Feeds

Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers

They're not emails, they're business records, says court

Top 5 reasons to deploy VMware with Tegile

Microsoft has lost the first round in its fight to stop the US authorities from seizing customer data stored inside its overseas data centers.

Following a two-hour hearing before the US District Court for the Southern District of New York on Thursday, District Judge Loretta Preska ruled that a US warrant ordering Microsoft to hand over its customers' emails and other data was valid, even though the data in question was stored on servers in Dublin, Ireland.

Redmond had argued that because the data was managed by one of its foreign subsidiaries, local law and not US law should apply. Judge Preska disagreed.

"It is a question of control, not a question of the location of that information," she said.

Among US tech companies, Microsoft has been one of the most vocal in opposing US government requests for customer information, particularly where those requests are accompanied by gag orders preventing Redmond from discussing them with the customers in question.

In May, the software giant revealed that it had successfully challenged a so-called National Security Letter issued by the FBI, and it pledged that it would continue to challenge any future such letters demanding data about its enterprise and government customers.

Thursday's hearing involved a case where Microsoft received a search warrant seeking access to one of its European customers' emails as part of a narcotics investigation. Which agency issued the warrant is unknown because all documents related to the matter are sealed.

During the hearing, Redmond argued that under US law a warrant cannot reach beyond US shores, and that to flout this requirement for electronic communications would set a dangerous precedent.

"If the US government prevails in reaching into other countries' data centers, other governments are sure to follow," Microsoft general counsel Brad Smith wrote in an editorial in the Wall Street Journal on Tuesday.

"One already is. Earlier this month the British government passed a law asserting its right to require tech companies to produce emails stored anywhere in the world. This would include emails stored in the U.S. by Americans who have never been to the U.K."

But lawyers for the US Justice Department successfully argued on Thursday that US law already recognizes warrants for certain kinds of foreign-held information, such as financial records stored overseas by US banks. Because Microsoft is a US company and it "controls" the data held in its overseas servers, they reasoned, the same rules apply.

Redmond, on the other hand, contended that emails are the sole property of their recipients, like postal letters, and that as such they deserve greater privacy protections than do business records – an argument that apparently failed to persuade Judge Preska.

Microsoft's Smith issued a brief statement following Thursday's ruling, saying, "The only issue that was certain this morning was that the District Court's decision would not represent the final step in this process. We will appeal promptly and continue to advocate that people's email deserves strong privacy protection in the U.S. and around the world."

Judge Preska has already agreed to suspend her ruling until Microsoft challenges it in the Second US Circuit Court of Appeals. ®

Beginner's guide to SSL certificates

More from The Register

next story
Ellison: Sparc M7 is Oracle's most important silicon EVER
'Acceleration engines' key to performance, security, Larry says
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Lenovo to finish $2.1bn IBM x86 server gobble in October
A lighter snack than expected – but what's a few $100m between friends, eh?
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Troll hunter Rackspace turns Rotatable's bizarro patent to stone
News of the Weird: Screen-rotating technology declared unpatentable
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.