Cloud companies have to act on privacy, even if the government won’t

Most of the laws governing data privacy and security in the U.S. are nearly 30 years old, Microsoft(s MSFT) general counsel Brad Smith said at the Gigaom Structure conference Thursday in San Francisco — but with gridlock in Congress, that may not get better any time soon. Private companies have to step up and make sure that customers’ data is secure, Smith said.

“We’re living in a time when Congress doesn’t get much done,” he┬ásaid, but acknowledged that data privacy issues are also uniquely complex, making it more difficult for lawmakers to act on them. “It’s technically complex, it’s legally complex” and it involves two equally important values — privacy and public safety.

Smith said he actually believes that lawmakers understand technology much better than they used to: “The technical understanding of people in government…has gone way up,” even if they don’t know as much as “the people in this room.” But absent government action, companies need to act on their own and strengthen encryption. Microsoft will have encryption for data at rest and data in transit by the end of 2014, and is opening “transparency centers” so that some clients “can look at the code and satisfy themselves that there are no back doors.”

Photo by Jakub Mosur

Structure 2014 ticker