Microsoft lobbies to drown cloud stigma


Cloud laws continue to confuse.

Microsoft Australia has begun lobbying Australia's state and federal governments to direct conversation away from the stigma of off-shore cloud deployments.

The software giant hoped to allay the fears of regulators, privacy commissioners and auditors-general - along with potential customers - of moving data to Microsoft's data centres in Singapore, US and Ireland by reaching agreements on what was considered safe for a cloud deployment.

Despite mounting pressure from competitors with plans to open local facilities, Australian chief technology officer Greg Stone told media at the company's TechEd 2011 conference this week that the company would not build a local cloud facility.

It would instead continue to rely on third parties including Fujitsu and HP to deliver some variants of the public cloud offerings from Sydney data centres.

Those who signed up directly to Microsoft or through Telstra's resold T-Suite offering would be serviced specifically out of Singapore, with some local data cached in Sydney.

"We're not at the point now where the business can sustain us making a significant investment in Australia to put something like a public cloud of that nature in here," Stone said.

"It doesn't make any economic sense if we want to deliver it at the price point compared to what we do in Singapore."

Stone said Microsoft was exploring additional options to overcome "physical limitations" of serving out of Singapore but wouldn't say what they were.

Remember to sign up to our Cloud Cover bulletin for the industry’s definitive digest on everything-as-a-service.

Instead, the software giant hoped to convince users that a direct offering from Singapore or locally through a third party was a better option.

In a blog post to policy think tank Open Forum last week, Microsoft Australia's director of legal and corporate affairs Jeff Bullwinkel argued that fears around the restrictions placed by the US Patriot Act on cloud deployments in other jurisdictions were misplaced..

Bullwinkel said the Patriot Act provided no additional powers to the US Government to retrieve information held overseas "regardless of the physical location of the information – so long as the company retains custody or control over the data" and maintained a US presence.

The same was true of companies with a local presence, he said, citing a 1999 Australian Federal Court case in which Malta-based Bank of Valletta attempted to escape providing customer transaction data held in Malta to Australia's National Crime Authority.

The bank had claimed the request was a breach of Maltese bank secrecy laws, but failed in the case and subsequent appeal, requiring it to hand over the transaction evidence.

This, Bullwinkel argued, was reason to assume that no laws existed to prevent customers off-shoring their data.

"Commonly the understanding or the feeling is that the privacy laws in Australia from sending data off-shore but strictly speaking, that's just not the case in relation to any category of data that a private organisation is responsible for," he said..

However, Mark Vincent, partner at Shelston IP and one of the nation's foremost legal experts on cloud computing, told iTnews he had a different view to Bullwinkel on some arguments around the US Patriot Act.

While there is no law strictly prohibiting trans-border data flows for most types of data, Vincent said organisations needed to consider their obligations under Australia's National Privacy Principles – specifically those that concern consent for trans-border data flow and those around using and maintaining the security of data collected.

The Federal Government has proposed introduction of new principles - dubbed the Australian Privacy Principles - which would effectively make the owner of the data strictly liable for any action that infringed the rights of Australians, including access by a foreign government.

A Senate inquiry into the proposed amendments backed calls for the Department of Prime Minister and Cabinet to form a list of countries whose regimes complied with the principles.

Microsoft itself had also suggested mandating foreign cloud providers enter into agreements with the Office of the Privacy Commissioner that would see any privacy complaints handled under Australian circumstances, rather than those of the cloud provider's jurisdiction.

However, in submissions to the inquiry, local companies repeatedly expressed concerns an overseas cloud supplier could not be prevented from breaching the privacy principles.

Vincent said the principles should not be a concern for all organisations, but should weigh in to any due diligence around the use of public clouds.

“Organisations will look at this and say, it this an issue for my business?” he said. “For many, the answer is no.”

He said a subsidiary of a US company in Australia is still required to deliver up data to a US parent and US law enforcement on request.

“So the real question is putting it with a foreign-owned company in the first place - the issue is the geographic reach of US laws,” he said.

“Bullwinkel is correct in asserting that US subsidiaries in Australia have always complied with US subpoenas, and have always delivered data held overseas. So what is different about the cloud?

"One issue is that access to data is even easier than before when it is stored in an off-shore cloud. It’s a lot easier for law enforcement to access data there compared to the due process required before the Federal Police in Australia come knocking on your door for access to physical records. In fact, in the US there are laws to prevent you from being told your data has been accessed.”

James Hutchinson travelled to TechEd 2011 on the Gold Coast as a guest of Microsoft.

Copyright © . All rights reserved.

Microsoft lobbies to drown cloud stigma
Microsoft Australia chief technology officer Greg Stone and director of legal and corporate affairs, Jeff Bullwinkel.
Top Stories
IAG hands digital chief his own ‘Labs’ division
Enterprise ops chief squeezed out in restructure.
Microsoft Australia chief technology officer Greg Stone and director of legal and corporate affairs, Jeff Bullwinkel.
Sign up to receive iTnews email bulletins
Latest articles on BIT Latest Articles from BIT
The 5 Windows 10 privacy issues you should be aware of
Jul 31, 2015
There are a few unsettling details when it comes to Windows 10 privacy
Windows 10 is here! (For some)
Jul 29, 2015
Delivery of the free upgrade versions of Windows 10 began today - have you got yours yet?
Microsoft reveals Microsoft Send, a new enterprise chat app to rival Slack
Jul 27, 2015
Microsoft Send is MSN Messenger for grownups, and you could be using it at work very soon
Developers offered $500,000 grants to find HoloLens uses
Jul 8, 2015
Can augmented-reality end up in business?
Microsoft Tossup: The planning app for unorganised groups of friends
Jul 8, 2015
App allows friends to research venues, vote on plans and chat. And depending on how you run your ...
Latest Comments
Should law enforcement be able to buy and use exploits?

   |   View results
Only in special circumstances
Yes, but with more transparency