Something got Goliath’s attention. The Federal Trade Commission has gotten involved in an inquiry before the Federal Communications Commission into security and privacy issues surrounding cloud computing that may have wide-reaching ramifications for enterprise and business use of the Web and SaaS.
It all began with the realization that our national broadband access was seriously lacking. In response, several federal laws were passed to encourage broadband development and deployment. The FTC has a degree of jurisdiction over broadband deployment. In the initial inquiry, filed last June, the FCC summarized the underlying rationale as follows:
In the recently passed American Recovery and Reinvestment Act of 2009,’ the “stimulus” legislation, Congress charged the Department of Agriculture’s Rural Utilities Service and the Department of Commerce’s National Telecommunications and Information Administration with making grants and loans to expand broadband deployment and for other important broadband projects. Congress provided $7.2 billion for this effort-no small sum. But even this level of funding is insufficient to support broadband deployment. With this realization, the Recovery Act charges the Commission to create a national broadband plan. By February 17, 2010, the Commission must and will deliver to Congress a national broadband plan that seeks to ensure that every American has access to broadband capability and establishes clear benchmarks for meeting that goal.
Sounds great. However, under this docket number, as well as two others, the FCC sought further comment on how to deal with disclosure of “confidential” information between “eligible entities” and broadband service providers. In part:
We also seek comment on section 106(h)(2) of the BDIA, which requires eligible entities to treat “any matter that is a trade secret, commercial or financial information, or privileged or confidential, as a record not subject to public disclosure except as otherwise mutually agreed to by the broadband service provider and the eligible entity.” In particular, we seek comment on whether that section is self effectuating or whether the Commission should take any measures to ensure eligible entities’ compliance with section 106(h)(2). If parties believe that the Commission should adopt safeguards to ensure compliance with section 106(h)(2), then we ask that they describe with specificity the nature of their proposed safeguards.
After workshops on the broader issues surrounding broadband development, including its effect on the general economy, IT and productivity, the public comments began pouring in. The cast of commenting characters is impressive, and includes some high profile corporations, including Alcatel-Lucent, NPR, QUALCOMM, Walt Disney and Microsoft. Much of the information is confidential and not viewable by the public.
Now the FTC has commenced its investigation into privacy, security concerns, identity managements systems, log-ons and authentication, mobile computing, and social networking in the context of this broader discussion. A roundtable is scheduled to be held on January 28 on these issues.
How will this resolve? Before the likes of Amazon and Rackspace, big players in the cloud computing sector, start shaking in their boots, the long-term goal should actually benefit those interested in storing in the cloud and utilizing cloud services and tools. Remember my post yesterday about the Internet in 2020? The recent inquiry appears to be another piece in the larger puzzle of transforming the Internet into an entirely new experience. Safety and security issues are a significant part of that process.
While it is possible that the inquiry will expose present insecurities that may affect enterprise and business use of the cloud, my sense is that those insecurities should be exposed, examined, quantified, and, hopefully, eliminated. I applaud the FCC and FTC for getting that ball rolling. Hopefully, cloud providers and businesses using their services are employing the best available tech, and thus mitigating the potential liabiltiy for security breaches in the here and now. Down the road, security and best available technology in support of the cloud should be dramatically improved as the direct result of such comments, inquiries, and investigations.
Hat tip to ReadWrite Enterprise