies should explore with the CSP, in advance of executing a contract, the need to
search for native active files and backup archives of the cloud system. In moving to the cloud,
[ 30 ]
agencies might lose the ability to search and retrieve, particularly in bulk, the native files or the
archives of those files.
Processing ESI Pursuant to FOIA
Given the time constraints and costs associated with processing FOIA requests, using tools to
make the FOIA process run more efficiently could help Federal agencies conserve financial
resources. Federal agencies should inquire if there is an option or offering for an information
review platform/database to be part of the cloud services provided that will help agency
personnel prepare records for review and release pursuant to a FOIA request.
Federal agencies need to consider how data will be moved from the cloud to the agency’s FOIA
processing system, if the agency’s infrastructure can host the data, and what means CSPs
provide for searching and de-duplicating documents prior to transferring data out of the CSP
environment. Cloud providers should enable Federal agencies to export ESI from the cloud on
demand in non-proprietary formats. The format of the data impacts not only the ability of the
agency to release information to a FOIA requester in their chosen format but the agency’s
ability to efficiently process the information.
If a FOIA request becomes the subject of litigation, the agency will need to provide specific
details regarding its records search and index the data for court proceedings. Agencies also
should consider how a CSP can provide an index of documents retrieved and/or processed in
the cloud environment, which may be needed to support agency declarations and court filings.
Tracking and Reporting Pursuant to FOIA
The reporting provisions of the FOIA statute require agencies to track and report annually on a
number of FOIA operations, including statistical information on the number of requests
received and processed, the disposition and processing time of those requests, and the backlog
and oldest requests pending at each agency. Similar information must be reported for appeals
of initial agency actions under FOIA. While most agencies already employ systems for FOIA
tracking, they should consider the ability of a CSP to allow for the logging and tracking of FOIA
requests, potentially providing a more scalable solution for the generation of FOIA statistics.
Federal Recordkeeping65
In November 2011, President Obama issued a Presidential Memorandum on “Managing
Government Records” that expressly referenced agencies “deploying cloud based services or
storage solutions” as part of their records management programs
66
.
65 Agency records officers will be valuable resources in assisting in this analysis.
66 The Presidential Memorandum directs the Archivist of the United States and the Director of OMB to issue a
Records Management Directive containing specific steps in reforming and improving agency records
management policies and practices. This Directive, when issued in mid-2012, will be informed by required
agency reports devoted in part to describing how agencies are “deploying cloud based services or storage
solutions.” http://www.whitehouse.gov/the-press-office/2011/11/28/presidential-memorandum-
managing-government-records.
[ 31 ]
An agency’s obligations to comply with the Federal Records Act (FRA)
67
do not change as an IT
system moves to a CSP environment. What does change is the way agencies can ensure that
they maintain control over the management of and access to records covered under the FRA,
including enforcing (through contractual provisions and otherwise) a fundamental
understanding on the part of CSPs regarding Federal agency obligations under these laws. This
issue can be compounded when the agency has previously focused its efforts on managing and
scheduling records in a paper-driven environment, and/or provided only non-native versions of
agency records to NARA as permanent records. In such situations, an agency may face a greater
challenge in explaining its business processes or recordkeeping obligations to a CSP. It is crucial
that a CSP fully understand Federal agency records obligations and needs so that the CSP can
respond accordingly.
Federal agencies are required to schedule records for disposition, and retain all records until an
approved record schedule is in place
68
. Records that are permanently valuable to the United
States are transferred to NARA typically when they are 30 years old, although NARA accepts
electronic records earlier for “pre-accessioning.”
69
Four key areas have been identified for Federal agencies to consider and address in cloud
contracts they relate to federal recordkeeping: proactive records planning, timely and actual
destruction of records, permanent records, and the transition of records to new CSPs.
Proactive Records Planning
Many Federal agencies have older records schedules in place which fail to account for modern
electronic records and may contain outdated references to superseded software platforms and
applications. For these Federal agencies, a transition to cloud-based systems holds the potential
to provide an agency’s records officer(s) with a chance to start fresh, identifying records and
potentially updating schedules or creating them anew. Systems may be feeding into each and
using data extracts to create new records. These relationships must be understood and the
records managed in accordance with the FRA.
This is also an important time for system owners and records managers to educate each other
about their responsibilities and capabilities. CSPs may not understand that some records in any
given system that must be preserved pursuant to a record schedule. Record schedules
67 See National Archives and Records Administration (NARA) Bulletin 2010-05, Guidance on Managing
Records in Cloud Computing Environments, Sept. 8, 2010 (“Federal agencies are responsible for managing
their records in accordance with NARA statutes including the Federal Records Act (44 U.S.C. Chapters 21, 29,
31, 33) and NARA regulations (36 CFR Chapter XII Subchapter B). This is true regardless of which cloud
service and deployment models are adopted. However, NARA recognizes that the differences between models
affect how and by whom (agency/contractor) records management activities can be performed.”).
68 See 44 U.S.C. 3303, 3303a.
69 Records that are pre-accessioned remain in the legal ownership of the agency, but NARA is responsible for
migration and other services. See http://www.archives.gov/records-mgmt/initiatives/pre-accessioning.html;
see also http://www.archives.gov/records-mgmt/bulletins/2009/2009-03.html
[ 32 ]
commonly require records be kept for seven, 10, 50, or even 75 or more years
70
. As systems
migrate and change, it is important that these records do so as well if they are not yet eligible
for destruction.
To enable proactive records planning, agency records officers must be invited to be “in the
loop” early in the procurement cycle, and in the subsequent transition to CSP environments
that contain government data, including meetings with CSP personnel. If a regular
communications channel involving an ad hoc group of IT, records, and other appropriate staff
has not already been set up within Federal agencies, the transition to the cloud provides a
prime opportunity for accomplishing multiple good ends.
As a key consideration for record planning in the cloud, Federal agencies need to incorporate
records officers into the planning process early.
Timely and Actual Destruction of Records Required by Record Schedules
An important factor in proper recordkeeping is ensuring that authorized destruction or deletion
of records occurs in accordance with agency schedules. For a variety of good records
management reasons – including controlling the costs for continued storage, it is important
that Federal agencies regularly dispose of records. While this is true whether an IT system is
hosted internally or in a CSP environment, Federal agencies should consider the architecture of
a CSP environment when determining an agency’s ability to dispose of records.
CSP environments can be configured in many different ways to facilitate the disposition of
records according to Federal agency requirements. By ensuring the records manager is a part of
the technical requirements creation of a cloud computing contract, the records manager can
draft requirements for CSPs, including the ability to set a disposition date for categories of
records within the system and have that automatically execute itself or send a file owner a
notice when it is time to delete certain records
71
. Federal agencies can also work to include an
entire records management component as a part of a cloud computing contract
72
.
70 For example, passport records are 100-year temporary records at the State Department, certain statistical
research and survey files at the Social Security Administration are 100-year temporary records, and student
loan files at the Department of Education have a 75-year retention period.
71 The General Services Administration’s request-for-quotes #QTA011GNB0010 for a blanket purchase
agreement (BPA) for cloud based e-mail includes language addressing these issues. For example there is a
requirement to “provide common APIs allowing integration with third party tools such as email archiving
solutions, E-Discovery solutions, and Electronic Records Management Software Applications…and that also
allow for the transfer of permanent records to NARA….”
72 Another option is a more robust records management functionally. In the GSA BPA for cloud based email
(see footnote 67), there is an option for bidders devoted to Electronic Records Management including
requirements to, “support an immutable email management solution integrated with the messaging system in
accordance with the requirement for Federal agencies to manage their email messages and attachments as
electronic records in accordance with [applicable laws]. These provide requirements for maintaining records
to retain functionality and integrity throughout the records’ full lifecycle including: Maintenance of links
between records and metadata, and Categorization of records to manage retention and disposal, either
through transfer of permanent records to NARA or deletion of temporary records in accordance with NARA-
approved retention schedules.”
[ 33 ]
CSPs must have the ability to permanently delete copies of ESI in accordance with existing
Federal record retention schedules and policies. CSPs should also be capable of deleting back-
up versions of ESI maintained as part of the overall cloud solution, in accordance with standard
government procedures for recycling backup media. CSPs must clarify how they will retain or
destroy ESI, and Federal agencies must ensure that the methods employed by the CSP meet the
agency’s record retention requirements and that Federal agencies can verify destruction.
Federal agencies should incorporate the following key considerations related to disposal of
records into their cloud computing contracts:
CSPs must clarify their records disposition capabilities and ability to follow records
schedules; and
CSPs must be able to meet Federal agency permanent disposition needs.
Permanent Records
Permanent records are a crucial part of documenting our history for citizens now and in the
future. Federal agencies storing permanent records in CSP environments should plan for those
records to be transferred to NARA. For permanent records, it may be important to make regular
copies of these records off of the live system in which they reside in order for them to be
maintained for transfer, when appropriate, to NARA
73
. NARA will only accept certain file
formats, per its regulations,
74
making it particularly important that any system housing
permanent records be capable of producing them in a non-proprietary format.
When a Federal agency is placing permanent records in a CSP environment, they must ensure
the CSP environment allows the Federal agency to copy records out of the CSP environment for
storage consistent with NARA’s accepted formats.
Transition of Records to New CSPs
All CSP contracts will last for a finite period of time. As such, Federal agencies must plan for
retention of records and the transition of records between different CSPs and cloud
environments when contracts expire or are terminated. CSPs may discontinue service or merge
with new companies. Additionally, Federal agencies may decide to end certain services
altogether, or the contract with the CSP or integrator may expire requiring re-competition with
no guarantee of award to the incumbent. Whatever the reason a cloud contract comes to an
end, Federal agencies should have a transition plan, with documentation describing
infrastructure, records, files, programming, and other key facets of a CSP’s environment so an
agency can successfully transition from one CSP environment to another CSP environment or to
its own environment, if appropriate.
73 This is an area where each agency must consider its needs, the type of records in question, and its own
business processes. Different processes and procedures may work well for different Federal agencies, but it is
important to address the preservation of permanent records in each cloud based solution.
74 See NARA Transfer Guidance generally at http://www.archives.gov/records-mgmt/initiatives/transfer-to-
nara.html. See also, NARA regulations at 36 C.F.R. 1228.270.
[ 34 ]
When records are transferred from one CSP environment to another, the agency will need to
be able to ensure the authenticity and completeness of the data they receive. Federal agencies
will also need to ensure that all records are deleted from the previous CSP environment once
the transition is completed.
