"The U.S. government doesn't have the power to search a home in another country, nor should it have the power to search the content of email stored overseas," wrote Microsoft Deputy General Counsel David Howard. That was last week when Microsoft challenged the power of US government-issued search warrants seeking customer content stored exclusively outside the US. The judge rejected Microsoft's reasoning, which Howard said was the expected course of action and will "bring the issue to a US district court judge and probably to a federal court of appeals."
As it stands now, it does not matter where in the world cloud data is stored, even if it is overseas and protected by EU laws, if the US government wants to see it. Microsoft was ordered to deliver the digital goodies from a customer's account stored on a server located in Dublin, Ireland.
In December, US Magistrate Judge James C. Francis IV, of the Southern District of New York ordered Microsoft to hand over everything to do with the user's account. According to the court document, that included:
It seemed important that you see for yourself what all data is at risk if the US government comes up with a warrant to hand it over.
So how does the judge justify thinking the US is entitled to everyone's cloud data if it belongs to a US company like Microsoft, Google or Amazon? The decision is based on the Stored Communications Act (SCA), which is part of the 1986 Electronic Communications Privacy Act (ECPA). "The SCA was enacted at least in part in response to a recognition that the Fourth Amendment protections that apply in the physical world, and especially to one's home, might not apply to information communicated through the internet." The SCA allows US government agencies to order a company to turn over all records in response to a subpoena, a court order, or a search warrant.
According to Reuters, Francis said, "If US agencies were required to coordinate efforts with foreign government to secure such information," then "the burden on the government would be substantial, and law enforcement efforts would be seriously impeded."
The judge looked at several cases that could not be applied to support Microsoft's position. One of those involved Trojan horse search warrants, a warrant the government seeks so it can "hack a computer suspected of criminal use," extract data and even covertly turn on a web cam to view the user. In the past we've looked at such warrants for remote computer searches, as well as the Fourth Amendment's future if the government uses virtual force. The judge said such warrants had nothing to do with SCA warrants or the ECPA.
Judge Francis concluded:
Even when applied to information that is stored in servers abroad, an SCA Warrant does not violate the presumption against extraterritorial application of American law. Accordingly, Microsoft's motion to quash in part the warrant at issue is denied.
Although I'm glad Microsoft is trying to fight search and seizure warrants issued by the US for data stored in other countries, I'm not sure anyone who values their privacy should use a US email provider or keep any data stored on servers that belong to a business located in the US. As an American, that's a painful thing to suggest. Sure, they all say your privacy and security is important to us, but what else are they going say? This is just PR BS? Last year, former Microsoft Privacy Chief Caspar Bowden announced that he no longer trusted Microsoft. Should you?
If businesses or individuals are afraid to trust United States corporations like Microsoft with their data, that could easily put a big dent in Microsoft's "mobile-first, cloud-first" business strategy.
Like this? Here's more posts:
- Microsoft warns Internet Explorer 6 to 11 vulnerable to zero-day spotted in the wild
- IP address does not identify a person, judge tells copyright troll in BitTorrent case
- Forget physical access: Remote USB attacks can blue screen Windows servers
- When student recorded bullies with iPad, school claimed it was felony wiretapping
- Data breach report: 9 attack patterns describe 92% of 100,000 security incidents
- Record and rewind: Cops quietly test aerial surveillance to track crime
- Fake police warning leads to murder-suicide: Deaths due to ransomware?
- Windows 8.1. Update required for future Windows 8.1, Server 2012 R2 security patches
- How to change Windows 8.1 to local account with no Microsoft email account required
- Would you be on Project Insight kill list from 'Captain America: The Winter Soldier'?
- Research: Attacks on HTML5-based apps infect smartphones, spread like a 'worm'
- USA world rankings: #1 for sending spam, #8 for Netflix streaming speeds
Follow me on Twitter @PrivacyFanatic