We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft wants privacy code of conduct for the cloud

Transparency over how data is protected is needed

Microsoft wants cloud computing vendors to join forces to create a privacy and security code of coduct.

Microsoft General Counsel Brad Smith called for new "truth-in-cloud-computing" principles that would let consumers and businesses know how their information will be accessed by service providers and how it will be stored online.

"These principles should ensure that there is transparency over how data is protected," he said.

"Simply put, it should not be enough for service providers simply to say that their services are private and secure," Smith added. "There needs to be some transparency about why this is the case."

Cloud providers should maintain a comprehensive security program and should disclose whether their security efforts meet security standards, Smith said. Customers should know how they can reclaim their documents and data, he added.

Cloud computing vendors could create a self-regulatory code, or they could face regulation from Congress, Smith said.

Action from Congress is "likely", he said.

"Simply put, it should not be enough for service providers simply to say that their services are private and secure," Smith added. "There needs to be some transparency about why this is the case."

Smith also called for the US government to work with other nations on an agreement that would allow cloud providers to operate without having to comply with laws in every country they have customers.

The US and other countries should establish a multilateral "free trade zone" for data packets, he said.

A handful of other governments have already tried to gain access to data stored in the US, he said.

"Where different laws conflict, a decision to comply with a lawful demand for user data in one jurisdiction may place a provider at risk of violating laws elsewhere," he said.

"This also makes it more difficult to provide consumers with accurate information about when and how their personal information might be accessed by law enforcement."

Microsoft also supports efforts to update privacy protection laws to deal with online activities, and it wants changes to computer crime laws that would make it easier for prosecutors to charge cybercriminals, Smith said.

In some cases, it's difficult for prosecutors now to place monetary values on stolen documents, email or digital photos, he said.

One way of dealing with this problem would be a change in the law that would fix the value of such items for each victim, then allow prosecutors to multiply that amount by the number of victims to determine charges, Smith said.

Smith also called for Congress to allow cloud providers greater latitude to pursue civil lawsuits against attacks, and he called for larger fines for attackers that break into data centers.

In most cases, the fines for breaking into a data center are the same as for attacking a single computer, he said.

Smith didn't directly address critics who say that cloud computing locks customers into one vendor, but he noted that a recent survey commissioned by Microsoft found that 75 percent of senior business leaders said safety, security and privacy are the top potential risks of cloud computing.

More than 90 percent of the general population and business leaders would be concerns about the security and privacy of their own data in a cloud computing environment, according to the survey by Penn Schoen & Berland.

But cloud computing, although not well understood by the general public, offers great potential benefits, Smith added.

"Cloud computing, properly implemented, provides users with greater flexibility, portability and choice in their computing options," he said.

"You can rely on the cloud for as little or as much of your computing needs - and keep as much data and computing functions locally on site - as you want."

Broadband speed test

PC security advice

Small business IT advice

See also: Microsoft to offer two versions of Windows Mobile 7?


IDG UK Sites

Microsoft Band UK release date and price rumours, features and specs: Microsoft smartwatch unveiled

IDG UK Sites

Why Sony's PS4 2.0 update is every gamer's dream (well, mine at least)

IDG UK Sites

This Grolsch ad combines stop-motion & CG for majestic results

IDG UK Sites

Apple rumours and predictions for 2015: What to expect from Apple in 2015