Feeds

Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers

They're not emails, they're business records, says court

Beginner's guide to SSL certificates

Microsoft has lost the first round in its fight to stop the US authorities from seizing customer data stored inside its overseas data centers.

Following a two-hour hearing before the US District Court for the Southern District of New York on Thursday, District Judge Loretta Preska ruled that a US warrant ordering Microsoft to hand over its customers' emails and other data was valid, even though the data in question was stored on servers in Dublin, Ireland.

Redmond had argued that because the data was managed by one of its foreign subsidiaries, local law and not US law should apply. Judge Preska disagreed.

"It is a question of control, not a question of the location of that information," she said.

Among US tech companies, Microsoft has been one of the most vocal in opposing US government requests for customer information, particularly where those requests are accompanied by gag orders preventing Redmond from discussing them with the customers in question.

In May, the software giant revealed that it had successfully challenged a so-called National Security Letter issued by the FBI, and it pledged that it would continue to challenge any future such letters demanding data about its enterprise and government customers.

Thursday's hearing involved a case where Microsoft received a search warrant seeking access to one of its European customers' emails as part of a narcotics investigation. Which agency issued the warrant is unknown because all documents related to the matter are sealed.

During the hearing, Redmond argued that under US law a warrant cannot reach beyond US shores, and that to flout this requirement for electronic communications would set a dangerous precedent.

"If the US government prevails in reaching into other countries' data centers, other governments are sure to follow," Microsoft general counsel Brad Smith wrote in an editorial in the Wall Street Journal on Tuesday.

"One already is. Earlier this month the British government passed a law asserting its right to require tech companies to produce emails stored anywhere in the world. This would include emails stored in the U.S. by Americans who have never been to the U.K."

But lawyers for the US Justice Department successfully argued on Thursday that US law already recognizes warrants for certain kinds of foreign-held information, such as financial records stored overseas by US banks. Because Microsoft is a US company and it "controls" the data held in its overseas servers, they reasoned, the same rules apply.

Redmond, on the other hand, contended that emails are the sole property of their recipients, like postal letters, and that as such they deserve greater privacy protections than do business records – an argument that apparently failed to persuade Judge Preska.

Microsoft's Smith issued a brief statement following Thursday's ruling, saying, "The only issue that was certain this morning was that the District Court's decision would not represent the final step in this process. We will appeal promptly and continue to advocate that people's email deserves strong privacy protection in the U.S. and around the world."

Judge Preska has already agreed to suspend her ruling until Microsoft challenges it in the Second US Circuit Court of Appeals. ®

Remote control for virtualized desktops

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
Do you spend ages wasting time because of a bulging rack?
No more cloud-latency tea breaks for you, users! Get a load of THIS
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.