Microsoft lobbies to drown cloud stigma

 

Cloud laws continue to confuse.

Microsoft Australia has begun lobbying Australia's state and federal governments to direct conversation away from the stigma of off-shore cloud deployments.

The software giant hoped to allay the fears of regulators, privacy commissioners and auditors-general - along with potential customers - of moving data to Microsoft's data centres in Singapore, US and Ireland by reaching agreements on what was considered safe for a cloud deployment.

Despite mounting pressure from competitors with plans to open local facilities, Australian chief technology officer Greg Stone told media at the company's TechEd 2011 conference this week that the company would not build a local cloud facility.

It would instead continue to rely on third parties including Fujitsu and HP to deliver some variants of the public cloud offerings from Sydney data centres.

Those who signed up directly to Microsoft or through Telstra's resold T-Suite offering would be serviced specifically out of Singapore, with some local data cached in Sydney.

"We're not at the point now where the business can sustain us making a significant investment in Australia to put something like a public cloud of that nature in here," Stone said.

"It doesn't make any economic sense if we want to deliver it at the price point compared to what we do in Singapore."

Stone said Microsoft was exploring additional options to overcome "physical limitations" of serving out of Singapore but wouldn't say what they were.

Remember to sign up to our Cloud Cover bulletin for the industry’s definitive digest on everything-as-a-service.

Instead, the software giant hoped to convince users that a direct offering from Singapore or locally through a third party was a better option.

In a blog post to policy think tank Open Forum last week, Microsoft Australia's director of legal and corporate affairs Jeff Bullwinkel argued that fears around the restrictions placed by the US Patriot Act on cloud deployments in other jurisdictions were misplaced..

Bullwinkel said the Patriot Act provided no additional powers to the US Government to retrieve information held overseas "regardless of the physical location of the information – so long as the company retains custody or control over the data" and maintained a US presence.

The same was true of companies with a local presence, he said, citing a 1999 Australian Federal Court case in which Malta-based Bank of Valletta attempted to escape providing customer transaction data held in Malta to Australia's National Crime Authority.

The bank had claimed the request was a breach of Maltese bank secrecy laws, but failed in the case and subsequent appeal, requiring it to hand over the transaction evidence.

This, Bullwinkel argued, was reason to assume that no laws existed to prevent customers off-shoring their data.

"Commonly the understanding or the feeling is that the privacy laws in Australia from sending data off-shore but strictly speaking, that's just not the case in relation to any category of data that a private organisation is responsible for," he said..

However, Mark Vincent, partner at Shelston IP and one of the nation's foremost legal experts on cloud computing, told iTnews he had a different view to Bullwinkel on some arguments around the US Patriot Act.

While there is no law strictly prohibiting trans-border data flows for most types of data, Vincent said organisations needed to consider their obligations under Australia's National Privacy Principles – specifically those that concern consent for trans-border data flow and those around using and maintaining the security of data collected.

The Federal Government has proposed introduction of new principles - dubbed the Australian Privacy Principles - which would effectively make the owner of the data strictly liable for any action that infringed the rights of Australians, including access by a foreign government.

A Senate inquiry into the proposed amendments backed calls for the Department of Prime Minister and Cabinet to form a list of countries whose regimes complied with the principles.

Microsoft itself had also suggested mandating foreign cloud providers enter into agreements with the Office of the Privacy Commissioner that would see any privacy complaints handled under Australian circumstances, rather than those of the cloud provider's jurisdiction.

However, in submissions to the inquiry, local companies repeatedly expressed concerns an overseas cloud supplier could not be prevented from breaching the privacy principles.

Vincent said the principles should not be a concern for all organisations, but should weigh in to any due diligence around the use of public clouds.

“Organisations will look at this and say, it this an issue for my business?” he said. “For many, the answer is no.”

He said a subsidiary of a US company in Australia is still required to deliver up data to a US parent and US law enforcement on request.

“So the real question is putting it with a foreign-owned company in the first place - the issue is the geographic reach of US laws,” he said.

“Bullwinkel is correct in asserting that US subsidiaries in Australia have always complied with US subpoenas, and have always delivered data held overseas. So what is different about the cloud?

"One issue is that access to data is even easier than before when it is stored in an off-shore cloud. It’s a lot easier for law enforcement to access data there compared to the due process required before the Federal Police in Australia come knocking on your door for access to physical records. In fact, in the US there are laws to prevent you from being told your data has been accessed.”

James Hutchinson travelled to TechEd 2011 on the Gold Coast as a guest of Microsoft.

Copyright © iTnews.com.au . All rights reserved.


Microsoft lobbies to drown cloud stigma
Microsoft Australia chief technology officer Greg Stone and director of legal and corporate affairs, Jeff Bullwinkel.
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Microsoft Australia chief technology officer Greg Stone and director of legal and corporate affairs, Jeff Bullwinkel.
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
More 4G from Optus in Darwin
Nov 21, 2014
Click to see where Optus has expanded coverage to the suburbs near Darwin.
Optus steps up regional 4G coverage
Nov 20, 2014
Once 700Mhz services are working, Optus claims regional users will have a "faster and more ...
This Huawei 4G phone costs $99
Nov 12, 2014
The $99 Huawei Ascend Y550, available through Vodafone, enters the budget market as one of the ...
4G smartphones: Microsoft's Lumia 830
Nov 7, 2014
Microsoft has announced its flagship Windows Phone, the Nokia Lumia 830 4G, will be available in ...
Do you direct debit customers? Read this
Oct 10, 2014
Authorities have been targeting direct debit practices with iiNet and Dodo receiving formal ...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 844

Vote