Is Your Offsite Data Safe? Microsoft GC Pushes New Security Law
Posted Jan 22, 2010 2:55 PM CDT
By Debra Cassens Weiss
Microsoft general counsel Brad Smith is proposing a new law to help protect the privacy of digital data stored on remote servers rather than desktop computers.
In a speech to the Brookings Institution, Smith unveiled Microsoft’s proposal for a Cloud Computing Advancement Act that addresses the issues of privacy, security and international sovereignty, Information Week reports.
"Americans take for granted that, except in the plots on popular television shows, the government typically cannot come into their homes without showing them a valid search warrant," Smith said in the speech (PDF posted by the Seattle Post-Intelligencer). "But the courts have cast doubt on whether the Fourth Amendment to the Constitution, which provides this protection, applies to information that is transferred to a third party for storage or use."
Smith said the Electronic Communications Privacy Act needs to be updated to increase privacy protections for data stored with third-party service providers—in the cloud, using the latest computer lingo.
“Despite the lack of familiarity with the term, most Americans already use technologies that constitute forms of cloud computing,” Smith said. He pointed to a recent survey commissioned by Microsoft that showed 84 percent of the respondents used some sort of Web mail service, 57 percent stored or shared information using a social media site, and 33 percent stored their photos online.
Besides protecting offsite data from government overreaching, Smith also wants to protect it from hackers by increasing criminal penalties.
Currently, he says, it is sometimes difficult for prosecutors to place a value on the theft of content that meets the monetary thresholds for felony penalties. A better approach, he said, is to assign a statutory amount, say $500, for each victim. And the fine for hacking into a datacenter should be greater than the penalty for hacking an individual PC, he said.
Smith also called for:
• Legislation that would give cloud providers the right to pursue hackers through civil claims.
• New principles—possibly a self-regulatory code—that call on cloud providers to disclose information about their security measures.
• An effort to address conflicting international laws that affect cloud computing, possibly through a treaty or similar international agreement.
Microsoft and Hewlett-Packard are investing $250 million in a partnership to develop and market cloud computing systems, according to an Information Age account of the speech.
The ABA Journal has more information on cloud computing in the August article, “Working in the Cloud.”