When beginning the procurement process with a CSP, these scenarios may seem to be far off,
but it is crucial that Federal agencies plan for the entire lifecycle of a system and its records
from inception to termination. When moving to a CSP environment, Federal agencies need to
address FRA issues explicitly in writing at the beginning of a contract in order to ensure that an
adequate historical record of the government’s actions is not lost in the cloud. Federal agencies
should address and anticipate transition and transfer of data to other cloud providers over the
life-cycle of a record.
Conclusion
Federal agencies are adopting cloud computing services more and more rapidly. This move to
cloud computing represents a paradigm shift from buying IT as a capital expenditure to buying
IT as a service. This requires Federal agencies to re-think the way they contract for IT in order to
address elements unique to cloud computing environments.
By examining existing cloud computing contracts and through government-wide input, ten
areas were discussed above that Federal agencies should address when creating a cloud
computing contract:
Selecting a Cloud Service;
CSP and End-User Agreements;
Service Level Agreements;
CSP, Agency, and Integrator Roles and Responsibilities;
Standards;
Security;
Privacy;
E-Discovery;
Freedom of Information Act; and
Federal E-Records Management.
By addressing the elements above and including all necessary stakeholders when creating cloud
computing contracts (e.g. OCIO, OGC, Privacy, Records, E-Discovery, FOIA, and procurement
staff), Federal agencies will be able to more effectively procure and manage IT as a service.
[ 35 ]
Appendix A
Suggested Procurement Preparation Questions:
The questions below highlight several topics to consider when procuring cloud services. This is
not an exhaustive list of all considerations, merely an informal guide.
General Questions
75
1. Who is actively involved in negotiating and reviewing the agency’s contract and ancillary Service
Level Agreement for cloud services?
a. Contracting Officer/Procurement? Chief Information Officer? General Counsel? FOIA staff?
Records Officer? Privacy Officer? E-Discovery Counsel? Cybersecurity personnel?
b. What is the process for developing the agency’s needs criteria and evaluating the cloud
provider proposal and post-award performance?
2. Are the unique operational aspects of the cloud computing environment addressed in the
acquisition plan required by FAR Part 7? In particular, in terms of the written acquisition plan
format described in FAR Section 7.105, how are technical, schedule and cost risks addressed,
and has any test and evaluation program and Government Furnished Information (GFI) to be
considered?
3. Based on market research conducted in accordance with FAR Part 10, does the acquisition plan
contemplate use of a system integrator in addition to a Cloud Service Provider (CSP)? Will the
CSP be a subcontractor to the system integrator, or will the CSP have a direct contractual
relationship with the agency?
4. Is there a clear statement in the contract for cloud services that all data is owned by the agency?
5. Can the cloud provider access or use the agency’s information in the cloud? (PS-1, PS-7, CM-5,
SC-7)
6. How is the agency’s data handled both at rest and in motion in the cloud? (SC-1, SC-28)
7. Who has access to the agency’s data, both in its live and backup state? (SI-1, SI-4)
8. In the cloud, what geographic boundaries apply to data at rest and what boundaries are
traversed by data in motion? (CM-1, CM-8)
9. Where are the cloud servers that will store agency data physically located? (CM-1, CM-8, AC-4)
a. Can the provider certify where the data is located at any one point in time?
10. How will the cloud provider meet regulatory compliance requirements applicable to the USG,
[including but not limited to the Privacy Act, the Federal Information Management and Security
Act (FISMA), the Paperwork Reduction Act, the Federal Records Act, the Freedom of Information
Act (FOIA), the Trade Secrets Act and related guidance and authorities]?
75 Several of these questions are addressed specifically in NIST Special Publication 800-53, Revision 3. For
convenience, the questions drawn from 800-53 reference the applicable controls (e.g. “SA”, “MA”,”SC”, etc.).
Specific controls for specific USG agencies may vary significantly depending on agency-specific security
requirements.
[ 36 ]
General Questions
75
11. What is the potential termination liability that would result from application of the contract
clauses associated with FAR Part 49 Termination of Contracts? (SA-1, SA-2, SA-4, SA-12, SA-13)
12. How is the migration of agency data upon contract termination or completion addressed? (SA-
1, SA-4, SA-2, SA-12, SA-13)
13. How is agency data destroyed? (e.g. upon request? Periodically?) (MP-1, MP-4)
a. Methodology used? (e.g. remove data pointer or overwritten in accordance with USG
security standards)
b. How does the cloud provider segregate data? If encryption schemes are used have the
design of those schemes been tested for efficacy?
14. If the cloud provider or reseller agreement incorporates “URLs” into the terms, which policies
and terms are being incorporated into the agreement? (URLs are not static and change over
time)
a. What notice is provided to the agency if URLs/policies change? Remedies for agency if new
policies or URLs are not acceptable?
15. What remedies are being agreed to for breach or violations of the agreement? Litigation?
Mediation? Waiver of right to sue?
a. Are choice of law and jurisdiction provisions in the agreement appropriate? (e.g. has the
agency unknowingly subjected itself and USG to the jurisdiction of a state or foreign court)
16. Is the agency indemnifying the cloud provider in violation of the Anti-Deficiency Act?
a. What rights is the agency waiving, if any?
b. What limitations of liability, whether direct or indirect, is the agency granting?
c. How does the Force Majeure clause deal with the action of Federal agencies other than the
customer agency?
17. Can the agency manage content in the cloud with its own tools or only through contractor
resources?
18. How are upgrades and maintenance (hardware and software) handled? (e.g. who conducts
these activities? How often? And how is the USG advised of findings?) (MA-1, MA-2, SA-7, SA-3)
19. How are asset availability, compatibility, software updates and hardware refreshes addressed?
a. What does the agreement say about estimated outage time the cloud provider foresees for
standard hardware and software updates and the cloud provider’s estimated response time
should an emergency take the system off line?
20. What responsibility does the cloud provider have for assuring proper patching and versioning
control?
a. What language is in the agreement specifically requiring the cloud provider to take on this
responsibility?
21. Is there a discussion of how the cloud provider will continue to maintain or otherwise support
the agency’s data in a designated format to ensure that the data remains accessible/readable
over the life of the data?
[ 37 ]
General Questions
75
22. Did the agency discuss with the cloud provider additional services that may be provided in the
cloud, for example e-discovery tools?
23. Does the contract support IPv6 as outlined per the FAR?
24. If there is confidential statistical
76
information at issue, does the agency agreement ensure the
application of the provisions of the Confidential Information Protection and Statistical Efficiency
Act of 2002 or similar statutes that protect confidential statistical information to the information
in question?
25. If there is confidential statistical information at issue, does the agency agreement contain
provisions to ensure that either agency staff created and provided appropriate confidential
statistical information training guidelines or actually delivered confidential statistical
information training to the cloud
providers?
Service Level Agreement
1. Does the SLA have clearly defined terms, definitions and performance parameters?
2. Does the SLA define who is responsible for measuring SLA performance?
3. What enforcement mechanisms are in the SLA (i.e., what penalties does a cloud service provider
have for not meeting the SLA performance measures)?
CSP and End User Agreements
1. Before signing the contract, consider if the agency bound by the cloud provider’s Terms of
Service (TOS) provisions, in addition to the contract terms and conditions?
a. If so, how do those terms deal with privacy, cybersecurity, data disclosure/access, etc.?
b. Is the TOS document proposed by the CSP the standard for industry practice or is it
proprietary to that offeror? Can the TOS proposed be revised through negotiation?
E-Discovery Questions
1. How does the agency or CSP halt the routine destruction of agency information in the cloud
when a litigation hold has been implemented?
2. Does the agency or the cloud provider’s document retention/management plan apply to the
agency’s data stored in the cloud? Is it understood whose plan has priority in cases when they
conflict?
76 Confidential statistical information may be defined as data or information acquired by an agency for
exclusively statistical purposes under a pledge of confidentiality. See 44 USC 3501 Note SEC. 512(a).
[ 38 ]
E-Discovery Questions
3. Is the metadata preserved when agency data is migrated into, out of, and within the cloud? (i.e.,
are transfers forensically sound)?
a. Will the agency be able to search the data in the cloud by metadata field? For example, will
the agency be able to batch search for all agency data in the cloud by original date created,
file type, or author?
b. Does the cloud provider ensure that metadata remains linked to records during data
migration?
4. Pursuant to the agreement, does the agency itself have the ability to search, retrieve, and
review agency data in the cloud? Using the agency’s own tools? Agency’s e-discovery
contractor’s tools?
5. What are the agency’s file format export options for exporting agency data out of the cloud?
What are the expenses associated with this process?
6. Is the cloud provider or a third-party providing e-discovery services to the agency?
a. What specific e-discovery services by the cloud provider are included in the contract?
i. [NOTE: E-discovery services can include the process of managing, identifying/locating,
preserving, collecting, processing, reviewing, and producing electronically stored
information (ESI)].
ii. What specific tools are being utilized for these e-discovery services?
b. Will the cloud provider or third-party provide training on the e-discovery tools offered?
c. What project management resources will be available for the e-discovery services?
d. Have the e-discovery services of the cloud provider or third-party been tested? If collection
is one of the e-discovery services provided, is the collection method forensically sound?
e. Can the agency modify the e-discovery protocol/process of the cloud service provider or
third-party as warranted?
f. How will e-discovery of data in the cloud be handled during user migration?
g. Does the cloud provider have forensic or litigation experts available to answer questions
and/or sign affidavits regarding the e-discovery services provide in the cloud?
h. Will the cloud provider and third-party employees sign chain of custody affidavits to
demonstrate the integrity of the ESI when needed for litigation purposes?
i. If requested, will the cloud provider be able to supply the agency with audit trails,
exception reports, and transaction logs?
i. What if any additional charges will be required for e-discovery services discussed above?
7. Does the contract require that the agency fund or otherwise support the cloud provider’s
response to a third party?
8. Is the contract clear that the cloud provider and all associated subcontractors shall not release
any agency information and/or data without written agency approval or about circumstances
when such approval is not
needed?
a. Is the contract clear that the cloud provider will notify the agency within a mutually agreed
upon timeframe when a request for agency information or data is received by the cloud
provider or subcontractor? Who is the designated agency point of contact(s) for this notice?
