Microsoft Seeks New Legal Framework For Cloud

Microsoft is asking Congress to pass new legislation to regulate cloud computing, Brad Smith, the company's general counsel, announced Wednesday in an address at the Brookings Institution in Washington, D.C. Specifically, Microsoft is proposing what it calls the Cloud Computing Advancement Act, which would make changes to three major areas of Internet policy: privacy, security, and the international legal framework.

"We need government to modernize the laws, adapt them to the cloud, and adopt new measures to protect privacy and promote security," Smith said. "There is no doubt the future holds even more opportunities than the present, but it also contains critical challenges that we must address now if we want to take full advantage of the potential of cloud computing."

The government has already signaled some interest in these issues. For example, a Federal Trade Commission lawyer said in a letter to the Federal Communications Commission last month that it was analyzing the privacy and security implications of cloud computing. However, a long tug of war over how much and whether to regulate Internet technologies could complicate efforts at significant reform.

First, Microsoft is urging a number of changes to privacy law by updating the Electronic Communications Privacy Act, which was passed more than 23 years ago. That law has been criticized by the World Privacy Forum and the Center for Democracy and Technology. The groups oppose rules that, for example, give more privacy protection to e-mails that have been read than those that have not, and that allow the government to request records from service providers in some situations.

"Americans take for granted that, except in the plots on popular television shows, the government typically cannot come into their homes without showing them a valid search warrant," Smith said. "But the courts have cast doubt on whether the Fourth Amendment to the Constitution, which provides this protection, applies to information that is transferred to a third party for storage or use."Microsoft is also urging reform of the Computer Fraud and Abuse Act, which has been amended several times since its passage in 1984. The software giant aims to strengthen penalties against malicious hackers of cloud service providers and to "make fines commensurate with the number of accounts illegally accessed." The company also wants to give cloud providers like itself the right to "pursue hackers" through some sort of legal process.

"Government enforcement will play a critical role in stopping and deterring attacks on the cloud, but only if Congress adapts the law to new security challenges," Smith said. "Currently, it is sometimes difficult for federal prosecutors to establish the monetary thresholds needed to impose felony penalties. In addition, Congress should amend the CFAA to increase the level of fines levied against hacking into a datacenter."

Jim Christy, the Director of Futures Exploration at the Department of Defense Cyber Crime Center, talks about the increasing sophistication of attacks that he is starting to see. Chambers sees web 2.0 technologies in general and its Telepresence technology in particular as boosting worker productivity Two-Year Plan to Focus on 32 Nanometer Manufacturing Technology
Jim Christy, the Director of Futures Exploration at the Department of Defense Cyber Crime Center, talks about the increasing sophistication of attacks that he is starting to see.

Furthermore, Microsoft is also looking for the government to adopt "truth in cloud computing" legislation that would require cloud providers to provide consumers with deeper information about the cybersecurity measures they take, including how their information will be stored, accessed, and used by service providers and whether the provider's treatment of the data meets certain standards.

Finally, Microsoft wants Congress to give the President proper tools to allow the executive branch to work with foreign governments to develop international data access frameworks to simplify and reconcile what's currently a messy array of laws that differ substantially among countries. Smith cited a survey commissioned by Microsoft to back up his suggestions. The survey found that although 58% of the general population and 86% of business leaders are "excited about the potential of cloud computing," more than 90% express concerns about privacy, access and security of data in the cloud and more than 50% are in favor of laws to regulate cloud computing.