Microsoft Gains Allies Against US Data Demands

H-1B Visa Program: 13 Notable Statistics

Microsoft on Monday welcomed new allies in its fight to avoid surrendering customer email stored in Ireland to federal prosecutors in the United States.

Ten legal briefs were filed with the Second Circuit Court of Appeals on behalf of 28 technology and media companies, 35 computer scientists, and 23 trade and advocacy organizations. The amicus briefs argue that the US government should not be able to use a US search warrant to demand that Microsoft produce data stored abroad.

A negative outcome of the case could undermine cloud computing services, something the technology industry has struggled to reinforce following the disclosures last year arising from documents leaked by Edward Snowden. Businesses and individuals will be reluctant to use cloud computing services if any government can demand data in any other country.

In December 2013, federal prosecutors asked for a search warrant to obtain the contents and the metadata of a Microsoft user account, pursuant to a narcotics investigation. The metadata was stored in the US, but the contents of the messages were stored in Dublin, Ireland. Microsoft refused to turn over the contents of the messages, arguing US authorities have no jurisdiction over data stored abroad

[Is your iPhone at risk? Read New Attack Method Can Hit 95% Of iOS Devices.]

In April 2014, a federal judge disagreed and ordered Microsoft to turn over the emails. Microsoft then appealed to a New York district court and was denied again. The company's latest appeal brings the case to the Second Circuit Court of Appeals, one level below the Supreme Court.

Given that the Supreme Court agrees to consider less than 1% of appeals, Circuit Court decisions tend to set legal precedents.

Microsoft and companies that have joined its case in support -- including Apple, Amazon, AT&T, Cisco, Salesforce, HP, eBay, Infor, Rackspace, and Verizon -- believe that the US government should rely on established legal practice rather than attempt to enforce US law in a foreign country.

"We believe that when one government wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws," said Brad Smith, general counsel and EVP of legal and corporate affairs at Microsoft, in a blog post. "In contrast, the U.S. Government's unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk."

In its legal filing, Microsoft argues that if the US government can demand data from a US company no matter where that data is located, the US will have no grounds to object when foreign governments raid Microsoft offices abroad and order employees to download data that Microsoft has stored in the US.

"The DOJ in effect challenges people's ability around the world to rely on the privacy protections of their own governments and laws," said Smith.

Microsoft is fighting for the right to retain access to data stored on its servers without providing that data on demand. A loss could mean that the only viable option for cloud computing companies is to adopt a zero-knowledge policy -- to be unable to unlock customer data in the cloud, a stance Apple and Google have already taken for data on mobile phones. 

From a security standpoint, this might be ideal for many cloud computing customers, but it would challenge cloud computing companies that rely on data access for sharing and for revenue.

Dark Reading's new Must Reads is a compendium of our best recent coverage of BYOD security. Learn why and how mobile employees challenge security models, why being paranoid about mobile security makes sense, how iOS 8 and Android system match up on security, and more. Get the Must Reads: BYOD Security issue of Dark Reading today. (Free registration required.)