[ 39 ]
E-Discovery Questions
9. If the agency desired to extract the data so that it can be loaded into a separate review
platform, will work product from the cloud review platform be transferable to a separate review
database?
10. Will attorneys and staff have immediate access to review the data in the review platform if
hosted by the cloud provider in the cloud?
a. Is there 24/7 access to the review platform?
b. Can approved, non-agency personnel (i.e. other agencies or contractors) access the review
platform in the cloud?
Cybersecurity Questions
1. Does the contract include provisions to meet all FedRAMP requirements?
2. If authentication and digital signature are required, is HSPD-12 required as the standard?
3. Does the contract address how FISMA, TIC, ISO 27001, NIST standards, and EINSTEIN are applied
by cloud providers operating in a non-USG (commercial) environment?
4. What is the CSP’s key escrow program for USG encrypted data and how are the terms and
conditions of escrow applied to accessing encrypted USG data?
5. Is it clear that the agency’s owns all network logs, archived data, or other information and
access to this must not be restricted? [NOTE: logs are needed by Federal agencies conducting,
for example, OIG investigations].
6. What requirements (clearances, etc.) apply to cloud providers’ employees accessing USG data in
a cloud environment?
7. What happens when material infringing on the intellectual property rights of the USG or others
is located in a cloud system deployed by a cloud provider for the benefit of the USG?
a. What level of indemnity and supporting insurance and/or capital will be provided by the
cloud provider to the USG?
b. What access to cloud provider intellectual property rights will the USG need to address
various issues, particularly law enforcement investigations and audits?
8. What happens when USG data is stored or transported in non-bannered environments and
devices, particularly if those environments also contain data not belonging to the USG?
9. What security guidelines apply to operations of various cloud components and how are they
measured for compliance? (SA-1, CA-2, SA-4, SA-13)
10. Was there an assessment by the agency or cloud provider of how server and telephony locations
may impact access and security of the data? (AC-1, AC-16, SA-4)
Privacy Questions
1. When implementing a cloud solution, did the agency consider whether any personally
identifiable information (PII) would be involved?
[ 40 ]
Privacy Questions
2. Did the agency consider whether any other categories of personal information, such as those
protected by special privacy legislation and regulations like protected health information (PHI)
under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, would be
involved?
3. If there is PII at issue, did the agency assess whether the Privacy Act of 1974 applied to the PII in
question?
a. If so, did the agency ensure that the agreement included mandatory FAR language on
operating Privacy Act systems of records?
4. If there is PII at issue, did the agency conduct a Privacy Impact Assessment in accordance with
section 208 of the E-Government Act of 2002 and OMB Memorandum M-03-22?
5. If there is PII at issue, does the agreement provide instruction and requirements on what to do
in the event of a breach or unintentional release of PII?
6. If there is PII at issue, did the agency make any arrangements to ensure that either agency staff
created appropriate PII training guidelines or actually delivered PII training to the cloud
providers?
7. If there is PII at issue, does the agency agreement provide instruction and requirements on what
to do in the event of any request for disclosure, subpoena, or other judicial process seeking
access to the records which may include USG PII?
8. If there is PII at issue, does the agency agreement limit uses strictly to support the agency and
prohibit uses for other purposes?
9. If there is PII at issue, does the agency agreement provide instruction and requirements on
terminating storage and deleting data upon expiration of the agreement term and option
extensions?
10. If there is PII at issue, does the agency agreement specify whether the data servers, including
redundant servers, may be located outside the United States?
FOIA Questions
1. Does the agreement address whether the CSP supports the agency’s FOIA process?
a. If the agency has a centralized FOIA searching process, does the CSP facilitate this searching
capability?
b. If the agency requires each individual who may have responsive records to conduct their own
search, does the CSP allow an individual to search and retrieve their own records?
c. If the agency has FOIA professionals conduct searches for ESI, does the CSP provide
appropriate access for FOIA professionals to agency custodians’ records systems?
d. Are any time constraints imposed by FOIA taken into account in the agreements, so that the
FOIA office has adequate time to review the documents?
2. Are there processes in place so that cloud provider adequately communicates with the FOIA
office as needed?
[ 41 ]
FOIA Questions
3. Pursuant to the agreement, does the agency itself have the ability to search, retrieve, and
review agency data in the cloud? Using the agency’s own tools?
4. What are the agency’s file format export options for exporting agency data out of the cloud?
What are the expenses associated with this process?
5. If the agency desired to extract the data so that it can be loaded into a separate review
platform, will work product from the cloud review platform be transferable to a separate review
database?
a. Will FOIA professionals have immediate access to review the data in the review platform if
hosted by the cloud provider in the cloud? Is there 24/7 access to the review platform?
6. Can approved, non-agency personnel (i.e. attorneys or contractors) access the review platform
in the cloud?
Recordkeeping Questions
1. Is the information that will be moved to the cloud-based system adequately scheduled as a
Federal record?
2. Does the cloud provider allow the agency to destroy (truly delete) all copies or renditions of
records from the cloud when appropriate?
3. Does the cloud provider allow the agency to implement records disposition policies across
categories of records?
4. Does the cloud provider have a process that allows the agency to capture records that are
appropriate for permanent preservation and transfer to NARA in accordance with NARA
regulations as they may exist at the time of the transfer/accessioning to NARA, including file
format?
5. Is the cloud provider using non-propriety file formats so that the data will remain useful outside
of the system in which it was created?
6. Is the cloud provider capable of retaining the integrity of the files for the duration in which the
agency’s records schedules contemplates them being kept?
7. Can the cloud provider migrate records to an agency’s in-house servers on demand, in the event
it is necessary to do so?
8. If the agreement is for infrastructure as a service, has the agency considered the kind of record
material which may be lost if the cloud provider were to change?
9. Did the agency consider if there were special substantive categories of records, such as vital
records, being moved to the cloud for which increased records management attention is
needed?
2/17/22, 5:47 PM
The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 1/22
The Legal System in the United States
The requirement of proof beyond a reasonable doubt has this vital role in our criminal procedure for cogent reasons. The
accused, during a criminal prosecution, has at stake interests of immense importance, both because of the possibility that he
may lose his liberty upon conviction and because of the certainty that he would be stigmatized by the conviction.
In re: Winship, cited in Section 2, “Burden of Proof in a Criminal Prosecution”
Federalism
Learning Objectives
Define federalism.
Ascertain the sections of the Constitution that give Congress regulatory authority.
Compare federal regulatory authority with state regulatory authority.
Compare federal criminal laws with state criminal laws.
Define federal supremacy.
The United States’ system of government is called federalism. Federalism, as set forth in the US Constitution, divides
governmental power between the federal government and each of the states. This prevents a concentrated source of
governmental power in one individual or small group of individuals. Because of federalism, the United States has one federal
legal system, and each state has its own state legal system. Thus in the United States, a plethora of legal systems all operate
harmoniously at the same time.
The Scope of Federal Law
The government’s power to regulate comes from the US Constitution. The federal government derives its authority to create
law from Article I, § 8, which discusses federal Congress’s exclusive or delegated powers. These include the power to regulate
currency and coin, establish a post office, promote science and art by regulating the rights to discoveries and writings, declare
war and raise armies, conduct foreign affairs, regulate interstate and foreign commerce, and make laws necessary and proper to
execute other powers expressly granted in the Constitution. Courts have interpreted the last two powers mentioned in the
commerce clause and the necessary and proper clause to be the broadest sources of federal regulatory authority.
To simplify and summarize precedent defining federal regulatory authority, federal laws are meant to regulate in two areas.
First, federal laws regulate issues that concern the country, rather than just one city, county, or state. The federal government
regulates in the area of foreign affairs, for example, because this affects the United States of America, not just one particular
region. Second, federal laws regulate commerce, which is economic activity that crosses from state to state. Some common
examples are television broadcasts, the Internet, and any form of transportation such as the airlines.
Federal Criminal Laws
The original intent was for the federal government to be a limited government, with the bulk of regulatory authority residing in
the states. The only crimes Congress is specifically authorized to punish are piracies and felonies on the high seas,
counterfeiting, and treason; however, case precedent has expanded the federal government’s power to enact criminal laws
Learning Resource
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 2/22
based on the commerce clause and the necessary and proper clause. McCulloch v. Maryland, 17 US (4 Wheat.) 316 (1819),
accessed August 28, 2010, http://www.law.cornell.edu/supct/html/historics/USSC_CR_0017_0316_ZS.html. Still, there must
be some connection to an issue of national character and interstate commerce, or the federal government will overstep its
authority. In general, federal criminal laws target conduct that occurs on federal property or conduct involving federal
employees, currency, coin, treason, national security, rights secured by the Constitution, or commerce that crosses state lines.
Currently, over 500 crimes are listed in Part I, Title 18 of the United States Code, which codifies criminal laws for the federal
government.
Diagram of Federal Laws
The Scope of State Law
The US Constitution designates the states as the primary regulatory authority. This is clarified in the 10th Amendment, which
reads, “The powers not delegated to the United States by the Constitution, nor prohibited to it by the States, are reserved to
the States respectively, or the people.” State laws are also supposed to regulate in two areas. First, state laws regulate issues of
a local character or concern. A state may regulate, for example, its water ownership and use because water can be scarce and is
not generally provided to other states. Second, state laws regulate issues or things that remain within a state’s border. A state
generally regulates, for example, the operation of a small business whose products are only sold locally and not shipped out of
the
state.
Federal laws are the same in every state, but state laws differ from state to state. Something that is legal in one state may be
illegal in another state. This inconsistency makes our system of federalism complicated for students (and lawyers). However,
with a country as large and varied as the United States, it is sensible to allow each state to choose for itself which laws will be
most suitable.
State Criminal Laws
The power to enact criminal laws belongs almost exclusively to the states. This is because of the 10th Amendment, which vests
in states a police power to provide for the health, safety, and welfare of state citizens. Approximately 90 percent of all criminal
laws are state, rather than federal. Often, federal crimes are also state crimes and can be prosecuted and punished by both the
state and federal government without violating the principle of double jeopardy.
Example of the Diversity of State Laws
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 3/22
In Nevada, prostitution is legal under certain circumstances. N.R.S. § 201.354, accessed September 24, 2010,
http://www.leg.state.nv.us/nrs/NRS-201.html#NRS201 Sec354. An individual who engages in prostitution inside a licensed
“house of prostitution” in Nevada is not exposed to criminal liability. However, if the same individual engages in prostitution in
a different state, he or she may be subject to a criminal
prosecution.
