Cloud Vendors Seek Better Online Data Protections
Data store in cloud computing systems should be protected by the same privacy laws that protect information stored on personal computers, vendor executives told a Congressional committee Thursday.
Thu, September 23, 2010
Computerworld — WASHINGTON - Executives from top cloud vendors Microsoft (MSFT), Google (GOOG), Amazon.com (AMZN), Salesforce.com and Rackspace Thursday urged a congressional committee to support their goal of giving data stored in cloud computing systems the same legal protections as information stored on one's personal computer.
The lack of such protections today is a particularly important issue for enterprise customers, and is deterring some from using cloud services, the executives said.
To give lawmakers a sense of the scale of cloud-based system use, Google senior counsel Richard Salgado told the committee that there are 3 million business users of the company's cloud services today, and about 3,000 more sign up for them each day.
All face "inconsistent, confusing and uncertain" privacy laws that can be applied to data, he added.
For instance, the Electronic Communications Privacy Act of 1986 allows the government to compel a service provider to disclose the contents of an e-mail older than 180 days "with nothing more than a subpoena," said Salgado. A search warrant, which unlike a supoena requires that investigators provide probable cause, is needed to turn over e-mails less than 180-days-old, he added.
Salgado said communications and documents stored online should be treated "as if they were stored at home," which would require that the government "get a search warrant before compelling a service provider to access and disclose the information" at any time.
The U.S. Senate is also looking at this issue.
Michael Hintze, associate general counsel at Microsoft, said that users of its Business Productivity Online Suite, which includes a document storage product, include companies that must protect highly confidential information, including trade secrets, business plans and customer lists.
"Enterprise users tell us that they are very concerned about the privacy implications for moving such sensitive data from local storage to remote storage," said Hintze. "A significant part of that concern relates to the circumstances under which the government can compel disclosure of data from third party providers," he added.
Similarly, David Schellhase, executive vice president and general counsel of Salesforce.com, said that its customers, especially those based outside the country, "want assurances that the U.S. government will not access their data without deliberate due process."
Opposition to changes in the law may come from law enforcement agencies.
Kurt Schmid, executive director of the Chicago High Intensity Drug Trafficking Area, a federal group that helps to coordinate drug control efforts among local state and federal law enforcement agencies, said law enforcement officials don't want to relinquish established legal thresholds.