Must modernise laws to tackle evolving use of technology: Microsoft CEO Satya Nadella in new book
Microsoft CEO Satya Nadella has written in his new book, Hit Refresh, about his efforts to transform the technology company.tech Updated: Sep 26, 2017 08:24 IST
A battle between liberties like privacy and freedom of speech and demands for security came knocking at Microsoft CEO Satya Nadella’s door recently.
In his new book, Hit Refresh, the India-born CEO of the tech giant talks about how free speech, privacy, security, and sovereignty are non-negotiable values. Here are excerpts on his suggestions on how to maintain trust of both government partners and customers in the digital age:
As we search, I’d like to offer my suggestions for six ways lawmakers can shape a framework for building increased societal trust in this era of digital transformation.
First, we need a more efficient system for appropriate, carefully controlled access to data by law enforcement. Among government’s many important responsibilities, none is more important than protecting its citizens from harm. Our industry needs to appreciate the importance of this responsibility, recognizing that our customers are often the very people who need protecting. From cybercrime to child exploitation, many law enforcement investigations that require the disclosure of digital evidence are aimed at protecting our users from malicious activity and helping to ensure that our cloud services are safe and secure. Therefore, under a clear legal framework that is subject to strong checks and balances, governments should have an efficient mechanism to obtain digital evidence.
Second, we need stronger privacy protections so that the security of user data is not eroded in the name of efficiency. Governments also have an obligation to protect citizens’ fundamental privacy rights. Collection of digital evidence should be targeted at specific, known users and limited to cases where reasonable evidence of crime exists. Any government demand for users’ sensitive information must be governed by a clear and transparent legal framework that is subject to independent oversight and includes an adversarial process to defend users’ rights.
Third, we need to develop a modern framework for the collection of digital evidence that respects international borders while recognizing the global nature of today’s information technology. In the current uncertain and somewhat chaotic legal situation, governments around the world are increasingly acting unilaterally. Technology companies are facing unavoidable conflicts of law, creating incentives to localize data. The resulting confusion about which set of laws protects private data is eroding customers’ trust in technology. If this trend continues, the results could be disastrous for the technology industry and those who rely upon it. A principled, transparent, and efficient framework must be developed to govern requests for digital evidence across jurisdictions, and countries should ensure that their own laws respect that framework.
Fourth, we in the technology industry need to design for transparency. In recent years, technology companies have secured the right to publish aggregate data about the number and types of requests they receive for digital evidence. Governments should ensure that their laws protect this type of transparency by technology companies. Furthermore, governments should also allow companies, except in highly limited cases, to notify users when their information is sought by a government.
Fifth, we must modernize our laws to reflect the ways in which uses of technology have evolved over time. Here’s an example: Today, many large public and private organizations are moving their digital information into the cloud, and many startups are leveraging the infrastructure of larger companies to deliver their applications and services. As a result, governments investigating criminal activity have multiple sources for the information they are seeking. Except in very limited circumstances, digital evidence can be obtained from the customers or the companies most directly offering those services in ways that are efficient and avoid difficult questions about jurisdiction and conflicts of law. Thus, it makes sense for countries to require that investigators seek digital evidence from the source closest to the end user.
Sixth, we must promote trust through security. In recent years, law enforcement agencies around the world have argued that encryption, in particular, is impeding legitimate law enforcement investigations by putting vital information beyond their reach. However, some of the proposed solutions to the so- called “encryption problem”— from weakening encryption algorithms to mandates to provide governments with encryption keys— raise significant concerns. Encryption plays an important role in protecting our customers’ most private data from hackers and other malicious actors. Regulatory or legal reforms in this area must not undermine security, an essential element of users’ trust in technology.