Prostitution will be discussed in detail in chapter 12,
“Crimes against the Public.”
Federal Supremacy
Our legal system is divided up to conform to the principle of federalism, so a potential exists for conflict between federal law
and state law. A federal law may make something illegal; a state law may insist that it is legal. Whenever a conflict occurs
between federal and state law, courts must follow the federal law. This is called federal supremacy. As the Supremacy Clause of
Article VI of the federal Constitution states, “This Constitution, and the Laws of the United States which shall be made in
Pursuance thereof; and all Treaties made, or which shall be made, under the Authority of the United States, shall be the
supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any
State to the Contrary notwithstanding.”
Example of Federal Supremacy
In Washington and several other states, an individual may possess and use marijuana for medicinal purposes with a
prescription. Washington State Medicinal Marijuana Act, Chapter 69.51A RCW, accessed August 28, 2010,
http://apps.leg.wa.gov/RCW/default.aspx?cite=69.51a&full=true; see all states that legalize medicinal marijuana: “16 Legal
Medical Marijuana States and DC,” ProCon.org website, accessed August 28, 2010,
http://medicalmarijuana.procon.org/view.resource.php?resourceID=000881. Federal law prohibits possession and use of
marijuana under any circumstances.21 USC. Ch. 13 § 801 et. seq., accessed October 1, 2010,
http://www.deadiversion.usdoj.gov/21cfr/21usc/index.html. Technically, this could be a conflict that violates federal
supremacy. Until the courts address the federal supremacy issue, however, medical marijuana statutes can continue to stay in
effect. Read about a recent ruling regarding the constitutionality of Michigan’s medicinal marijuana law under the Supremacy
Clause: http://www.pressandguide.com/articles/2011/04/09/news/doc4d9f557b8ab37805648033.txt.
Diagram of State Laws
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 4/22
Law and Ethics: The Arizona Immigration Law
Can a State Regulate Immigration?
Arizona passed a comprehensive immigration law designed to seek out and deport illegal immigrants. This law created a
national furor, and its detractors insisted it would lead to unethical racial profiling. The federal government attacked the
law in Federal District Court. Randal C. Archibold, “Judge Blocks Arizona’s Immigration Law,” The New York
Times website, accessed October 1, 2010, http://www.nytimes.com/2010/07/29/us/29arizona.html. Judge Susan Bolton
issued a preliminary injunction that stopped enforcement of the sections of the law that required state law enforcement
to check an immigrant’s status while enforcing other laws and that required immigrants to prove they were in the country
legally or risk state charges. Randal C. Archibold, “Judge Blocks Arizona’s Immigration Law,” The New York Times website,
accessed October 1, 2010, http://www.nytimes.com/2010/07/29/us/29arizona.html. Read the District Court’s
preliminary injunction ruling, which is available at this link:
http://graphics8.nytimes.com/packages/pdf/national/20100729_ARIZONA_DOC .
What is the basis for Judge Bolton’s decision? Check your answer using the answer key at the end of the chapter.
Read about the most recent ruling on Arizona’s immigration law by the US Court of Appeals for the Ninth Circuit:
http://latindispatch.com/2011/05/10/arizonas-jan-brewer-to-appeal-immigration-law-to-u-s-supreme-court/.
Read about Utah’s immigration law: http://articles.cnn.com/2011-05-11/politics/utah.immigration.bill_1_utah-law-gary-
herbert-utah-gov?_s=PM:POLITICS.
Read about Alabama’s immigration law: http://www.reuters.com/article/2011/06/10/tagblogsfindlawcom2011-
freeenterprise-idUS123058502120110610.
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 5/22
Federalism is a system of government in which power is divided between one national, federal government
and several independent state governments.
Congress gets its regulatory authority from Article I § 8 of the federal Constitution. This includes several
delegated powers, the commerce clause, and the necessary and proper clause.
The commerce clause gives Congress the power to regulate commerce that crosses state lines.
The necessary and proper clause gives Congress the power to regulate if necessary to carry out all other
powers listed in
the Constitution.
The Constitution specifically authorizes Congress to punish piracies and felonies on the high seas,
counterfeiting, and treason. Case precedent has also expanded the federal government’s power to enact
criminal laws based on the commerce clause and the necessary and proper clause.
The federal government is intended to be limited, with the bulk of regulatory authority residing in the states.
The federal government is restricted to regulating in the areas designated in Article I § 8 of the federal
Constitution. The states can regulate for the health, safety, and welfare of citizens pursuant to their police
power, which is set forth in the 10th Amendment of the federal Constitution
Federal criminal laws criminalize conduct that occurs on federal property or involves federal employees,
currency, coin, treason, national security, rights secured by the Constitution, or commerce that crosses state
lines. State criminal laws make up 90 percent of all criminal laws, are designed to protect state citizens’ health,
safety, and welfare, and often criminalize the same conduct as federal criminal laws.
Federal supremacy, which is set forth in the Supremacy Clause of the federal Constitution, requires courts to
follow federal laws if there is a conflict between a federal and state law.
Exercises
Answer the following questions. Check
your answers using the answer key at the end of the chapter.
1. Congress passes a law criminalizing the posting of child pornography on the Internet. Where does Congress get the
authority to pass this criminal law? If a state has a criminal law criminalizing the same conduct, can both the
state and federal government prosecute a defendant for one act of downloading child pornography?
2. Read US v. Morrison, 529 US 518 (2000). Which part(s) of the Constitution did the US Supreme Court rely on when
it held that 42 USC. § 13981 is unconstitutional? The case is available at this link:
http://www.law.cornell.edu/supct/html/99-5.ZS.html.
3. Read Pennsylvania v. Nelson, 350 US 497 (1956). Why did the US Supreme Court invalidate the Pennsylvania
Sedition Act? The case is available at this link: http://supreme.justia.com/us/350/497/case.html.
The Branches of
Government
Key Points
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 6/22
Learning Objectives
1. Identify the three branches of government.
2. Ascertain the head of the federal and state legislative branches of government.
3. Compare the Senate and the House of Representatives.
4. Ascertain the head of the federal and state executive branches of government.
5. Ascertain the head of the federal and state judicial branches of government.
The federal Constitution was written to ensure that government power is distributed and never concentrated in one or more
areas. This philosophy is served by federalism, where the federal government shares power with the states. It is also further
served by dividing the government into three branches, all responsible for different government duties and all checking and
balancing each other. The three branches of government are detailed in Articles I–III of the federal Constitution and are the
legislative branch, the executive branch, and the judicial branch. While the federal Constitution identifies only the federal
branches of government, the principle of checks and balances applies to the states as well. Most states identify the three state
branches of government in their state constitution.
Each branch of government has a distinct authority. When one branch encroaches on the duties of another, this is called a
violation of separation of powers. The courts decide whether a government branch has overstepped its boundaries because
courts interpret the Constitution, which describes each branch’s sphere of influence. Thus the judicial branch, which consists of
all the courts, retains the balance of power.
The Legislative Branch
The legislative branch is responsible for creating statutory laws. Citizens of a state can vote for some state statutes by ballot,
but the federal legislative branch enacts all federal statutes. In the federal government, the legislative branch is headed by
Congress. States’ legislative branches are headed by a state legislature. Congress is bicameral, which means it is made up of
two houses. This system provides equal representation among the several states and by citizens of the United States. States
are represented by the Senate. Every state, no matter how large or small, gets two senators. Citizens are represented by the
House of Representatives. Membership in the House of Representatives is based on population. A heavily populated state, like
California, has more representatives than a sparsely populated state, like Alaska. States’ legislatures are generally bicameral and
have a similar structure to the federal system.
Examples of Legislative Branch Checks and Balances
The legislative branch can check and balance both the executive branch and the judicial branch. Congress can impeach the
president of the United States, which is the first step toward removal from office. Congress can also enact statutes that
supersede judicial opinions, as discussed in chapter 1, “Introduction to Criminal Law.” Similarly, state legislature can also
impeach a governor or enact a state statute that supersedes a state case law.
Diagram of the Legislative Branch
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 7/22
The Executive Branch
The executive branch is responsible for enforcing the statutes enacted by the legislative branch. In the federal government, the
executive branch is headed by the president of the United States. States’ executive branches are headed by the governor of the
state.
Diagram of the Executive Branch
Examples of Executive Branch Checks and Balances
The executive branch can check and balance both the legislative branch and the judicial branch. The president of the United
States can veto statutes proposed by Congress. The president also has the authority to nominate federal justices and judges,
who thereafter serve for life. State executive branches have similar check and balancing authority; a governor can generally
veto statutes proposed by state legislature and can appoint some state justices and judges.
The
Judicial
Branch
The judicial branch is responsible for interpreting all laws, including statutes, codes, ordinances, and the federal and state
constitutions. This power is all-encompassing and is the basis for judicial review, referenced in chapter 1, “Introduction to
Criminal Law.” It allows the judicial branch to invalidate any unconstitutional law in the statutory source of law and also to
change the federal and state constitutions by interpretation. For example, when a court creates an exception to an amendment
to the constitution, it has made an informal change without the necessity of a national or state consensus. The federal judicial
branch is headed by the US Supreme Court. Each state’s judicial branch is headed by the highest-level state appellate court.
Members of the judicial branch include all judges and justices of every federal and state court in the court system, which is
discussed shortly.
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 8/22
Diagram of the Judicial Branch
Examples of Judicial Branch Checks and Balances
The judicial branch can check and balance both the legislative branch and the executive branch. The US Supreme Court can
invalidate statutes enacted by Congress if they conflict with the Constitution. The US Supreme Court can also prevent the
president from taking action if that action violates separation of powers. The state courts can likewise nullify unconstitutional
statutes passed by the state legislature and void other executive branch actions that are unconstitutional.
The Most Prominent Checks and Balances Between the Branches
Government
Branch Duty or Authority Check and Balance
Government Branch
Checking and Balancing
Legislative Create statutes President can veto Executive
Executive Enforce statutes Congress can override presidential veto by 2/3
majority
Legislative
Judicial Interpret statutes
and Constitution
President nominates federal judges and justices Executive
Executive Enforce statutes Senate can confirm or reject presidential
nomination of federal judges and justices
Legislative
Executive Enforce statutes Congress can impeach the president Legislative
Executive Enforce statutes Congress can impeach the president Legislative
Legislative Create statutes Courts can invalidate unconstitutional statutes Judicial
Executive Enforce statutes Courts can invalidate unconstitutional executive
action
Judicial
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 9/22
Government
Branch Duty or Authority Check and Balance
Government Branch
Checking and Balancing
Judicial Interpret statutes
and Constitution
Statutes can supersede case law Legislative
The three branches of government are the legislative branch, the executive branch, and the judicial
branch.
