Microsoft lobbies to drown cloud stigma


Cloud laws continue to confuse.

Microsoft Australia has begun lobbying Australia's state and federal governments to direct conversation away from the stigma of off-shore cloud deployments.

The software giant hoped to allay the fears of regulators, privacy commissioners and auditors-general - along with potential customers - of moving data to Microsoft's data centres in Singapore, US and Ireland by reaching agreements on what was considered safe for a cloud deployment.

Despite mounting pressure from competitors with plans to open local facilities, Australian chief technology officer Greg Stone told media at the company's TechEd 2011 conference this week that the company would not build a local cloud facility.

It would instead continue to rely on third parties including Fujitsu and HP to deliver some variants of the public cloud offerings from Sydney data centres.

Those who signed up directly to Microsoft or through Telstra's resold T-Suite offering would be serviced specifically out of Singapore, with some local data cached in Sydney.

"We're not at the point now where the business can sustain us making a significant investment in Australia to put something like a public cloud of that nature in here," Stone said.

"It doesn't make any economic sense if we want to deliver it at the price point compared to what we do in Singapore."

Stone said Microsoft was exploring additional options to overcome "physical limitations" of serving out of Singapore but wouldn't say what they were.

Remember to sign up to our Cloud Cover bulletin for the industry’s definitive digest on everything-as-a-service.

Instead, the software giant hoped to convince users that a direct offering from Singapore or locally through a third party was a better option.

In a blog post to policy think tank Open Forum last week, Microsoft Australia's director of legal and corporate affairs Jeff Bullwinkel argued that fears around the restrictions placed by the US Patriot Act on cloud deployments in other jurisdictions were misplaced..

Bullwinkel said the Patriot Act provided no additional powers to the US Government to retrieve information held overseas "regardless of the physical location of the information – so long as the company retains custody or control over the data" and maintained a US presence.

The same was true of companies with a local presence, he said, citing a 1999 Australian Federal Court case in which Malta-based Bank of Valletta attempted to escape providing customer transaction data held in Malta to Australia's National Crime Authority.

The bank had claimed the request was a breach of Maltese bank secrecy laws, but failed in the case and subsequent appeal, requiring it to hand over the transaction evidence.

This, Bullwinkel argued, was reason to assume that no laws existed to prevent customers off-shoring their data.

"Commonly the understanding or the feeling is that the privacy laws in Australia from sending data off-shore but strictly speaking, that's just not the case in relation to any category of data that a private organisation is responsible for," he said..

However, Mark Vincent, partner at Shelston IP and one of the nation's foremost legal experts on cloud computing, told iTnews he had a different view to Bullwinkel on some arguments around the US Patriot Act.

While there is no law strictly prohibiting trans-border data flows for most types of data, Vincent said organisations needed to consider their obligations under Australia's National Privacy Principles – specifically those that concern consent for trans-border data flow and those around using and maintaining the security of data collected.

The Federal Government has proposed introduction of new principles - dubbed the Australian Privacy Principles - which would effectively make the owner of the data strictly liable for any action that infringed the rights of Australians, including access by a foreign government.

A Senate inquiry into the proposed amendments backed calls for the Department of Prime Minister and Cabinet to form a list of countries whose regimes complied with the principles.

Microsoft itself had also suggested mandating foreign cloud providers enter into agreements with the Office of the Privacy Commissioner that would see any privacy complaints handled under Australian circumstances, rather than those of the cloud provider's jurisdiction.

However, in submissions to the inquiry, local companies repeatedly expressed concerns an overseas cloud supplier could not be prevented from breaching the privacy principles.

Vincent said the principles should not be a concern for all organisations, but should weigh in to any due diligence around the use of public clouds.

“Organisations will look at this and say, it this an issue for my business?” he said. “For many, the answer is no.”

He said a subsidiary of a US company in Australia is still required to deliver up data to a US parent and US law enforcement on request.

“So the real question is putting it with a foreign-owned company in the first place - the issue is the geographic reach of US laws,” he said.

“Bullwinkel is correct in asserting that US subsidiaries in Australia have always complied with US subpoenas, and have always delivered data held overseas. So what is different about the cloud?

"One issue is that access to data is even easier than before when it is stored in an off-shore cloud. It’s a lot easier for law enforcement to access data there compared to the due process required before the Federal Police in Australia come knocking on your door for access to physical records. In fact, in the US there are laws to prevent you from being told your data has been accessed.”

James Hutchinson travelled to TechEd 2011 on the Gold Coast as a guest of Microsoft.

Copyright © . All rights reserved.

Microsoft lobbies to drown cloud stigma
Microsoft Australia chief technology officer Greg Stone and director of legal and corporate affairs, Jeff Bullwinkel.
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
IBM denies plans to cut 112k jobs
But admits to further restructuring.
Microsoft Australia chief technology officer Greg Stone and director of legal and corporate affairs, Jeff Bullwinkel.
Sign up to receive iTnews email bulletins
Latest articles on BIT Latest Articles from BIT
Microsoft Outlook is now on iPhone and iPad: why could this be useful?
Jan 30, 2015
Microsoft today released Office for Android and Outlook for iOS - complementing the other Office ...
Franchisees, here's something you should know about
Jan 23, 2015
You need to know the Code if you are a franchisee or franchisor as the penalties are significant.
Xero users rejoice! Quoting has finally arrived
Jan 23, 2015
It has taken years, but Xero has at last added integrated quoting to its online accounting software.
You can now get a no-contract wi-fi tablet from Telstra
Jan 17, 2015
Telstra has began selling wi-fi tablets out of contract without paying extra for cellular ...
Get your business ready for 2015: mobile payments
Jan 2, 2015
These handy apps from MYOB, Xero and others can reduce your administrative load and improve ...
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.