A far-reaching privacy legal battle between Microsoft and the US government has been in the courts for many months. In December, it became a headline again when Microsoft unveiled a list of companies (including Amazon) that supported its efforts to overturn the decision by a US judge compelling it to hand over customer emails stored on a server overseas.
The case has serious implications for cloud computing because the ruling by US Magistrate Judge James Francis in New York in April 2014 held that customers of US internet service providers in other countries would not be protected by the laws of their own jurisdictions against investigation by US law enforcement agencies.
As Microsoft general counsel and executive vice president, legal and corporate affairs, Brad Smith puts it: “This case involves not a narrow legal question, but a broad policy issue that is fundamental to the future of global technology.” He argues that if a government “wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws.”
Microsoft claimed the US government was putting fundamental privacy rights at risk. The US government was arguing emails stored “in the cloud cease to belong exclusively to you. Instead, according to the government, your emails become the business records of a cloud provider. Because business records have a lower level of legal protection, the government claims it can use a different and broader legal authority to reach emails stored anywhere in the world”.
And it accused the Department of Justice of challenging people’s ability around the world “to rely on the privacy protections of their own governments and laws”.
Chris Marshall, Managing Director of blueAPACHE explains; “This decision will have a huge impact on the future of cloud computing. If the US government has access to files stored in other countries simply because the provider is based in the US, no one will want to use global cloud providers.
“We recognised this issue five years ago when first building our cloud infrastructure. To protect client’s privacy from unwarranted intrusion by foreign government agencies, we needed to ensure all server and redundancy platforms were owned and maintained within Australia. It was the more expensive option, but the current Microsoft case highlights how fickle privacy can be when you opt for cheaper offshore options.”
This problem is potentially multiplied when you take the Australian 2014 Privacy Act changes that threatens hefty penalties for Australian organisations who fail to protect their client’s data.
The irony is that the US government doesn’t appear to appreciate that the big losers if it gets its way in this case will be US-based companies offering cloud computing services to customers in other markets. A decision which reinforces the primacy of US law enforcement over the independence of foreign jurisdictions should further deter customers from signing up to US-owned services.