The head of the federal legislative branch of government is Congress. The head of the state legislative
branch of government is the state legislature.
The Senate represents every state equally because each state has two senators. The House of
Representatives represents each citizen equally because states are assigned representatives based on
their population.
The head of the federal executive branch of government is the president. The head of each state
executive branch of government is the governor.
The head of the federal judicial branch of government is the US Supreme Court. The head of each state
judicial branch of government is the highest-level state appellate court.
Exercises
Answer the following questions. Check your answers using the answer key at the end of the chapter.
1. A mayor enacts a policy that prohibits police officers in his city from enforcing a state law prohibiting the
possession and use of marijuana. The mayor’s policy specifically states that within the city limits, marijuana is legal
to possess and use. Which constitutional principle is the mayor violating? Which branch of government should
check and balance the mayor’s behavior in this matter?
2. Read Youngstown Sheet & Tube Co. v. Sawyer, 343 US 579 (1952). In Youngstown, President Truman seized control
of steel mills to avert a strike, using his authority as commander in chief of the armed forces. President Truman
wanted to ensure steel production during the Korean War. Did the US Supreme Court uphold President Truman’s
action? Why or why not? The case is available at this link: http://supreme.justia.com/us/343/579/.
3. Read Hamdi v. Rumsfeld, 542 US 507 (2004). In Hamdi, the US Supreme Court reviewed the US Court of Appeals
for the Fourth Circuit’s decision prohibiting the release of a US citizen who was held as an enemy combatant in
Virginia during the Afghanistan War. The citizen’s detention was based on a federal statute that deprived him of the
opportunity to consult with an attorney or have a trial. Did the US Supreme Court defer to the federal statute? Why
or why not? The case is available at this link: http://scholar.google.com/scholar_case?
case=6173897153146757813&hl=en&as_sdt=2&as_vis=1&oi=scholarr.
The Court System
Key Points
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 10/22
Learning Objectives
1. Compare federal and
state
courts.
2. Define jurisdiction.
3. Compare original and appellate jurisdiction.
4. Identify the federal courts and determine each court’s jurisdiction.
5. Identify the state courts and determine each court’s jurisdiction.
Every state has two court systems: the federal court system, which is the same in all 50 states, and the state court system,
which varies slightly in each state. Federal courts are fewer in number than state courts. Because of the 10th Amendment,
discussed earlier in Section 2.1.2 “The Scope of State Law,” most laws are state laws, and therefore most legal disputes go
through the state court system.
Federal courts are exclusive; they adjudicate only federal matters. This means that a case can go through the federal court
system only if it is based on a federal statute or the federal Constitution. One exception is called diversity of citizenship. 28
USC. § 1332, accessed August 30, 2010, http://www.law.cornell.edu/uscode/28/1332.html. If citizens from different states are
involved in a civil lawsuit and the amount in controversy exceeds $75,000, the lawsuit can take place in federal court. All
federal criminal prosecutions take place in federal courts.
State courts are nonexclusive; they can adjudicate state or federal matters. Thus an individual who wants to sue civilly for a
federal matter has the option of proceeding in state or federal court. In addition, someone involved in a lawsuit based on a
federal statute or the federal Constitution can remove a lawsuit filed in state court to federal court.28 USC. § 1441 et. seq.,
accessed August 30, 2010, http://www.law.cornell.edu/uscode/28/1441.html. All state criminal prosecutions take place in
state courts.
Jurisdiction
Determining which court is appropriate for a particular lawsuit depends on the concept of jurisdiction. Jurisdiction has two
meanings. A court’s jurisdiction is the power or authority to hear the case in front of it. If a court does not have jurisdiction, it
cannot hear the case. Jurisdiction can also be a geographic area over which the court’s authority extends.
There are two prominent types of court jurisdiction. Original jurisdiction means that the court has the power to hear a trial.
Usually, only one opportunity exists for a trial, although some actions result in both a criminal and a civil trial, discussed
previously in chapter 1, “Introduction to Criminal Law.” During the trial, evidence is presented to a trier of fact, which can be
either a judge or a jury. The trier of fact determines the facts of a dispute and decides which party prevails at trial by applying
the law to those facts. Once the trial has concluded, the next step is an appeal. During an appeal, no evidence is presented; the
appellate court simply reviews what took place at trial and determines whether or not any major errors occurred.
The power to hear an appeal is called appellate jurisdiction. Courts that have appellate jurisdiction review the trial record for
error. The trial record includes a court reporter’s transcript, which is typed notes of the words spoken during the trial and
pretrial hearings. In general, with exceptions, appellate courts cannot review a trial record until the trial has ended with a final
judgment. Once the appellate court has made its review, it has the ability to take three actions. If it finds no compelling or
prejudicial errors, it can affirm the judgment of the trial court, which means that the judgment remains the same. If it finds a
significant error, it can reverse the judgment of the trial court, which means that the judgment becomes the opposite (the
winner loses, the loser wins). It can also remand, which means send the case back to the trial court, with instructions. After
remand, the trial court can take action that the appellate court cannot, such as adjust a sentence or order a new trial.
Some courts have only original jurisdiction, but most courts have a little of original and appellate jurisdiction. The US Supreme
Court, for example, is primarily an appellate court with appellate jurisdiction. However, it also has original jurisdiction in some
cases, as stated in the Constitution, Article III, § 2, Clause 2: “In all Cases affecting Ambassadors, other public Ministers and
Consuls, and those in which a State shall be Party, the supreme Court shall have original Jurisdiction. In all the other Cases
before mentioned, the supreme Court shall have appellate jurisdiction.”
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 11/22
Example of Original and Appellate Jurisdiction
Paulina is prosecuted for the attempted murder of Ariana. Paulina is represented by public defender Pedro. At Paulina’s trial, in
spite of Pedro’s objections, the judge rules that Paulina’s polygraph examination results are admissible but prohibits the
admission of certain witness testimony. Paulina is found guilty and appeals, based on the judge’s evidentiary rulings. While
Pedro is writing the appellate brief, he discovers case precedent barring the admission of polygraph examination results. Pedro
can include the case precedent in his appellate brief but not the prohibited witness testimony. The appellate court has the
jurisdiction to hold that the objection was improperly overruled by the trial court, but is limited to reviewing the trial record for
error. The appellate court lacks the jurisdiction to admit new evidence not included in the trial record.
The Federal Courts
For the purpose of this book, the focus is the federal trial court and the intermediate and highest-level appellate courts
because these courts are most frequently encountered in a criminal prosecution. Other federal specialty courts do exist but are
not discussed, such as bankruptcy court, tax court, and the court of military appeals.
The federal trial court is called the United States District Court. Large states like California have more than one district court,
while smaller states may have only one. District courts hear all the federal trials, including civil and criminal trials. As stated
previously, a dispute that involves only state law, or a state criminal trial, cannot proceed in district court. The exception to this
rule is the diversity of citizenship exception for civil lawsuits.
After a trial in district court, the loser gets one appeal of right. This means that the intermediate appellate federal
court must hear an appeal of the district court trial if there are sufficient grounds. The intermediate appellate court in the
federal system is the United States Court of Appeals. There is less federal law than state law, so only 13 US Courts of Appeals
exist for all 50 states. The US Courts of Appeals are spread out over 13 judicial circuits and are also referred to as circuit
courts.
Circuit courts have appellate jurisdiction and can review the district court criminal and civil trials for error. The circuit court
reviews only trials that are federal in nature, with the exception of civil lawsuits brought to the district court under diversity of
citizenship. As noted in chapter 1, “Introduction to Criminal Law,” the federal Constitution governs criminal trials, so only a
guilty defendant can appeal. In general, with exceptions, appeal of a not guilty verdict (also called an acquittal) violates a
defendant’s double jeopardy protection.
After a circuit court appeal, the loser has one more opportunity to appeal to the highest-level federal appellate court, which is
the United States Supreme Court. The US Supreme Court is the highest court in the country and is located in Washington, DC,
the nation’s capital. The US Supreme Court has eight associate justices and one chief justice; all serve a lifetime appointment.
The US Supreme Court is a discretionary court, meaning it does not have to hear appeals. Unlike the circuit courts, the US
Supreme Court can pick and choose which appeals it wants to review. The method of applying for review with the US Supreme
Court is called filing a petition for a writ of certiorari.
Any case from a circuit court, or a case with a federal matter at issue from a state’s highest-level appellate court, can petition
for a writ of certiorari. If the writ is granted, the US Supreme Court reviews the appeal. If the writ is denied, which it is the
majority of the time, the ruling of the circuit court or state high court is the final ruling. For this reason, the US Supreme Court
reverses many cases that are accepted for review. If the US Supreme Court wants to affirm the intermediate appellate court
ruling, all it has to do is deny the petition and let the lower court ruling stand.
The State Courts
For the purpose of this book, a representative state court system is reviewed. Slight variations in this system may occur from
state to state.
Most states offer their citizens a people’s court, typically called small claims court. Small claims court is a civil court designed
to provide state citizens with a low-cost option to resolve disputes where the amount in controversy is minimal. A traditional
small claims court only has the jurisdiction to award money damages. This means that it cannot adjudicate criminal matters or
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 12/22
family court matters such as granting a petition for divorce. Small claims courts also limit the amount of money damages
available, typically less than $10,000.
Small claims court has special rules that make it amenable to the average individual. Attorneys cannot represent clients in small
claims court, although they certainly can represent themselves just like any other individual. Small claims court proceedings are
generally informal, and usually no court reporter types what is said. Therefore, no court record exits for appeal. Small claims
court appeals are the exception to the general rule and are usually new trials where evidence is accepted.
States generally have a state trial court that can also be the appellate court for small claims court appeals. This trial court is
usually called superior court, circuit court, or county court. State trial courts are generally all-purpose and hear civil litigation
matters, state criminal trials, and nonlitigation cases including family law, wills and probate, foreclosures, and juvenile
adjudications. States can, however, create specialty courts to hear special matters and free up the trial courts for basic criminal
prosecutions and civil litigation trials. Some states divide their trial courts into lower and higher levels. The lower-level trial
court adjudicates infractions and misdemeanors, along with civil lawsuits with a smaller amount in controversy. The higher-
level trial court adjudicates felonies and civil lawsuits with a higher amount in controversy.
