Out-Law News 3 min. read
22 Jan 2010, 3:18 pm
Smith said that privacy and security issues raised by cloud computing needed to be addressed specifically in legislation. He said that Microsoft had commissioned a survey which said that 90% of people are concerned about the security of their personal information and that 75% of business leaders belief that security and privacy are the biggest risks associated with cloud computing.
"We need to build confidence in the cloud and that requires a new conversation, a conversation about both the opportunities and the challenges that we need to address," he said in a speech. "And we need to work together, those of us who work in industry and those of us who work in government and in other parts of civil society."
"The majority of every audience that [survey company Penn, Schoen and Berland] PSB surveyed wants us to consider these types of ramifications about the use of the cloud," he said. "They want us to be thoughtful as we move forward and they believe the US government should establish laws, rules, and policies for cloud computing."
"They’re right ... the private sector cannot meet all of these challenges alone. We need Congress to modernise the laws, adapt them to the cloud, and adopt new measures to protect privacy and promote security," said Smith. "That’s why we’ve concluded that we need a Cloud Computing Advancement Act that will promote innovation, protect consumers, and provide the executive branch with the new tools needed for a new technology era."
Smith emphasised that privacy is important to people in the cloud computing era. Though Facebook founder Mark Zuckerman said that privacy was "no longer the norm" in a social networking age, Smith said that he disagreed.
"I’ve been involved in negotiations about privacy with the Federal Trade Commission and with the European Union and neither was nearly as protracted as my negotiation with my 14-year-old daughter about whether I could be her friend on Facebook," he said. "People do care about privacy and I think as most parents have learned, teenagers still care about privacy."
"Privacy is about the ability to determine who gets to see your information. And if people of one generation are more interested in sharing more information with more people, they also care about who doesn’t get to see that as well," he said.
Smith said that cloud computing involved a fundamental change in the way that people store information that would previously have been entirely within their control. Individuals are losing that direct physical control and must be able to get it back through legislation, he said.
"One obvious attribute of the cloud is that information typically is stored on a server computer that’s controlled by a third party," said Smith. "That makes it all the more important for service providers to be thoughtful and clear in communicating what they will do with this information. Equally important, we need government action to ensure that as information moves from the desktop to the cloud, we retain the traditional balance of individual privacy vis-à-vis the state."
Smith said that legislators would have to work hard to keep up with the advances in technology and in the way that it is increasingly used.
"The rise of cloud computing should not lead to the demise of the privacy safeguards in the Bill of Rights. The public needs prompt and thoughtful action to ensure that the rights of citizens and government are fairly balanced so that these rights remain protected," said Smith.
"Over the past two decades, technology has moved forward and the law has become increasingly antiquated as a result. We now need new action by Congress to modernize the protection of privacy and fill in these legal gaps. That’s why we at Microsoft support the efforts in this area that are being led by the Center for Democracy and Technology," he said. "That’s one thing that a cloud computing advancement act should do, modernize privacy law and ensure that privacy remains protected."
Smith said that courts and legislators in all countries will increasingly face jurisdiction problems related to the international nature of cloud computing.
"In recent years we’ve seen emerge a global thicket of competing and sometimes conflicting laws impacting cloud computing," he said. "We’ve seen recent cases in Belgium, Brazil, and Italy, for example, where in each instance courts have sought to apply and impose their laws on US service providers even though the data have been stored in the United States."
"A decision to comply with a lawful demand for user data in one jurisdiction can place a provider at risk of violating a law somewhere else. It also makes it far more difficult for service providers to provide consumers with accurate information about when and how their personal information might be accessed by law enforcement," said Smith.
The problem can only be solved by international negotiation and co-ordinated action, he said.
"Ultimately cloud computing will benefit the most if governments can establish a multilateral framework that provides legal clarity in the form of a new treaty or similar international agreement. We need a free trade agreement for data and information. While a multilateral framework would require substantial diplomatic, leadership, and resources, it is definitely a cause worth embracing," he said.
