Microsoft vs US govt: legal battle tests fate of US cloud companies overseas

11 Jun 20141 Share

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Ireland has found itself in No Man’s Land amidst a post-Edward Snowden battle between software company Microsoft and US authorities over whether data stored in data centres outside the US can be subject to search warrants.

An ongoing legal battle between Microsoft and US authorities over a warrant to access emails stored on a server in the software giant’s data centres in Ireland could have implications for all US cloud companies with data centres overseas.

In May, Microsoft successfully challenged a FBI user information request because the company claimed it violated the user’s right to privacy under the US Constitution.

The case related to a drug trafficking investigation and stemmed from a warrant a judge issued in December.

The Washington Post has reported that Microsoft is determined to continue to fight its corner. Legal experts have warned that if the US government prevails, it would have a detrimental impact on American cloud companies that do business abroad.

The case could have significant implications for Ireland, where US cloud companies including Microsoft, Amazon, Google and Digital Realty have built significant data-centre infrastructure.

Ireland is also home to a growing coterie of born-on-the-internet companies, including Twitter, Dropbox, Airbnb, Facebook, LinkedIn, Yahoo! and many others.

Microsoft’s stance on protecting information stored on its servers both inside and outside the US predates the revelations by rogue NSA contractor Edward Snowden, who revealed the US National Security Agency (NSA) had been spying on web traffic to Microsoft, Google, Apple, Facebook and others through its PRISM system.

Microsoft is arguing that for data held overseas the US authorities need to abide by mutual legal assistance treaties (MLATs), which require compliance with other countries’ laws.

In Ireland’s case, local laws require authorisation from an Irish district court judge to obtain legal content from a telco, ISP or cloud provider.

Microsoft’s US$630m state-of-the-art data centre on the west side of Dublin is home to some 200 core Microsoft products, from Office 365 to its search platform Bing, its cloud development platform Azure, as well as stalwart products such as Lync, Exchange and SharePoint.

In the vicinity is a US$75m data centre owned and operated by Google and a second Google data centre is under construction. Nearby Digital Realty Trust is constructing four data centres side by side on a 10-acre site.

Battle lines being drawn a year since Snowden revelations

Microsoft’s legal counsel Brad Smith, in a recent blog post, was vehement that US search warrants should end at US borders.

“We’re concerned about governmental attempts to use search warrants to force companies to turn over the contents of non-US customer communications that are stored exclusively outside the United States.

“The US government wouldn’t stand for other governments seeking to serve search warrants within American borders to seize the content of US citizens’ emails without going through US legal process. Why should it expect other governments to react any differently?

“The US government should stop trying to force tech companies to circumvent treaties by turning over data in other countries. Under the Fourth Amendment of the US Constitution, users have a right to keep their email communications private.

“We need our government to uphold Constitutional privacy protections and adhere to the privacy rules established by law.

“That’s why we recently went to court to challenge a search warrant seeking content held in our data centre in Ireland. We’re convinced that the law and the US Constitution are on our side, and we are committed to pursuing this case as far and as long as needed,” Smith said.

The crux of the matter appears to be around whether if the emails were opened in the US even though they sit on servers outside the country then therefore they fall under US warrants.

However, Microsoft argues that asking technicians in Dublin to search and retrieve data on Dublin servers effectively amounts to search and seizure.

The Electronic Frontier Foundation is planning a legal brief this week that will argue that copying data stored on servers outside the US amounts to seizure under the Fourth Amendment.

US telco Verizon argues that if the US government prevails on the matter it could cost US companies billions of dollars in lost revenues and undermine international agreements. There’s also the issue of technology firms dealing with the headache of receiving hundreds of thousands of warrants from law-enforcement agencies for data stored outside the US.

The US government is expected to make its reply on the matter within several weeks.

Tech law image via Shutterstock

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com