Microsoft has taken a step toward getting the federal government to pay attention to cloud-computing services. The Redmond, Wash.-based company is asking for a cloud-computing law.
Microsoft's senior vice president and top legal counsel, Brad Smith, has proposed that Congress institute the Cloud Computing Advancement Act to help foster trust in cloud-computing services and address privacy concerns.
"The world needs a safe and open cloud -- a cloud that is protected from the efforts of thieves and hackers and also that serves as an open source of information to all people around the world," Smith said during the Brooks Institution Policy Forum. "Neither goal may be fully achieved today -- but we have to keep striving to achieve them over time."
A Need To Build Confidence
Cloud computing has received a bad rap from consumers and privacy groups who have found holes in cloud-computing services offered by Internet companies such as Google.
Microsoft, IBM, Google and several other top-tier technology companies see benefits in cloud computing and 86 percent of senior business leaders are excited about cloud computing, according to a Penn Schoen Berland survey commissioned by Microsoft. But those business leaders need to convince Internet application users to see the same benefits.
"We need to build confidence in the cloud," Smith said. "And that requires a new conversation about the opportunity -- and need -- for industry and government each to take new steps to move forward."
The Electronic Privacy Information Center, a Washington, D.C.-based nonprofit privacy group, has been vocal about cloud computing. Last March, EPIC filed complaints with the Federal Trade Commission against Google, alleging privacy holes in its cloud-computing services, which include Google Docs, Picasa and Gmail.
Security experts and computer researchers, including the European Network and Information Security Agency, have supported EPIC's findings. An ENISA report considers whether people's personal data can be transferred to nations lacking solid privacy protection, whether customers should be notified of a breach in data, and rules concerning law enforcement's access to private data.
To address international issues in cloud computing, Smith called for international talks to guarantee Internet users that personal data is subject to the same rules and policies regardless of where the data sits.
'A Good Start'
Because of EPIC's complaint against Google, the FTC is urging the Federal Communications Commission to consider the privacy implications of cloud computing in its national broadband plan, which will go to Congress next month.
"It's a good start, though a robust privacy framework for cloud-computing services will require more than 'notice' of business practices," said Marc Rotenberg, EPIC's executive director, about Smith's proposal. "It is necessary to put in place real privacy and security obligations for companies that provide cloud-based services to consumers. These are typically described as fair information practices."
Companies argue that many individuals are already using cloud services and are happy with them.
The survey commissioned by Microsoft showed 84 percent of the population use a form of webmail service and 57 percent store or share data using social-media sites. More than 90 percent of those surveyed said they are concerned about access, security and privacy for their personal data in the cloud, and a majority said the U.S. government needs to establish cloud-computing policies and laws.