The intermediate appellate court for the state court system is usually called the state court of appeals, although some smaller
or low-population states may have only one appellate court called the state supreme court. The state courts of appeal provide
appeals of right, meaning they must hear an appeal coming from the state’s trial court if adequate grounds are present. Appeals
can be of any case adjudicated in the state trial court. In state criminal prosecutions, as stated earlier in the discussion of
federal appeals, only a guilty defendant can appeal without violating the protection against double jeopardy. At the appellate
level, the state court of appeal simply reviews the trial court record for error and does not have the jurisdiction to hear new
trials or accept evidence.
The highest appellate court for the state court system is usually called the state supreme court. In states that have both
intermediate and high-level appellate courts, the state supreme court is a discretionary court that gets to select the appeals it
hears, very similar to the US Supreme Court. The state supreme court generally grants a petition for writ of certiorari, or
a petition for review, if it decides to hear a civil or criminal case coming out of the state court of appeal. If review is denied, the
state court of appeal ruling is the final ruling on the case. If review is granted and the state supreme court rules on the case,
the loser has one more chance to appeal, if there is a federal matter, to the US Supreme Court.
Diagram of the Court System
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 13/22
Exercises
Answer the following questions. Check your answers using the answer key at the end of the chapter.
1. Jenna sues Max for $25,000, based on a car accident that occurs in Indiana. Jenna loses at trial and appeals to the
highest state appellate court in Indiana, where she loses again. Can Jenna appeal her case to the US Supreme
Court? Why or why not?
2. Read United States v. P.H.E., Inc., 965 F.2d 848 (1992). In P.H.E., Inc., the defendant never went to trial but
was indicted. The defendant challenged the indictment, which was upheld by the trial court. The government
claimed that the Court of Appeals for the 10th Circuit could not hear an appeal of the trial court’s decision, because
there was never a “final judgment.” Did the circuit court agree? Why or why not? The case is available at this link:
http://scholar.google.com/scholar_case?case=16482877108359401771&hl=en&as_sdt=2&as_vis=1&oi=scholarr.
3. Read Hertz Corp. v. Friend, 130 S. Ct. 1181 (2010). How did the US Supreme Court determine citizenship of
a corporation for the purpose of diversity jurisdiction? The case is available at this link:
http://scholar.google.com/scholar_case?case=11481058059843290042&hl=en&as_sdt=2&as_vis=1&oi=scholarr.
The Burden of Proof
Learning Objectives
1. Define the burden of
proof.
2. Distinguish between the burden of production and the burden of persuasion.
3. Compare the civil and criminal burden of proof.
4. Compare inference and presumption.
5. Compare circumstantial and direct evidence.
The key to the success of a civil or criminal trial is meeting the burden of proof. A failure to meet the burden of proof is also a
common ground for appeal. In this section, you learn the burden of proof for the plaintiff, prosecution, and defendant. You also
are introduced to different classifications of evidence and evidentiary rules that can change the outcome of the trial.
Definition of the Burden of Proof
The burden of proof is a party’s responsibility to prove a disputed charge, allegation, or defense. Yourdictionary.com,
“Definition of Burden of Proof,” accessed September 26, 2010, http://www.yourdictionary.com/burden-of-proof. The burden of
proof has two components: the burden of production and the burden of persuasion. The burden of production is the obligation
to present evidence to the judge or jury. The burden of persuasion is the duty to convince the judge or jury to a certain
standard, such as beyond a reasonable doubt, which is defined shortly. This standard is simply a measuring point and is
determined by examining the quantity and quality of the evidence presented. Meeting the burden of proof means that a party
has introduced enough compelling evidence to reach the standard defined in the burden of persuasion.
The plaintiff or prosecutor generally has the burden of proving the case, including every element of it. The defendant often has
the burden of proving any defense. The trier of fact determines whether a party met the burden of proof at trial. The trier of
fact would be a judge in a nonjury or bench trial. In a criminal case, the trier of fact is almost always a jury because of the right
to a jury trial in the Sixth Amendment. Jurors are not legal experts, so the judge explains the burden of proof in jury
instructions, which are a common source of appeal.
Burden of Proof in a Civil Case
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 14/22
Burdens of proof vary, depending on the type of case being tried. The plaintiff’s burden of proof in a civil case is called
preponderance of evidence. Preponderance of evidence requires the plaintiff to introduce slightly more or slightly better
evidence than the defense. This can be as low as 51 percent plaintiff to 49 percent defendant. When preponderance of
evidence is the burden of proof, the judge or jury must be convinced that it is more likely than not that the defendant is liable
for the plaintiff’s injuries. Preponderance of evidence is a fairly low standard, but the plaintiff must still produce more and
better evidence than the defense. If the plaintiff offers evidence of questionable quality, the judge or jury can find that the
burden of proof is not met, and the plaintiff loses the case.
The defendant’s burden of proof when proving a defense in a civil case is also preponderance of evidence. For example, in the
O. J. Simpson civil case discussed in chapter 1, “Introduction to Criminal Law,” O. J. Simpson failed to meet the burden of
proving the defense of alibi. The defendant does not always have to prove a defense in a civil case. If the plaintiff does not
meet the burden of proof, the defendant is victorious without having to present any evidence at all.
Burden of Proof in a Criminal Prosecution
The prosecution’s burden of proof in a criminal case is the most challenging burden of proof in law; it is beyond a reasonable
doubt. Judges have struggled with a definition for this burden of proof. As Chief Justice Shaw stated nearly a century ago,
[w]hat is reasonable doubt? It is a term often used, probably pretty well understood, but not easily defined. It is not mere
possible doubt; because everything relating to human affairs, and depending on moral evidence, is open to some possible
or imaginary doubt. It is that state of the case, which, after the entire comparison and consideration of all the evidence,
leaves the minds of jurors in that condition that they cannot say they feel an abiding conviction, to a moral certainty, of
the truth of the charge. Commonwealth v. Webster, 59 Mass. 295, 320 (1850), accessed September 26, 2010,
http://masscases.com/cases/sjc/59/59mass295.html.
In general, the prosecution’s evidence must overcome the defendant’s presumption of innocence, which the Constitution
guarantees as due process of law. In re Winship, 397 US 358 (1970), accessed September 26, 2010,
http://www.law.cornell.edu/supct/html/historics/USSC_CR_0397_0358_ZO.html. This fulfills the policy of criminal
prosecutions, which is to punish the guilty, not the innocent. If even a slight chance exists that the defendant is innocent, the
case most likely lacks convincing and credible evidence, and the trier of fact should acquit the defendant.
States vary as to their requirements for the defendant’s burden of proof when asserting a defense in a criminal
prosecution.Findlaw.com, “The Insanity Defense among the States,” findlaw.com website, accessed October 1, 2010,
http://criminal.findlaw.com/crimes/more-criminal-topics/insanity-defense/the-insanity-defense-among-the-states.html.
Different defenses also have different burdens of proof, as is discussed in detail in chapter 5, “Criminal Defenses, Part 1,” and
chapter 6, “Criminal Defenses, Part 2.” Some states require the defendant to meet the burden of production, but require the
prosecution to thereafter meet the burden of persuasion, disproving the defense to a preponderance of evidence or, in some
states, beyond a reasonable doubt. Other states require the defendant to meet the burden of production and the burden of
persuasion. In these states, the defendant’s standard is typically preponderance of evidence, not
beyond a reasonable doubt.
The defendant does not always have to prove a defense in a criminal prosecution. If the prosecution does not meet the burden
of proof, the defendant is acquitted without having to present any evidence at all.
Example of a Failure to Meet the Burden of Proof
Ann is on trial for first degree murder. The only key piece of evidence in Ann’s trial is the murder weapon, which was
discovered in Ann’s dresser drawer during a law enforcement search. Before Ann’s trial, the defense makes a motion to
suppress the murder weapon evidence because the search warrant in Ann’s case was signed by a judge who was inebriated and
mentally incompetent. The defense is successful with this motion, and the judge rules that the murder weapon
is inadmissible at trial. The prosecution decides to proceed anyway. If there is no other convincing and credible evidence of
Ann’s guilt, Ann does not need to put on a defense in this case. The prosecution will fail to meet the burden of proof, and Ann
will be acquitted.
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 15/22
Diagram of the Criminal Burden of Proof
Inference and Presumption
Parties can use two tools to help meet the burden of proof: inference and presumption. Jury instructions can include inferences
and presumptions and are often instrumental in the successful outcome of a case.
An inference is a conclusion that the judge or jury may make under the circumstances. An inference is never mandatory but is a
choice. For example, if the prosecution proves that the defendant punched the victim in the face after screaming, “I hate you!”
the judge or jury can infer that the punch was thrown intentionally.
A presumption is a conclusion that the judge or jury must make under the circumstances. As stated previously, all criminal
defendants are presumed innocent. Thus the judge or jury must begin any criminal trial concluding that the defendant is not
guilty.
Presumptions can be rebuttable or irrebuttable. A party can disprove a rebuttable presumption. The prosecution can rebut the
presumption of innocence with evidence proving beyond a reasonable doubt that the defendant is guilty. An irrebuttable
presumption is irrefutable and cannot be disproved. In some jurisdictions, it is an irrebuttable presumption that children under
the age of seven are incapable of forming criminal intent. Thus in these jurisdictions children under the age of seven cannot be
criminally prosecuted (although they may be subject to a juvenile adjudication proceeding).
Circumstantial and Direct Evidence
Two primary classifications are used for evidence: circumstantial evidence or direct evidence.
Circumstantial evidence indirectly proves a fact. Fingerprint evidence is usually circumstantial. A defendant’s fingerprint at the
scene of the crime directly proves that the defendant placed a finger at that location. It indirectly proves that because the
defendant was present at the scene and placed a finger there, the defendant committed the crime. Common examples of
circumstantial evidence are fingerprint evidence, DNA evidence, and blood evidence. Criminal cases relying on circumstantial
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 16/22
evidence are more difficult for the prosecution because circumstantial evidence leaves room for doubt in a judge’s or juror’s
mind. However, circumstantial evidence such as DNA evidence can be very reliable and compelling, so the prosecution can and
often does meet the burden of proof using only circumstantial evidence.
