14 DAY TRIAL // Microsoft's general counsel and senior vice president of Legal and Corporate Affairs, Brad Smith, told the Senate Judiciary Committee in Washington, DC, that the existing law on electronic privacy should be upgraded to fit today's cloud-computing technologies, like Web-based email and online productivity apps.
Smith said that the current law is nearly a quarter of a century old and that a new federal Electronic Communications Privacy Act (ECPA) should be made.
Microsoft wishes total transparency around the privacy practices of cloud-service providers, a better strategy against cyber crimes, coherence among international laws and rules that state clearly the privacy rights of online communications.
General Counsel Smith prepared a statement for the Congress, in which he gave two examples of flaws within the current ECPA, seattlepi.com reports.
“For example, under ECPA, emails stored for less than 180 days receive greater privacy protections than emails stored for a longer period.
“And while information stored on a hard drive would be fully protected by the Fourth Amendment, under ECPA a single email might be subject to multiple legal standards, depending upon whether it is stored and waiting to be read or whether it has been opened.
“While treating emails differently in these circumstances might have made sense in 1986, it is no longer justified in light of unprecedented digitization and indefinite storage of personal information online,” added Smith before passing on to the second example.
“In Office 2010, when a user creates a Word document or an Excel spreadsheet, he/she may choose to save it locally or in the "cloud" via Office Web Apps.
“Increasingly, users think less and less about these distinctions -- they simply expect that they can access their documents when they need to -- at any time and on any device.
“It would come as a surprise to these users that the level of privacy afforded to those documents differs depending on where the document happens to be stored.”
The software giant agrees with propositions made by the Digital Due Process Coalition, which counts among its members the ACLU, Amazon, AOL, Facebook, Google, Hewlett-Packard, Microsoft and many more.
These propositions include the government authorities having to require a search warrant before having access to any kind of information stored in data centers, regardless of the age of the info.
Also, cloud-service providers should not be subpoenaed and forced to provide broad data, for a subpoena must only target a specific individual or user account.
Smith added that “legislation also is needed to address other emerging issues relating to privacy and security holistically, and not solely in the context of law enforcement access to user data.
“Users have reasonable interests in maintaining the security and privacy of their data in relation to their service providers and private third parties, and the importance of data privacy and security extends beyond the United States to include information that crosses national borders.
Microsoft's head lawyer insisted in the new legislation that need to be issued from Congress, so that they would fit privacy and security matters related to cloud-computing.
You can see an interview of Brad Smith, talking about his testimony: