Cloud computing may be a buzz concept everywhere, but the most significant legislation to address the challenges of online data storage is bogged down on Capitol Hill.
Sen. Amy Klobuchar’s Cloud Computing Act of 2011 generated a lot of chatter when the Minnesota Democrat announced the measure at a Best Buy store in her home state in April. But seven months later, the bill floundered after Sen. Orrin Hatch, R-Utah, who was originally floated as a cosponsor, bailed.
On Tuesday, Klobuchar said she is now working with unnamed “new authors” to introduce the bill by the end of the year.
Cloud computing—storing data remotely for online access—has been around for years. But technological advances have led to explosive growth in the industry, and federal agencies are increasingly looking to the cloud for IT solutions.
In February, the White House officially outlined a “cloud first” policy to reduce onsite data storage and take advantage of cloud services.
However, the industry is grappling with issues that have plagued the larger Internet infrastructure for years.
When documents are stored at a remote data center, who’s responsible for information security and privacy? As Congress considers holding Internet companies more accountable for content that infringes on copyrights, cloud businesses remain leery of incurring similar liability.
That uncertainty may undermine investment in and adoption of cloud services, said Ed Black, president of the Computer & Communications Industry Association.
“Lawmakers should keep this correlation between investment and liability in mind as they consider policy issues that could increase copyright liability for growing areas of our economy like cloud computing and Internet services that allow user-generated content,” Black said.
The early drafts of Klobuchar’s bill included, among other provisions, new civil and criminal enforcement against hacking. It also directed the U.S. to negotiate more consistent international cloud-computing laws and required government agencies to develop cloud-computing plans.
A cybersecurity bill introduced by Rep. Michael McCaul, R-Texas, in June calls for a comprehensive government strategy for using and adopting cloud services, but the legislation does not address broader cloud issues.
Not everyone agrees that legislation or even regulation is needed. Collective codes of conduct and best practices can solve many of the problems involving cloud computing, says Ari Schwartz, a senior policy adviser at the Commerce Department. Such voluntary methods should be the first option, he said, before government takes a more active role.
The department is working with businesses to create codes of conduct, Schwartz said, with a white paper on privacy due out in the next several weeks. Codes of conduct are a midpoint between free-market competition and outright government regulation, he said.
“I think much of this could be done through competition, but we’re not seeing that today,” Schwartz said.
On the industry side, Microsoft, which is vying for many of the new lucrative government contracts, has led the push for limited government regulation.
“The best approach in a time of rapid technological change is to establish policy goals and a flexible framework for achieving them, and to avoid focus on specific technological approaches that could chill innovation or quickly become outmoded,” Dan Reed, vice president of Microsoft’s Technology Policy Group, told the House Space, Science, and Technology Subcommittee on Technology and Innovation in September.
This article appears in the Nov. 16, 2011, edition of National Journal Daily.