ShareThisWASHINGTON - The federal government needs to address electronic security to calm Americans' uncertainty about "cloud" computing and secure its privacy before all information floats up there, according to industry experts.
Cloud computing is the platform for delivering software, applications and information through remote servers, or a third party.
E-mail, social networking, YouTube and Amazon books are examples of cloud computing today. But the technology is rapidly expanding to include documents, software and other data people currently store on their personal computers.
Several experts agreed that, without some sort of federal regulation or a global treaty, companies providing online services could face several challenges, including civil and criminal penalties.
Brad Smith, Microsoft senior vice president and general counsel, cited a poll by Penn, Schoen and Berland that found that 76 percent of Americans have not heard of cloud computing or have heard of it, but don't know what it means. Despite that, most of them use it. The survey found that 84 percent use online e-mail, 57 percent store or share information on social media Web sites and 33 percent store photos online.
Smith said most laws protecting data were written before the dawn of the Internet and do not protect or even address data on the cloud. He said government regulation is just as important as policy transparency by the service providers such as Google or Microsoft.
"It should not be enough for service providers simply to say that their services are private and secure," he said.
Smith said Microsoft is proposing legislation that would strengthen the Electronic Communications Privacy Act to include privacy protections to the cloud that now apply to personal computers. He also proposed modernizing the Computer Fraud and Abuse Act to go after hackers.
He said regulations should ensure providers clearly explain to users if and how their information will be protected.
But Smith said the government must go after hackers, and not fine or sue service providers, regardless of who is at fault. That would increase the costs of running the cloud, which would trickle down to the consumer.
Others insist companies be held accountable for security breaches.
John Verdi, senior counselor for the Electronic Privacy Information Center, said that the Federal Trade Commission has the authority to hold providers accountable and protect consumers' interest, but it is not doing that.
"What's troubling in the situation is that, in some cases, cloud computing providers are asking individuals to upload lots of sensitive data to cloud computing platforms, while at the same time stating that the data will be kept secure and will be kept private, but in the fine print disavowing all their obligations to safeguard that data," he said.
"We don't think that that's fair, and we don't think that that's being straight with consumers."
Smith said a combination of government regulation, competition in the marketplace and media watchdogs is the best way to ensure personal safety, much as similar groups have reformed the automobile industry.
"We don't say every car has to have the characteristics of a Volvo, but we do say every car has to have seat belts," he said. "I think in a similar way we'll find for the cloud that there are certain standards that are minimums that everyone should adhere to."
Michael Nelson, technology section chairman of the American Association for the Advancement of Science, said it is more important for the government to say what it is not going to do before it says what it will do.
"Right now, there's a lot of uncertainty about when governments will have access to information in the cloud: Will you need a search warrant? Will it be as well protected on your hard drive?" he said. "Those are really important questions, and government needs to clarify what those rules are."
The biggest security issue will be other countries, said Robert Atkinson, Information Technology and Innovation Foundation president. He said several countries ignore, openly sanction and possibly participate in criminality.
"Now there's a wire that connects state-sanctioned hackers in China and Russia into the U.S.," he said. "Unless we come to grips with that reality, and unless you as a nation crack down on that behavior, we're going to take steps collectively as a nation and have real problems moving forward"
To convince people data is safe in the cloud, they need to know why it is safe, Nelson said. For example, a built-in audit system could allow a company to show a customer every time data has been accessed, how and why.
"The ability to show customers this is how your data is being treated, this is how it's encrypted, this is who has access, I think, is going to be the key to a successful platform," he said. "And if we do it right, in 10 years, 80 percent of all computing could be done on the cloud."
(Distributed by Scripps Howard News Service, www.scrippsnews.com.)
