Emergence of Cloud Computing = Government Regulation Can’t Be Far Behind

by on January 22, 2010 · 3 comments

Brad Smith, Microsoft’s Senior Vice President and General Counsel addressed the Brookings Institution earlier this week calling for government to get involved to enhance the safety, security and privacy of the “Cloud.” (Here’s a transcript of his remarks)

Smith alluded to the fact that cloud computing is undergoing a powerful transformation and correctly pointed out that, even though millions of Americans are using cloud computing platforms today (and have been for years), a far majority of them have no real concept of what cloud computing actually is or does — and neither to most policymakers.

This speech was very well timed, given the current Google-China kerfuffle from the past couple of weeks. Essentially, who is in charge of the data in the cloud? How can we guarantee that best practices are being used by providers? And, what role will the federal government play in the regulation of this powerful emerging technology?

Without getting into too many specifics, Smith called for a Cloud Computing Advancement Act, which would promote innovation, protect consumers and provide the Executive Branch with new tools needed for a new technology area. Now, it seems that protecting consumers is the only one of those three points in which the government should play an active role. Legislating innovation seldom works how legislators foresee and giving any administration more tools for controlling the Internet has been met with some skepticism.

But there are modernizations that can take place within existing consumer protection laws, as Smith points out. One of the more interesting and valid examples Smith highlights is that many of the existing laws were written with the single PC in mind. A data thief breaks into a business’ or person’s computer and steals data — when caught the perpetrator may face only a single charge for each break-in. But when dealing with data centers that hold thousands of servers hosting potentially hundreds of thousands or millions of users’ data, the stakes need to be upped. Perpetrators of data center break ins should face charges for each user affected, or thereabouts.

Another point at which I will agree with Smith is his insistance that much of this new, or strengthened policy, be worked out on the federal level instead of having the states take the issue of cloud computing regulation on separately. It would be unfortunate if all 50 states jumped onto the regulatory bandwagon for a product that knows no boundaries.

The cloud computing platform is changing and growing extremely fast; it’s been a scant couple of years since the term really even took off. And government regulators will, as always, be forced to play catch-up (which most of the time is just fine). And as far as the transparency or, “truth in cloud computing” Smith wants among cloud providers, that may be tougher than he thinks; or it could be a veiled swipe at other providers who aren’t as transparent as Smith wants. He does suggest, lastly, that perhaps the cloud provider industry come together around a new self-regulatory code. This option should be first and foremost, before bringing in the FTC.

Nevertheless, it was an interesting speech because Microsoft, for all its ups and downs fighting for marketshare in the cloud, is now a major player in this discussion and perhaps this speech set the tone for the next year in how policy and cloud computing will collide.

For more on the issue of regulatory control and the Cloud, check out this piece by Holman Jenkins in today’s The Wall Street Journal.

Previous post:

Next post: