Microsoft’s Smith Calls for Government Regulation on the Cloud

Bravo to Microsoft’s Brad Smith, the company’s senior vice president and general counsel, for urging Congress to create and pass legislation that would set security and privacy standards for the cloud – at the federal level!

Smith made his pitch this week at a forum in Washington, D.C., at the Brookings Institution. Smith listed the benefits of cloud computing and spoke about a recent survey from consulting and market research firm Penn Schoen and Berland Associates (PSB).  In an article that I read about his appearance on CivSource, Smith said: “Cloud computing offers new benefits for almost every part of society.”

He detailed results of the survey:  58% of consumers and 86% of senior business leaders are “excited about the potential of cloud computing,” and a majority of respondents believe “cloud computing has the potential to help make government more efficient and effective. ” We’ve certainly seen more government agencies – at both the local and national level – contracting with cloud providers (for example, the city of LA is now using Google’s Gmail).

And, no surprise here to anyone who’s been following trends in cloud computing: the PSB survey found more than 75% of senior business leaders say they’re mostly concerned about safety, security, and privacy on the cloud are top potential risks of cloud computing, and more than 90% of the general population and senior business leaders are concerned about the security and privacy of personal data.

What Smith wants the U.S. government to do to address these fears is create the “Cloud Computing Advancement Act” to promote innovation, protect consumers and “provide government with the new tools needed to address the critical issues of data privacy and security,” according to the article.

There are Fourth Amendment issues (addressing search and seizure of private information) involved here that need to be considered and worked through in the legislation. And he and others speaking at the forum recommended reforming the 1986 statute for protecting user privacy in electronic communications, the Electronic Communications Privacy Act (ECPA).

Also, Congress would be asked to set aside more money to develop law enforcement tools to fight malicious hackers and battle online-based crimes. Smith said that Computer Fraud and Abuse Act (CFAA) needs updating to protect data centre hacking.

Smith didn’t propose that the government do all the work, however. He said the technology industry could impose its own set of best practices and guidelines. “We need new ‘truth in cloud computing’ principles so consumers and businesses have full knowledge of how their information will be accessed and used by service providers and how it will be stored,” he said, according to the piece.

I agree that Congress has a crucial role to play in making cloud computing safer and more secure. The rewards will be multiplied as more and more businesses and end users reap savings and efficiencies. Knowing that their data is secure is the icing on the cake. And I urge the government to get moving on this front.