No doubt spurred in part by the ongoing federal FCC/ FTC hearings on bringing the internet into the 21st century and dealing with security gaps in the cloud, Microsoft put in its request to Congress and state governments to firm up the legal framework for ensuring stratospheric privacy and protection. Microsoft’s General Counsel Brad Smith addressed attendees on these issues at a keynote at the Brookings Institute on January 19, 2010.
Microsoft identified the primary concerns as privacy, security, transparency, and international sovereignty, the latter being a major issue in connection with storage server locations that know no boundaries. Transparency means that consumers and businesses should know whether and how their information will be accessed and used by service providers and how it will be protected online.
Smith is justifiably concerned with privacy protections and the fact that laws currently on the books do not take into account the heightened risk and the broader ramifications of hacking in the cloud. Smith proposed a new law, which he dubbed the Cloud Computing Advancement Act, and urged the revamping of an existing law, the Electronic Communications Privacy Act, in order to address the spectrum of risks. He also proposed stronger sanctions under the Computer Fraud and Abuse Act: currently, cloud hackers face the same penalties as hackers that attack an individual PC.
I see mass movement into the cloud and, as a techie, I understand the value of it. As attorneys, however, it pays to be aware of what our current technology can ensure with respect to privacy and security, be versed on the scope of the laws supporting cloud integrity, and choose cloud services accordingly. Lawyers, or course, have heightened responsibility with respect to privacy, security, and privilege. Perhaps this is one area of technology in which lawyers can afford to be slightly behind the curve – right behind security developments.
Hat tip to eWeek. For further reading on the topic, check out these articles: