Microsoft Gains Allies Against US Data Demands - InformationWeek
IoT
IoT
Cloud // Cloud Storage
News
12/15/2014
04:00 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Gains Allies Against US Data Demands

Several dozen companies, trade groups, and computer scientists agree that Microsoft should not have to provide data stored in Ireland when presented with a US search warrant.

H-1B Visa Program: 13 Notable Statistics
H-1B Visa Program: 13 Notable Statistics
(Click image for larger view and slideshow.)

Microsoft on Monday welcomed new allies in its fight to avoid surrendering customer email stored in Ireland to federal prosecutors in the United States.

Ten legal briefs were filed with the Second Circuit Court of Appeals on behalf of 28 technology and media companies, 35 computer scientists, and 23 trade and advocacy organizations. The amicus briefs argue that the US government should not be able to use a US search warrant to demand that Microsoft produce data stored abroad.

A negative outcome of the case could undermine cloud computing services, something the technology industry has struggled to reinforce following the disclosures last year arising from documents leaked by Edward Snowden. Businesses and individuals will be reluctant to use cloud computing services if any government can demand data in any other country.

In December 2013, federal prosecutors asked for a search warrant to obtain the contents and the metadata of a Microsoft user account, pursuant to a narcotics investigation. The metadata was stored in the US, but the contents of the messages were stored in Dublin, Ireland. Microsoft refused to turn over the contents of the messages, arguing US authorities have no jurisdiction over data stored abroad

[Is your iPhone at risk? Read New Attack Method Can Hit 95% Of iOS Devices.]

In April 2014, a federal judge disagreed and ordered Microsoft to turn over the emails. Microsoft then appealed to a New York district court and was denied again. The company's latest appeal brings the case to the Second Circuit Court of Appeals, one level below the Supreme Court.

Given that the Supreme Court agrees to consider less than 1% of appeals, Circuit Court decisions tend to set legal precedents.

Microsoft and companies that have joined its case in support -- including Apple, Amazon, AT&T, Cisco, Salesforce, HP, eBay, Infor, Rackspace, and Verizon -- believe that the US government should rely on established legal practice rather than attempt to enforce US law in a foreign country.

"We believe that when one government wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws," said Brad Smith, general counsel and EVP of legal and corporate affairs at Microsoft, in a blog post. "In contrast, the U.S. Government's unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk."

In its legal filing, Microsoft argues that if the US government can demand data from a US company no matter where that data is located, the US will have no grounds to object when foreign governments raid Microsoft offices abroad and order employees to download data that Microsoft has stored in the US.

"The DOJ in effect challenges people's ability around the world to rely on the privacy protections of their own governments and laws," said Smith.

Microsoft is fighting for the right to retain access to data stored on its servers without providing that data on demand. A loss could mean that the only viable option for cloud computing companies is to adopt a zero-knowledge policy -- to be unable to unlock customer data in the cloud, a stance Apple and Google have already taken for data on mobile phones. 

From a security standpoint, this might be ideal for many cloud computing customers, but it would challenge cloud computing companies that rely on data access for sharing and for revenue.

Dark Reading's new Must Reads is a compendium of our best recent coverage of BYOD security. Learn why and how mobile employees challenge security models, why being paranoid about mobile security makes sense, how iOS 8 and Android system match up on security, and more. Get the Must Reads: BYOD Security issue of Dark Reading today. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
asksqn
50%
50%
asksqn,
User Rank: Ninja
12/27/2014 | 5:11:10 PM
All your data belong to the NSA
MS can argue all it wants and its allies may submit amicus briefs til the cows come home but all bets will be off the moment the NSA murmurs the words "national security."  
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
12/15/2014 | 10:44:26 PM
Re: Data protected overseas? Expect a massive migration toward EU cloud facilities.
That is a great article, overall the IT industry faces many problems that are related to globalization (which is a good thing) and due to the nature of the IT sector -- this sector becomes the first sector to be presented with a situation before any other sector has to deal with a similar situation.

Economically, both options seem to be lowering US firm's competitiveness i.e. on the one hand data should be handed over, this will create a situation where firms that have their HQ elsewhere in the world are more competitive because businesses will take up their service and on the other hand, if zero-knowledge encryption is utilized then IT firms will not be able to aggregate data and earn some extra revenue.

And, narcotics are also not good for the economy or society -- interesting dilemma.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
12/15/2014 | 6:38:29 PM
Re: Data protected overseas? Expect a massive migration toward EU cloud facilities.
Ultimately, we will either have to have a treaty that normalizes law enforcement access across borders or zero-knowledge encryption all the time will be the only option.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
12/15/2014 | 6:13:29 PM
Data protected overseas? Expect a massive migration toward EU cloud facilities.
If technology companies succeed in establishing data non-access protection overseas but not the U.S., we will have shoot the cloud industry in the foot at a very young age. Understood, the legal argument is more persuasive when it addresses storage in Ireland. I'm just not sure this is the right precedent to establish. Let's reform our own house.
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll