On the cloud privacy law is not feasible

David Linthicum interviewed this article is a CTO of the Bick Group and a recognized expert in the computing industry. In the past decade, he devoted himself to the research of technologies and strategies related to cloud computing and how to better integrate the cloud computing services with modern enterprises.

To make cloud services more customer-friendly for managing cloud users, privacy advocacy groups and technology providers such as the EFF, ACLU, eBay, Google and Microsoft have repeatedly applied to Congress for changes to the privacy laws. The reason vendors are backing this move is because they fear customers will not be able to use the cloud services they provide without adequate regulatory and privacy protections. Conceptually speaking, the change of this law is necessary, but in fact it is a great inconvenience to implement this measure. It can even be said that it can not be implemented.

The truth is this: Since 1986, the United States has not amended its privacy law. With the rapid development of cloud computing and the increasing storage of sensitive data to external storage devices, many people believe it is time to revisit these rules in order to adapt to the changing times.

However, I always worry about software experts when working with governments to create new laws, and now I'm starting to worry about cloud computing again. And, I still have the following questions.

First, any rule has a tendency to prevent innovation from occurring when it is done in full accordance with the rules, and the rules tend to make the rule itself more chaotic, as was the case with the introduction of the financial reporting guidelines early in this century. So, I think the same goes for the development of cloud privacy laws.

Second, in many cases, when a law is voted on by the Congress, its secrecy requirements and mechanisms are outdated. At this moment, the new question will appear again. Unless there is a regulatory body constantly updating these legal provisions, the only problems that emerge can be resolved in a timely manner. But please do not create a specialized agency for this purpose!

Finally, the law of cloud computing will be worldwide. It is impossible for the United States to make these laws applicable to other countries, so that other countries will formulate their own rules, which will make the situation more complicated.

So what can we do? The solution to the problem requires the involvement of the industry, which means that cloud providers, IT experts, and users, both you and I, are actively involved. We need to study the specific needs of privacy and security and we must stop useless copywriting. This also means that we have to figure out how to encrypt data, where access control is needed, and how to do it.

This is very simple. Unless the government intervenes, of course, the costs will increase and the efficiency will decline.