Microsoft calls for greater cloud accountability

Peter Cullen warned of confusing and competing legal standards

Companies must be leaders in privacy to be leaders in the cloud computing era, Peter Cullen, Microsoft's chief privacy strategist, told the annual ACM Computers, Freedom, and Privacy conference yesterday.

Disputing claims from Silicon Valley lights such as Facebook chief executive Mark Zuckerberg that consumers, particularly younger people, are not interested in privacy, Cullen went on to call for greater accountability and transparency on the part of companies offering cloud computing services.

Consumers must have a "meaningful choice", unlike the present situation where privacy policies may run to dozens of pages. Achieving this will require extensive co-operation, according to Cullen.

"We need multi-stakeholder global dialogues to begin in earnest now," he said, noting that privacy issues need to be solved in partnership with policy makers, consumers and civil society.

"Global information flows are the reality today, but privacy is very local," he said, adding that laws are also local, where 'local' may include where the customer is located, where the business is registered or where the data is hosted.

"Today we're dealing with a raft of confusing and competing legal standards, " he warned.

Cullen believes that legal standards need to be codified in a robust framework with greater international harmonisation. He welcomed the greater consultative role being promised to businesses, civil society and consumers in this year's review of the EU Data Protection Directive.

Cloud computing services are not, he said, entirely new. Consumers have used services such as Hotmail, Gmail, Flickr and web hosting firms since as long ago as 1994, although a recent Microsoft survey showed that most consumers have never heard of cloud computing.

What is new is that companies are now moving to the cloud, although Cullen believes that there will always be some types of data considered too sensitive to move outside the physical control of businesses.

Cullen noted that a key Microsoft move in this area is the launch of its UProve technology, currently out for technical review. UProve is to be built into Active Directory and Cardspace, and is intended to offer authentication and identity services while protecting privacy.

Cullen believes that UProve must find broad adoption to be successful. "If it's only in Microsoft products it's not going to scale," he said.

The ACM Computers, Freedom, and Privacy conference, which brings together experts in technology, law and policy, continues until 18 June in San José, California.