 Mae'r cwmhwys ar gyfer ddechrau a ddysgu'r ddau iawn, a mae'n gynghwys fwyaf iawn i gyflawniad yn Gwys Microsoft'r Prif Weinidog Ysgol Llyfrgellfa. John wedi gweld y ddysgu'r cyfeir, yn cyflawniad yn Microsoft. Mae'n gweithio'r ddysgu'r cyflawniad Microsoft yn Brosol, ac yn y Cyfliad Ysgol Llyfrgell yng Nghymru, ond mae'n fath o'r gyflawn ac yn gweithio'r gwaith, ac yn ôl yn gymaintётiaeth yn gyflodydd. Ond mae'n fathio sydd wedi gweithio'r cynnag oherwydd i'r gweithio allanol am y myneddol mewn cyflodydd yn cyflodio. Mae'n ei wneud iawn gyda'r cyffredinedd am latchaf o ymwyllfa phoblusol ac ydych i sicrhau niweddol. John, dyma'r prysgwys pwysig. I'm going to give a context for what's happening from a technological point of view and why it's such an interesting and exciting time. I'm going to talk about the social and political context in which we are operating and then talk about an agenda for public policy opportunities. The cloud computing is expanding hugely. We have Europe's largest data center just a few miles away from here. We call it a data center, but in fact it's 20 data centers. A logical unit of perhaps a million CPUs per data center. In response to the increasing demand across Europe we're building data centers as fast as we can. That demand is driven first by cost. Let me just tell a brief story in my previous role in Redmond, Washington, where corporate headquarters are. I had a role where I was chief of staff and deputy general counsel for legal and corporate affairs and the departmental IT group reported into me. We got a budget from the corporate IT people every year about $10 million for our departmental projects. By the time they deducted all the cost for updating the hardware, upgrading the software and patching and maintaining, I was left with a budget of about $3 million for projects. I thought, this kind of sucks. We set out to essentially move all of our departmental applications to the cloud. Today we do that. We've got about a $2 million cost to Azure, our online service for enterprises. At scale in cloud computing, the Azure people, they can upgrade, patch, maintain and keep everything up to date at scale at a much lower cost. I've got a lot more money than to spend on projects in terms of developing new software, new programs and improving existing programs. The most compelling thing initially about the cloud is cost. As a practical matter, I'm not going to make the claim for every cloud computing center, but our service, we believe we can keep your data more secure than you can possibly do yourself. Whether you're a law firm, an NGO or a major enterprise, it's a major challenge to remain secure. Not only can we do those things about patching and maintaining and keeping your software up to date so that you don't have vulnerabilities, but the cloud enables us to do some things that no organization could do by itself. There's something called advanced threat protection, which we offer on email. When an attachment comes in, the traditional way to do it is to scan for viruses. Viruses are known malware codes. The problem with the approach of having malware scans is that the malware creator just has to tweak things just a little bit and suddenly you get a false negative. What we can do in the cloud with advanced threat protection is essentially open every attachment, look to see does it make any unusual calls. When you open a Word document, we know what's supposed to happen. If it's doing something else and calling another part of the computing system, we identify that as malware and we immediately know and can protect each and every of our customers around the world against that particular threat. That's the kind of thing you can do in the cloud that you couldn't do as a standalone enterprise. The real exciting part of the cloud is the advanced technologies that it enables. Things like voice recognition. You can now just, if you develop an app, you can just use our voice recognition as a service. You don't have to figure it out yourself. It's an API on Azure. You can use data analytics and machine learning for your enterprise without having to create a whole IT department of PhD computer scientists to figure out how to do this. In fact, we make it so simple that you get startup companies today that have 20 employees that have a billion-dollar market cap because they're using the cloud to create their company. One example I want to talk about is Rolls-Royce at the Hanover Mesa big industrial fair. The topic was industry 4.0. How information technology is transforming the industrial capacity of production. They brought to our stand at Hanover giant Trent jet engine. These things are really big. They had it opened up and you could see all the sensors on the jet engine. These engines today have got telemetry that bounce off the satellite down to our data centers around the world. In real time, we monitor the performance of their jet engines. We're not in the jet engine business, but we can have our data scientists work with them to answer questions they think are useful and valuable to them. In the first instance, knowing when one of those parts is likely to fail prematurely enables them to schedule a replacement in advance of it failing. Part of their scheduling, oh, this plane is going to be in Chicago a week from Tuesday, will replace the part when it's there. We've got the part. That's a big help to an airline who's running these jet engines. Also, from the machine learning, we're able to, or our data scientists working with them, figure out how they can reduce fuel consumption across the board by 4%. If you're running an airline, your fuel