Microsoft Subnet An independent Microsoft community View more

Judge to Microsoft: Hand over cloud data no matter where in the world it is stored

If you use cloud services offered by US companies, then there's no corner of the globe where your data is private or safe from the prying eyes of the US government.

"The U.S. government doesn't have the power to search a home in another country, nor should it have the power to search the content of email stored overseas," wrote Microsoft Deputy General Counsel David Howard. That was last week when Microsoft challenged the power of US government-issued search warrants seeking customer content stored exclusively outside the US. The judge rejected Microsoft's reasoning, which Howard said was the expected course of action and will "bring the issue to a US district court judge and probably to a federal court of appeals."

As it stands now, it does not matter where in the world cloud data is stored, even if it is overseas and protected by EU laws, if the US government wants to see it. Microsoft was ordered to deliver the digital goodies from a customer's account stored on a server located in Dublin, Ireland.

In December, US Magistrate Judge James C. Francis IV, of the Southern District of New York ordered Microsoft to hand over everything to do with the user's account. According to the court document, that included:

It seemed important that you see for yourself what all data is at risk if the US government comes up with a warrant to hand it over.

So how does the judge justify thinking the US is entitled to everyone's cloud data if it belongs to a US company like Microsoft, Google or Amazon? The decision is based on the Stored Communications Act (SCA), which is part of the 1986 Electronic Communications Privacy Act (ECPA). "The SCA was enacted at least in part in response to a recognition that the Fourth Amendment protections that apply in the physical world, and especially to one's home, might not apply to information communicated through the internet." The SCA allows US government agencies to order a company to turn over all records in response to a subpoena, a court order, or a search warrant.

According to Reuters, Francis said, "If US agencies were required to coordinate efforts with foreign government to secure such information," then "the burden on the government would be substantial, and law enforcement efforts would be seriously impeded."

The judge looked at several cases that could not be applied to support Microsoft's position. One of those involved Trojan horse search warrants, a warrant the government seeks so it can "hack a computer suspected of criminal use," extract data and even covertly turn on a web cam to view the user. In the past we've looked at such warrants for remote computer searches, as well as the Fourth Amendment's future if the government uses virtual force. The judge said such warrants had nothing to do with SCA warrants or the ECPA.

Judge Francis concluded:

Even when applied to information that is stored in servers abroad, an SCA Warrant does not violate the presumption against extraterritorial application of American law. Accordingly, Microsoft's motion to quash in part the warrant at issue is denied.

Although I'm glad Microsoft is trying to fight search and seizure warrants issued by the US for data stored in other countries, I'm not sure anyone who values their privacy should use a US email provider or keep any data stored on servers that belong to a business located in the US. As an American, that's a painful thing to suggest. Sure, they all say your privacy and security is important to us, but what else are they going say? This is just PR BS? Last year, former Microsoft Privacy Chief Caspar Bowden announced that he no longer trusted Microsoft. Should you?

If businesses or individuals are afraid to trust United States corporations like Microsoft with their data, that could easily put a big dent in Microsoft's "mobile-first, cloud-first" business strategy.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.