Cloud Computing and Government Oversight

There have been a number of blog posts this week about the policy implications of cloud computing as a result of a roundtable dinner discussion at the Aspen Institute, hosted by Microsoft.

According to Cecilia Kang, Washington Post Staff Writer, “Microsoft has emerged as a proponent of some rules of the road for the largely Wild West that cloud computing companies such as Google, Yahoo and Amazon operate. Microsoft has called on Congress to update the Electronic Communications Privacy Act to clearly apply to protections on the Web. And it wants stronger rules against cyber attacks by reforming the Computer Fraud and Abuse Act (I’m sure this is something that venture capital companies would welcome).

Brad Smith, Microsoft’s General Counsel, was quoted on his blog as saying “we must work collectively to ensure that we move responsibly to cloud computing”. He said a critical way to protect privacy would be for Congress to update the Electronic Communications Privacy Act. This statutory framework for electronic communications privacy was established more than 20 years ago and needs to be updated to be aligned with the current technological realities. There are other new responsibilities that we must work together to address such as strengthening security through enhanced criminal laws and greater transparency from service providers; combating fraud; building use trust through transparency; promoting openness and interoperability, and stimulating innovation through protection of intellectual property. See my earlier blog on innovation and patent protection.

According to Cecilia, the FTC is investigating privacy implications in cloud computing. One consideration is that consumers typically don’t know where their data is being held or what protections they have. Also, companies are making money off the data and its not entirely free. This becomes highly complicated as you consider what happens overseas. Nations don’t agree on privacy or other rules online and there is no common framework between the United States, Europe and Asia.

In recent weeks, this topic has gained steam with top policy makers as Google, Go Daddy and Network Solutions have decided to cease new operations in China because of censoring practices and competitive positioning.

While there is much debate on how much government regulation there should be over cloud computing and over self-regulation of the market, one thing is for certain, there should be basic privacy and security protections for all consumers and that providers (includes expansion stage software companies) should be held to a higher bar.