Posted by Fred Humphries
Managing Director, U.S. Government Affairs
Over the last 25 years, technology has enabled data to move from the desk drawer to the desktop, to networks, to the Web and now into the cloud. This rapid growth offers tremendous potential for efficiency, cost savings and innovations to individuals, businesses and governments alike.
For example, Microsoft’s HealthVault is helping the Cleveland Clinic to manage diabetes and heart disease by digitizing patient data, storing it online and making it easily accessible for patients and health care providers. Using at-home medical devices such as heart rate monitors and glucometers, patients can monitor their conditions and upload their data into HealthVault, which incorporates that information into the patient’s personal health record at the Cleveland Clinic. This use of HealthVault by the Cleveland Clinic shows how cloud computing can improve communication and collaboration by making data easily accessible from anywhere at any time.
Meanwhile, laws promoting security and protecting privacy have not kept pace as technology has evolved. For example, under the Electronic Communication Privacy Act of 1986 (ECPA), emails stored for less than 190 days receive greater privacy protections than emails stored for a longer period.
Both sides of Capitol Hill are examining these important issues at hearings this week. Brad Smith, Microsoft’s General Counsel and Senior Vice President, will testify before the Senate Judiciary Committee today. He will urge Congress to update ECPA to ensure the right balance is struck between the privacy rights of citizens and the needs of law enforcement. The following day, Microsoft’s Associate General Counsel Mike Hintze, will speak before the House Judiciary’s Subcommittee to urge modernization of ECPA as part of a hearing focused on the revolution in cloud computing.
Brad and Mike will also point out that ECPA reform is not the only area warranting legislative action. In Microsoft’s view, legislation is also needed to address other emerging issues relating to privacy and security, such as those arising outside the US regarding information that crosses national borders. Congress should consider legislation that would:
- require cloud service providers to make their privacy and security practices transparent to customers;
- ensure rigor in federal government procurement of cloud services by requiring agencies to evaluate providers’ security practices;
- enhance criminal enforcement of computer crimes (such as malicious hacking) and allow cloud providers to bring suit against violators directly; and
- encourage the federal government to engage in international efforts to promote consistency in national laws governing access to and security of cloud data.
The move to the cloud has raised new questions. Consumers and businesses will use new technologies only if they have confidence that their information will be reasonably protected. As companies, we see that the economic benefits of investment and potential for innovation will be realized only if clear and up-to-date privacy laws protect confidential information. We look forward to continuing to work with Congress to resolve these policy issues and to realize the potential of cloud computing.