Direct evidence directly proves a fact. For example, eyewitness testimony is often direct evidence. An eyewitness testifying
that he or she saw the defendant commit the crime directly proves that the defendant committed the crime. Common
examples of direct evidence are eyewitness testimony, a defendant’s confession, or a video or photograph of the defendant
committing the crime. Criminal cases relying on direct evidence are easier to prove because there is less potential for
reasonable doubt. However, direct evidence can be unreliable and is not necessarily preferable to circumstantial evidence. If an
eyewitness is impeached, which means he or she loses credibility, the witness’s testimony lacks the evidentiary value of reliable
circumstantial evidence such as DNA evidence.
Comparison of Circumstantial and Direct Evidence in a Burglary Case
Evidence Circumstantial Direct
Fiber from the defendant’s coat found in a
residence that has been burglarized
Yes No—directly proves presence at the scene, not
that the defendant committed burglary
GPS evidence indicating the defendant drove to the
burglarized
residence
Yes No—same explanation as fiber evidence
Testimony from an eyewitness that she saw the
defendant go into the backyard of the burglarized
residence
Yes No—could prove trespassing because it
directly proves presence at the scene, but it
does not directly prove burglary
Surveillance camera footage of the defendant
purchasing burglar tools
Yes No—does not directly prove they were used on
the residence
Cell phone photograph of the defendant
burglarizing the residence
No Yes—directly proves that the defendant
committed the crime
Witness testimony that the defendant confessed to
burglarizing the residence
No Yes—directly proves that the defendant
committed the crime
Pawnshop receipt found in the defendant’s pocket
for items stolen from the residence
Yes No—directly proves that the items were
pawned, not stolen
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 17/22
The burden of proof is a party’s obligation to prove a charge, allegation, or defense.
The burden of production is the duty to present evidence to the trier of fact. The burden of persuasion is
the duty to convince the trier of fact to a certain standard, such as preponderance of evidence or
beyond a reasonable doubt.
The civil burden of proof is preponderance of evidence, for both the plaintiff and the defendant. The
criminal burden of proof for the prosecution is beyond a reasonable doubt.
The criminal burden of proof for the defense is generally preponderance of evidence. States vary
on whether they require the criminal defendant to meet both the burden of production and
persuasion or just the burden of production. Different defenses also require different burdens of
proof.
In states that require the defendant to meet only the burden of production, the prosecution must
disprove the defense to a preponderance of evidence or beyond a reasonable doubt, depending on
the state and on the defense.
An inference is a conclusion the trier of fact may make, if it chooses to. A presumption is a conclusion
the trier of fact must make. A rebuttable presumption can be disproved; an irrebuttable presumption
cannot.
Circumstantial evidence indirectly proves a fact. A fingerprint at the scene of the crime, for example,
indirectly proves that because the defendant was present at the scene, the defendant committed the
crime. Direct evidence directly proves a fact. If the defendant confesses to a crime, for example, this is
direct evidence that the defendant committed the crime.
Exercises
Answer the following questions. Check your answers using the answer key at the end of the chapter.
1. Bria is asserting the insanity defense in her criminal prosecution for murder. In Bria’s state, defendants have the
burden of production and persuasion to a preponderance of evidence when proving the insanity defense. Bria
offers her own testimony that she is insane and incapable of forming criminal intent. Will Bria be successful with
her defense? Why or why not?
2. Read Patterson v. New York, 432 US 197 (1977). In Patterson, the defendant was on trial for murder. New York law
reduced murder to manslaughter if the defendant proved extreme emotional disturbance to a preponderance of
evidence. Did the US Supreme Court hold that it is constitutional to put this burden on the defense, rather than
forcing the prosecution to disprove extreme emotional disturbance beyond a reasonable doubt? Which part of the
Constitution did the court analyze to justify its holding? The case is available at this link:
http://supreme.justia.com/us/432/197/case.html.
3. Read Sullivan v. Louisiana, 508 US 275 (1993). In Sullivan, the jury was given a constitutionally deficient jury
instruction on beyond a reasonable doubt. Did the US Supreme Court hold that this was a prejudicial error requiring
reversal of the defendant’s conviction for murder? Which part of the Constitution did the court rely on in its
holding? The case is available at this link: http://scholar.google.com/scholar_case?
case=1069192289025184531&hl=en&as_sdt=2002&as_vis=1.
End-of-Chapter Material
Summary
Key Points
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 18/22
The United States’ system of government is called federalism and consists of one federal government regulating issues of a
national concern and separate state governments regulating local issues. The bulk of criminal lawmaking resides with the states
because of the police power granted to the states in the 10th Amendment. Ninety percent of all criminal laws are state laws.
Many federal crimes are also state crimes, and a defendant can be prosecuted federally and by a state without triggering
double jeopardy protection. If a federal statute exists on an issue, a state statute cannot conflict with it because of the
Constitution’s Supremacy Clause.
The Constitution sets forth three branches of government. The legislative branch consists of Congress and has the authority to
create laws. The executive branch is headed by the president of the United States and has the authority to enforce the laws
created by the legislative branch. The judicial branch is headed by the US Supreme Court and has the authority to interpret
laws and the Constitution. Each branch checks and balances each other, and the judicial branch ensures that no branch
oversteps its authority and violates separation of powers. State governments mimic the federal branches of government at the
state level and set forth authorities in each state’s constitution.
The federal court system exclusively adjudicates federal matters and consists primarily of the US District Court, the US Court
of Appeals or Circuit Court, and the US Supreme Court. Each state has its own court system consisting primarily of a trial court,
intermediate court of appeal, and possibly a high court of appeal. Trial courts have original jurisdiction and can accept evidence.
Appellate courts have appellate jurisdiction and are limited to reviewing the trial courts’ decisions for error.
Each party in a civil or criminal trial must meet a burden of proof, which consists of a burden of producing evidence and a
burden of persuading the trier of fact. The burden of proof for a civil plaintiff or defendant is preponderance of evidence,
which means that the trier of fact must be convinced it is more likely than not that a party should prevail. The burden of proof
for the prosecution in a criminal case is beyond a reasonable doubt, which is a stricter standard than preponderance of
evidence and consists of enough compelling evidence to rebut the defendant’s presumption of innocence. The burden of proof
for a criminal defense varies but is often preponderance of evidence. Inferences, which are conclusions the trier of fact may
make, and presumptions, which are conclusions the trier of fact must make, can help meet the burden of proof. The evidence
presented to meet the burden of proof can be circumstantial, which indirectly proves a fact, or direct, which directly proves a
fact. Circumstantial evidence leaves room for reasonable doubt, but it can be reliable and the basis of a successful criminal
prosecution.
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 19/22
You Be the Juror
Read the prompt, review the case, and then decide whether enough evidence exists to meet the burden of proof. Check
your answers using the answer key at the end of the chapter.
1. The defendant was convicted of possession of a handgun with an altered serial number. The defendant contended
that he did not know the serial number had been altered. The prosecution offered evidence that the gun was
“shiny” in the location of the serial number. The prosecution also proved that the defendant was in possession of
the handgun for a week. Is this sufficient evidence to prove beyond a reasonable doubt that the defendant knew
the serial number had been altered? Read Robles v. State, 758 N.E.2d 581 (2001). The case is available at this link:
http://scholar.google.com/scholar_case?case=7369971752262973607&q=
Indiana+2001+%22Robles+v.+State%22&hl=en&as_sdt=2,5.
2. The defendant was convicted of attempted first degree murder of a peace officer when he shot a sheriff. The
defendant contended that he did not know the victim was a peace officer. The sheriff was in a vehicle with a whip
antenna, was armed, and was well known as a sheriff in Angola Prison, where the defendant was incarcerated
previous to the shooting incident. However, the sheriff was in an unmarked car with the red light covered, out of
uniform, and his badge was obscured. Is this sufficient evidence to prove beyond a reasonable doubt that the
defendant knew the victim was a peace officer? Read Donahue v. Burl Cain, 231 F.3d 1000 (2000). The case is
available at this link: http://openjurist.org/231/f3d/1000/larry-donahue-v-burl-cain.
3. The defendant was convicted of third degree robbery, which requires a threat of immediate use of physical force.
The defendant entered a McDonald’s restaurant 20 minutes before closing dressed in sunglasses, a leather jacket,
and a bandanna that covered his hair. The defendant beckoned the clerk and thereafter demanded that she put
money from different cash register drawers into his bag. The defendant did not appear armed, nor did he raise his
voice or verbally threaten the clerk. Is this sufficient evidence to prove beyond a reasonable doubt that the
defendant threatened immediate use of physical force? Read State v. Hall, 966 P.2d 208 (1998). The case is
available at this link: http://www.publications.ojd.state.or.us/S44712.htm.
4. The defendant was convicted of possession of cocaine with intent to sell. The defendant possessed seven individual
packages of white powdery substance, but only one package was tested (and it tested positive for cocaine). Is this
sufficient evidence to prove beyond a reasonable doubt that the defendant possessed cocaine with intent to sell?
Read Richards v. Florida, No. 4008-4216 (2010). The case is available at this link:
http://www.4dca.org/opinions/June%202010/06-09-10/4D08-4216.op.w-dissent .
Cases of Interest
Clinton v. Jones, 520 US 681 (1997), discusses separation of powers: http://scholar.google.com/scholar_case?
case=1768307810279741111&q= Clinton+v.+Jones&hl=en&as_sdt=2,5.
Gonzales v. Raich, 545 US 1 (2005), discusses the reach of the commerce clause: http://scholar.google.com/scholar_case?
case=15669334228411787012&q=
%22criminal+burden+of+proof%22&hl=en&as_sdt=2,5&as_ylo=2000.
Sabri v. United States, 541 US 600 (2004), discusses the federal government’s ability to criminalize bribery of a local
government official: http://www.law.cornell.edu/supct/html/03-44.ZS.html.
US v. Comstock, 627 F.3d 513 (2010), discusses criminal and civil burdens of proof:
http://scholar.google.com/scholar_case?case=15669334228411787012&q=
%22criminal+burden+of+proof%22&hl=en&as_sdt=2,5&as_ylo=2000.
