Feeds

Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers

They're not emails, they're business records, says court

Security for virtualized datacentres

Microsoft has lost the first round in its fight to stop the US authorities from seizing customer data stored inside its overseas data centers.

Following a two-hour hearing before the US District Court for the Southern District of New York on Thursday, District Judge Loretta Preska ruled that a US warrant ordering Microsoft to hand over its customers' emails and other data was valid, even though the data in question was stored on servers in Dublin, Ireland.

Redmond had argued that because the data was managed by one of its foreign subsidiaries, local law and not US law should apply. Judge Preska disagreed.

"It is a question of control, not a question of the location of that information," she said.

Among US tech companies, Microsoft has been one of the most vocal in opposing US government requests for customer information, particularly where those requests are accompanied by gag orders preventing Redmond from discussing them with the customers in question.

In May, the software giant revealed that it had successfully challenged a so-called National Security Letter issued by the FBI, and it pledged that it would continue to challenge any future such letters demanding data about its enterprise and government customers.

Thursday's hearing involved a case where Microsoft received a search warrant seeking access to one of its European customers' emails as part of a narcotics investigation. Which agency issued the warrant is unknown because all documents related to the matter are sealed.

During the hearing, Redmond argued that under US law a warrant cannot reach beyond US shores, and that to flout this requirement for electronic communications would set a dangerous precedent.

"If the US government prevails in reaching into other countries' data centers, other governments are sure to follow," Microsoft general counsel Brad Smith wrote in an editorial in the Wall Street Journal on Tuesday.

"One already is. Earlier this month the British government passed a law asserting its right to require tech companies to produce emails stored anywhere in the world. This would include emails stored in the U.S. by Americans who have never been to the U.K."

But lawyers for the US Justice Department successfully argued on Thursday that US law already recognizes warrants for certain kinds of foreign-held information, such as financial records stored overseas by US banks. Because Microsoft is a US company and it "controls" the data held in its overseas servers, they reasoned, the same rules apply.

Redmond, on the other hand, contended that emails are the sole property of their recipients, like postal letters, and that as such they deserve greater privacy protections than do business records – an argument that apparently failed to persuade Judge Preska.

Microsoft's Smith issued a brief statement following Thursday's ruling, saying, "The only issue that was certain this morning was that the District Court's decision would not represent the final step in this process. We will appeal promptly and continue to advocate that people's email deserves strong privacy protection in the U.S. and around the world."

Judge Preska has already agreed to suspend her ruling until Microsoft challenges it in the Second US Circuit Court of Appeals. ®

New hybrid storage solutions

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.