costs are one of the biggest costs that you have. If you can reduce that by essentially teaching your planes and your pilots to fly more efficiently, that's a huge advantage for Rolls Royce. Those are the kind of data analytics that companies will be using to turn their products into services and create more value for their customers. That's the kind of thing you can do with the cloud that you couldn't do on your own. As we think about the cloud, one thing to note is it's a fundamentally different relationship with our customers. We're not just selling technology. We're hosting their data. We sometimes talk that we become a bank and we need to hold people's data safely. But it's different because banks, if they lose $1,000, it's fungible, another $1,000. If we lose your data, you can't feed them. It's not fungible. It's a real problem. Maintaining security and trust and protecting the integrity of data becomes a hugely important project for us. Now, let me just say a few words about the social political context in which this cloud evolution is taking place. I think you'll all agree that there is deep dissatisfaction among many people in Europe and the United States with our political institutions, international trade and globalization. The rise of populism and nationalism across Europe and the United States is shaping our political realities today. Eight years after the financial crisis, most people have not been able to get back to where they were economically before the crisis. Comparing 2014 household incomes across advanced economies, Mackenzie Global Institute found that 65 to 70% of incomes were flat or down from 2005. In 2014, the real median income for US households was $53,657. In real terms, that level was first reached in 1989, 25 years ago. Among a lot of people in our societies, they're not finding, they're not seeing, feeling, enjoying the benefits of the new economy that technology is creating. In the US, the manufacturing sector in particular declined dramatically after the financial crisis. The good news is, manufacturing came back. The bad news is the jobs didn't. Robotics and computerization greatly reduced the number of jobs in the sector. In 2013, Oxford professors Carl Frey and Michael Osborne wrote a study about the propensity or the risk of jobs to automation. They found that 47% of US jobs were at risk being lost to automation. It correlates strongly with education and hourly wages. If your hourly wage is less than $20 an hour, they say there's an 82% probability of your job being lost to automation. Of course, these numbers are dynamic world things change, but the economic effects of this new world continue to have profound social implications. The phrase is, you have to be smarter or cheaper than a machine to have a job. As we think about the new world ahead, I think it's particularly important to think about the social and political context and ensuring that people feel included in the opportunities that our new economy presents and not left behind. I think we as a company in particular have been focusing on why is it that Germany and Austria have a youth unemployment rate that's similar to the adult unemployment rate? They've got great apprenticeship programs. Can we model those? In fact, we're trying to bring some of those programs to our home state of Washington to try to see if we can do things to reduce youth unemployment rate and create people who are capable of higher skilled, higher wage jobs. We're also promoting digital education, giving people a chance to spend more time learning some computer science. There's a great program called Hour of Code started by a Microsoft alum, Hadi Portovi. It's just an online thing and once a year there's a big campaign to get kids to go online and just try coding for an hour. I was at some meetings with Hadi and I came home and said to my kids, tonight let's do Hour of Code and it's fairly simple kind of things but it turns out my daughter really liked it. In fact, my daughter, that was the first time she did anything like that. She's now a computer science major. Just giving kids an opportunity to open new windows into the world can help them pursue new ideas. I think that as we think about education today and skills for our kids we ought to be thinking about what are the models that we see around the world that can create better paying jobs for the less educated in our society. Dublin as the digital capital of Europe I think has some great advantages and some big challenges. You've thought very carefully about creating telecom pairings and infrastructure here so that it's a great infrastructure for cloud computing. You're also extremely fortunate to have very cool climate weather. In our data center between just using natural air and some passive cooling, swamp cooler things, we can minimize the amount of time we actually have to run the cooling systems on our data centers to a very small number of hours a year. The Irish weather is blue skies today but it is a significant advantage to you. But there are some things that are left undone and privacy, security and government access are key issues and I want to spend a few minutes talking about the challenges there. As the keeper of data for our company, for our customers, we are very protective of when government should get access to it. And so after the stolen disclosures we filed a lawsuit in the foreign intelligence surveillance court so we could disclose more information about how many orders we receive. And they're all on things like hotmail accounts. We don't have enterprises data being requested. We've never had a FISA request for an enterprise