Articles of Interest
Connections between federalism and homeland security: http://www.hsaj.org/?fullarticle=2.3.4
Video court: http://www.businessweek.com/ap/financialnews/D9N3D24G0.htm
Burden of proof: http://law.jrank.org/pages/18346/Burden-Proof-Criminal-Civil.html
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 20/22
Federal and state court systems:
http://www.uscourts.gov/EducationalResources/FederalCourtBasics/CourtStructure/UnderstandingFederalAndStateCourts.aspx
Websites of Interest
US Supreme Court: http://www.supremecourt.gov
Federal courts: http://www.uscourts.gov/Home.aspx
Civic participation: http://www.congress.org
Statistics of Interest
US Supreme Court: http://www.allcountries.org/uscensus/356_u_s_supreme_court_cases_filed.html
Answers to Exercises
From Section 2.1, “Federalism”
1. Congress gets the authority to criminalize conduct involving the Internet from the Commerce Clause because the Internet
includes economic activity and crosses state lines. Both the federal and state government can prosecute the defendant
under federal and state criminal statutes for one act without violating double jeopardy.
2. The US Supreme Court relied on the Commerce Clause and the 14th Amendment. Specifically, the court ruled that
gender-motivated crimes of violence are not economic activity and do not have a national effect, so the Commerce
Clause does not support federal legislation in this area. Furthermore, the court held that the 14th Amendment due
process clause is targeted at state government action, not individual defendants, so it is likewise inapplicable.
3. The US Supreme Court held that the Pennsylvania Sedition Act is superseded by the Smith Act, 18 USC. § 2385.
Specifically, the court referenced the supremacy of federal law on the same topic, thereby preempting the state statute.
Answers to Exercises
From Section 2.2, “The Branches of Government”
1. The mayor is violating separation of powers because members of the executive branch cannot invalidate or supersede
laws passed by the legislative branch; only the judicial branch is entitled to do this via judicial review. The judicial branch
should check and balance this action, if someone attacks the mayor’s policy in court.
2. The US Supreme Court did not uphold President Truman’s action and ruled that he was violating separation of powers. A
statute on point already disallowed the president’s action (the Taft-Hartley Act). The president cannot supersede
Congress’s authority by ignoring a constitutional statute that Congress enacted, even during wartime.
3. The US Supreme Court reversed the US Court of Appeals for the Fourth Circuit. The court held that the judicial branch is
not required to allow unconstitutional federal statutes to remain in effect during wartime because of separation of
powers. The court determined that the detainee’s constitutional right to due process allowed him access to an attorney
and a court trial, in spite of the federal statute.
Answers to Exercises
From Section 2.3, “The Court System”
1. Jenna cannot appeal to the US Supreme Court because she does not appear to have a federal issue. Parties can appeal
from a state’s highest-level appellate court directly into the US Supreme Court, but the US Supreme Court is a federal
court and only has the jurisdiction to hear federal matters. Jenna cannot meet the criteria of diversity jurisdiction or
diversity of citizenship because even if she and Max are citizens of different states, the amount in controversy is too low
(it needs to be at least $75,000).
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 21/22
2. The US Court of Appeals for the 10th Circuit held that there was jurisdiction, in spite of the absence of a trial. The court
also held that the extraordinary circumstances compelled a reversal of the district court order denying a motion to dismiss
the defendants’ indictment. The court essentially ruled that the defendants had a right not to be tried.
3. The US Supreme Court held that a corporation is a citizen of its state of incorporation and the state in which its principal
place of business is located. The principal place of business is the “nerve center state,” which is the state that houses the
corporate headquarters.
Answers to Exercises
From Section 2.4, “The Burden of Proof”
1. Bria will not be successful with the insanity defense because she cannot meet the burden of proof, which
is preponderance of evidence. Preponderance of evidence is a fairly low standard, but Bria must still convince the trier of
fact that it is more likely than not she is insane. She cannot do this with her testimony, standing alone. Clearly, Bria has an
important self-interest in eliminating her criminal responsibility in this case. Thus her subjective testimony regarding her
own mental state is not compelling enough to meet the 51 percent to 49 percent standard.
2. The US Supreme Court held that it is constitutional to put the burden of proving extreme emotional disturbance on the
defendant, reducing murder to manslaughter. The court held that this did not relieve the prosecution of the burden of
proving every element of murder beyond a reasonable doubt and thus was in compliance with the due process clause of
the Constitution.
3. The US Supreme Court held that a constitutionally deficient jury instruction on the definition of beyond a reasonable
doubt was a prejudicial error and required a reversal of the defendant’s conviction for murder. The Court determined that
the improper jury instruction deprived the defendant of his Sixth Amendment right to a jury trial.
Answer to Law and Ethics Question
1. The federal judge Susan Bolton based her decision on federal preemption and an impermissible state burden on legal
resident aliens. The judge reasoned that federal authority to make law in the area of immigration has been confirmed by
the US Supreme Court, based on enumerated and implied powers, and the designated sections of the Arizona law
conflicted with this authority and are thus preempted. Order, US v. Arizona, No. CV 10-1413-PHX-SRB, US District
Court, accessed October 1, 2010, http://graphics8.nytimes.com/packages/pdf/national/20100729_ARIZONA_DOC .
The judge further held that enforcement of the enjoined sections of the Arizona law would divert federal resources
Order, US v. Arizona, No. CV 10-1413-PHX-SRB,
US District Court, accessed October 1, 2010,
http://graphics8.nytimes.com/packages/pdf/national/20100729_ARIZONA_DOC . and also impermissibly burden legal
resident aliens by restricting their liberty while their status is checked. Order, US v. Arizona, No. CV 10-1413-PHX-SRB,
US District Court, accessed October 1, 2010,
http://graphics8.nytimes.com/packages/pdf/national/20100729_ARIZONA_DOC .
Answers to You Be The Juror
1. The Indiana Court of Appeals held that there was sufficient evidence to prove beyond a reasonable doubt that the
defendant knew the serial numbers on the gun had been altered. The appearance of the gun and the defendant’s week-
long possession were enough for a reasonable juror to infer knowledge.
2. The US Court of Appeals for the Fifth Circuit held that there was insufficient evidence to prove beyond a reasonable
doubt that the defendant knew the victim was a peace officer. The court held that a reasonable juror could not infer
knowledge from the whip antenna and the victim’s job at Angola Prison.
3. The Supreme Court of Oregon held that there was sufficient evidence to prove beyond a reasonable doubt that the
defendant threatened immediate use of physical force. The court held that the defendant’s appearance, combined with
the lateness of the hour and the demands for money, could be an implicit threat under the circumstances.
4. The District Court of Appeal of Florida held that there was sufficient evidence to prove beyond a reasonable doubt that
the defendant possessed cocaine with the intent to sell. The court pointed out that the criminal statute at issue did not
2/17/22, 5:47 PM The Legal System in the United States
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/the-legal-system-in-the-united-states.html?ou=622270 22/22
require a specified quantity of cocaine. The court also reasoned that a jury could infer from the packaging and expert
testimony that the other packages also contained cocaine.
Licenses and Attributions
Chapter 2: The Legal System in the United States (https://saylordotorg.github.io/text_criminal-law/s06-the-legal-system-in-the-
united.html) from Criminal Law v. 1.0 was adapted by Saylor Academy and is available under a Creative Commons
Attribution-NonCommercial-ShareAlike 3.0 Unported (https://creativecommons.org/licenses/by-nc-sa/3.0/) license without
attribution as requested by the work’s original creator or licensor. UMGC has modified this work and it is available under the
original license.
© 2022 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity of information located at external sites.
https://saylordotorg.github.io/text_criminal-law/s06-the-legal-system-in-the-united.html
https://creativecommons.org/licenses/by-nc-sa/3.0/
2/17/22, 5:47 PM Cyberspace Law
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/cyberspace-law.html?ou=622270 1/3
Learning Topic
Cyberspace Law
Cyberspace law encompasses legal rules for how entities regulate information in an
interconnected global world.
This area of the law covers many substantive legal subjects:
contracts
torts
criminal
civil
property
intellectual property
international treaties
Much of cyberspace law is focused on procedural aspects such as jurisdiction, minimum
contacts, conflicts of laws, contractual choice of regime, and dispute resolution regimes
such as the court systems, arbitration, and mediation. These areas are often defined in the
cloud hosting agreement, and it is important to be able to understand and if necessary,
negotiate these areas to avoid potential issues.
Negotiating a cloud hosting agreement may require that you understand and be able to
define the following:
statement of work
description of service
performance
implementation
payment for services
customer obligations
2/17/22, 5:47 PM Cyberspace Law
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/cyberspace-law.html?ou=622270 2/3
cloud hosting provider obligations
delivery and acceptance
service-level agreements
choice of regime (court systems, mediation, or arbitration)
ownership
liability of the customer
liability of the cloud hosting provider
intermediary liability
third-party liability
penalties
data privacy
scope of processing
subcontractors
deletion of data
data security measures
localization of data
restitution of data
audits
In addition, cyberspace law addresses specialized areas such as electronic agreements
(click-wrap and browser agreements), electronic contracting, and digital signatures.
2/17/22, 5:47 PM Cyberspace Law
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/cyberspace-law.html?ou=622270 3/3
Identity in the Age of Cloud Computing: The Next-Generation
Internet’s Impact on Business, Governance, and Social Interaction
(https://leocontent.umgc.edu/content/dam/course-
content/tgs/cca/cca-
610/document/IdentityintheAgeofCloudComputing_checked ?
ou=622270)
A Framework for Exploring Cybersecurity Policy Options
(https://leocontent.umgc.edu/content/dam/course-
content/tgs/cca/cca-
610/document/AFrameworkforExploringCybersecurityPolicyOptio
ns_checked ?ou=622270)
How Cloud Computing Complicates the Jurisdiction of State Law
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/how-cloud-computing-complicates-
the-jurisdiction-of-state-law.html?ou=622270)
Toward a Single Global Digital Economy: The Role of Public
Authorities in Cloud Computing
(https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-
cca610/learning-resource-list/toward-a-single-global-digital-
economy–the-role-of-public-autho.html?ou=622270)
© 2022 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
Resources
https://leocontent.umgc.edu/content/dam/course-content/tgs/cca/cca-610/document/IdentityintheAgeofCloudComputing_checked ?ou=622270
https://leocontent.umgc.edu/content/dam/course-content/tgs/cca/cca-610/document/AFrameworkforExploringCybersecurityPolicyOptions_checked ?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/how-cloud-computing-complicates-the-jurisdiction-of-state-law.html?ou=622270
https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-resource-list/toward-a-single-global-digital-economy–the-role-of-public-autho.html?ou=622270
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
