Microsoft Seeks New Legal Framework For Cloud

The company wants to see laws that strengthen privacy and security and encourage more consistent international data policies.
Microsoft is also urging reform of the Computer Fraud and Abuse Act, which has been amended several times since its passage in 1984. The software giant aims to strengthen penalties against malicious hackers of cloud service providers and to "make fines commensurate with the number of accounts illegally accessed." The company also wants to give cloud providers like itself the right to "pursue hackers" through some sort of legal process.

"Government enforcement will play a critical role in stopping and deterring attacks on the cloud, but only if Congress adapts the law to new security challenges," Smith said. "Currently, it is sometimes difficult for federal prosecutors to establish the monetary thresholds needed to impose felony penalties. In addition, Congress should amend the CFAA to increase the level of fines levied against hacking into a datacenter."

Furthermore, Microsoft is also looking for the government to adopt "truth in cloud computing" legislation that would require cloud providers to provide consumers with deeper information about the cybersecurity measures they take, including how their information will be stored, accessed, and used by service providers and whether the provider's treatment of the data meets certain standards.

Finally, Microsoft wants Congress to give the President proper tools to allow the executive branch to work with foreign governments to develop international data access frameworks to simplify and reconcile what's currently a messy array of laws that differ substantially among countries.

Smith cited a survey commissioned by Microsoft to back up his suggestions. The survey found that although 58% of the general population and 86% of business leaders are "excited about the potential of cloud computing," more than 90% express concerns about privacy, access and security of data in the cloud and more than 50% are in favor of laws to regulate cloud computing.