account but we were able to report that it's about 16,000 to 18,000 kinds of various accounts that are being monitored pursuant to the NSA and it's all pursuant to court orders. And when you consider we've got hundreds of millions of email accounts for hotmail and livemail and Outlook.com, it's actually a very, very small percentage. But we also have looked at our European customers and especially organizations. They don't want the NSA or the US courts to get access to their data. It's not surprising. Europeans want European privacy law to protect them. And so we began looking at how do we deal with some of the cross-border issues and that led us to file a lawsuit when we received a search warrant for an email account that was for an individual, a hotmail account. And it was stored here in our Dublin data center. And we argued that the search warrant provision of the Stored Communications Act did not reach outside the United States. And so the legal history of a search warrant is that it's authorization and license from a court to the sheriff to go do something that would otherwise be illegal. To go to that building, break down the door and seize evidence. And that is by nature territorial limited. You can't immunize your sheriff to cross the border into another country and go do that. So it is a territorial act. The US statute did not, there was no intent from Congress when the statute was passed more than 20 years ago to make it extra territorial. And so we lost at the trial court, but we've eventually won at the Second Circuit Court of Appeals in New York. And we don't know what's going to happen. The Department of Justice has filed a motion asking the Second Circuit to rehear it en banc, sort of grand chamber. It's been well over a month since that request was made and we've not heard anything from the court. We take that as a positive sign, but we don't know what's going to happen to that. We are anticipating that the Department of Justice will ask the Supreme Court to take it. And if they do, it'll be very important for industry to continue for industry customers and governments to continue to support us. In the Second Circuit litigation, we were deeply appreciative of the Irish government's willingness to file an amicus brief setting out concerns about the case. We were also, we had amicus briefs from about 50 computer scientists and about 50 different companies and trade associations in the United States, ranging everything from the American Civil Liberties Union on the left to the American Chamber of Commerce on the right, and everybody broadly in support of our position. We think it's incredibly important to continue to advance that litigation, but the litigation doesn't really solve problems. It creates an opportunity to create some new laws because the United States is going to want to do something, and Ireland, coming back, needs to do something as well. After the Paris and Brussels attacks, we receive emergency requests from governments for email of accounts associated with the terrorists. And under the US statute, we are able to comply with those because when we have a well-founded belief that disclosure of our customers' data is necessary to protect human life or prevent serious bodily injury, we are authorized but not required by law to be able to disclose that to governments. Here in Ireland, the Data Protection Commissioner a few years ago in a report concluded that that same principle was applicable under Irish law. And so that is incredibly important, and after those attacks, the Paris attacks, we were able to respond within 45 minutes. But it's a bit of a circular route because the French government went to the FBI in Washington DC. The FBI came to us at our Seattle headquarters three times zones away. We supplied the information to the FBI, and they returned, supplied it to the authorities in France. With data stored in Dublin, we need to have some system in place so that the authorities in Paris can, under the right circumstances, get data stored in Dublin. And so I think there's three broad interests at stake. There's security, there's privacy, and there's sovereignty. Security, we understand. I don't think there's any function more important for a government than keeping its citizens safe. Privacy's nuanced. There's a couple aspects of it I want to call out. It's not just the individual, you know, my private personal email account, but it's also our organizations. And so I think we host the British Parliament's email system here in Dublin. And they want to know that the Dublin government and the Washington DC government are not going to access their emails. We need a system so that corporations can feel secure that the existing rules that apply on paper will also protect them in the cloud. And so if you're a general counsel, one of the things that you prepare for and you worry about is a dawn raid from competition authorities or another regulator. Now, going through a dawn raid is not a fun experience, but people fear a dawn raid they didn't even know took place. When government came in and captured their data without them knowing it. So we need organizational rules as well as privacy rules for individuals. The third aspect on sovereignty is where it can be worked out, but it's going to require work and cooperation. So our response to the US government on the warrant case was you have a mutual legal assistance treaty with the government of Ireland. Use it. And they said, well, we don't have to use it. We don't want to use it. We want to be able to unilaterally get the information. Now, if you're in Dublin and the government say, well, we agreed to a process by which you can get evidence that's here in Ireland, but now you just want to unilaterally take it. It does feel like an infringement of sovereignty. And sovereignty can be shared, but it's done by consent and agreement. You can have bilateral agreement, but you need to work through those issues so that governments can accept and put the right parameters on that intrusion on their sovereignty. And so I think there's a few different options for how Dublin can take this forward. And I will say the Irish government needs to be a leader because it has the most at stake at ensuring that Dublin remains and Ireland remains a major digital capital. And so you can think about, could we have some harmonization at the European Union level? There's pluses and minuses. First of all, it's a big group. Secondly, law enforcement is not directly part of the competence or of limited competence for the European institutions. But privacy is. And so potentially with privacy aspects, one could think about creating the kind of framework that the U.S. has with the Stored Communications Act. Secondly, you could think about just a multilateral treaty outside the European Union so you don't have to deal with the full 28 to begin with. And you don't have to worry about the competence of the European institutions or the fact that one of the leading economic partners will be leaving Europe. And so you could think about a bilateral or multilateral agreement that sets these things out that deals with not just the challenge of giving evidence that you can use in a court for a trial, but information that can be used in real time for an ongoing investigation. And so that kind of agreement is possible. Under that scenario, you probably need domestic legislation. And the Irish government, I think, can probably address these issues in a way that best suits the Irish economy and Irish interests by pursuing domestic legislation. It can frame up the right privacy interests and it can define how and when it gives access to other governments in a way that Irish unilaterally decides. So I think that there's different ways forward, but I think it's not just an opportunity, but really an imperative for Ireland to move forward on those things. The privacy shield is another privacy-related topic. Weave as a company and me personally have been strongly advocating for the privacy shield. And I think for the first time, the US government and the European Union institutions work through in a great deal of detail and understanding each other's laws. And so if the original Safe Harbor was signed off on and stuck in a Manila folder, or actually there are blue paper folders in Brussels, this is a completely different situation. There are extensive assurances and guarantees. There are extensive letters from the Director of National Intelligence, from the Secretary of Commerce, from the Secretary of State. That detail how US law works in terms of surveillance and privacy protections that I believe go very far to addressing the concerns raised in the Safe Harbor agreement. But there's also something else, which is there's an annual review. And so there are ongoing discussions about perceived gaps and improvements that can be made to the agreement. So I believe it does have an updating mechanism. It is based upon a much, much more detailed analysis of US law. And so I believe that it deserves support. And Digital Rights Ireland, I know, has filed a claim in Luxembourg challenging the validity of it. And we'll see how the court handles that as a company, especially a sophisticated company. We can do planning scenarios where we can find other means of complying with international transfers requirements. But smaller companies or universities that have students taking massive online courses, there's a lot of users for whom the privacy shield is very, very important. And it's one of the few successes we've had in the transatlantic discussions in recent years. And so I think it's just from a macro political point of view, it's important of success preserving it. Another area is to raise and is cyber security. We've got the NIS directive, which was recently adopted in Brussels, the Network Information Security directive, I believe. And again, because Dublin is where the major technology companies are located, and the General Data Protection Regulation and the NIS directive have a country of headquarters principle. The Irish regulators on network security and on privacy will be front and center, and they will be controlling most of the major activity across Europe. And so the NIS directive is both an opportunity and a challenge. Ideally we'll find countries looking for a way to have a common approach as opposed to going at their own and having an inventing their own approaches to defining cyber security. The Italian National Security Agency has been quite interesting because they decided that rather than spend the next two years trying to define a cyber security regulation, they would start with some of the U.S. cyber security frameworks and just tweak and augment those. We're hopeful that the Irish authorities will look for ways to, in the long term, have a harmonized approach so that it's good regulation, but it's regulations that work for companies that have presence in multiple jurisdictions. And so security, privacy, lawful access, those are key areas for the digital industries. And I think key issues for Ireland is the digital capital for Europe. And so happy to take questions, have discussions, feel free to give me your point of view. And I would like to thank the institute for the invitation here today. Thank you.