Why Microsoft vs. US Govt is a huge deal for cloud computing
- 10 November, 2015 04:15
Brad Smith - President and Chief Legal Officer, Microsoft
Microsoft’s insistence on safe guarding information from its data centre in Ireland, and its subsequent refusal to bow to the pressures of the US Government stands to have major ramifications for the cloud industry as whole.
For those in the dark, the tech giant is at war with the powers that be in Washington following its refusal to hand over emails related to a narcotics case from a Hotmail account hosted in Ireland.
In a lawsuit that is reverberating throughout cloud computing, the ‘Microsoft Ireland’ case - as it’s now become known - looks set to impact cloud providers and multinational companies from New Zealand to Norway in a landmark case in Europe.
In September this year, the Second Circuit Court heard arguments in Microsoft’s case challenging a US search warrant, with Redmond arguing the warrant puts US citizens’ privacy at risk, improperly expands extraterritorial authority and circumvents local authorities in Ireland.
Following the second round of court battles and appeals, a decision is expected sometime in November with Redmond carrying the hopes of the technology industry as it bids to stand up for privacy rights across the world.
Initially, lower courts ruled in favour of the government forcing Microsoft to appeal to the US Court of Appeals, filing its first brief with the Second Circuit in December 2014.
So far the case has attracted amicus briefs from 28 technology and media companies, 23 trade associations and advocacy organisations, 35 prominent computer scientists, the Republic of Ireland and a member of European parliament.
With such strong backing from traditional rivals Apple, Cisco, Verizon and AT&T to name a few, Microsoft argues that its data should be protected by the laws of the land where its servers are located - in this case, Ireland.
“Privacy really is a fundamental human right,” writes Brad Smith, President and Chief Legal Officer, Microsoft via the company’s official blog.
As outlined by Microsoft, here are five quick fact about the case so far:
1. The Justice Minister for the European Commission authored a letter on this case.
3. The LEADS Act, a solution proposed in Congress, has 91 co-sponsors in the House and 12 in the Senate.
4. The Supreme Court ruled in Riley that “privacy comes at a cost.”
But as explained by Smith, when the technology industry looks at at the year 2015, the month of October will stand tall as a month when the EU-US Safe Harbor collapsed.
Widely regarded as principles which enable some US companies to comply with privacy laws protecting European Union and Swiss citizens, following a customer complaint that his Facebook data was insufficiently protected, the European Court of Justice declared that the Safe Harbour Decision was invalid.
“An international legal agreement that has been in place for 15 years was invalidated in a single day,” Smith recalls.
“On Oct. 6, the Court of Justice of the European Union struck down an international legal regime that over 4,000 companies have been relying upon not just to move data across the Atlantic, but to do business and serve consumers on two continents with over 800 million people.”
For Smith, the decision made clear what many have been advocating for some time.
“Legal rules that were written at the dawn of the personal computer are no longer adequate for an era with ubiquitous mobile devices connected to the cloud,” he added.
“In both the United States and Europe, we need new laws adapted to a new technological world.”
More than anything else, Smith believes the collapse of the Safe Harbor reflects the “remarkable evolution of privacy issues.”
But with the onus now on the US to make the next move in negotiating a replacement for the now defunct Safe Harbor Agreement, the need for clarity has never been greater.
Back to the matter at hand however, and unbeknown to many across the industry, the Microsoft Ireland case strikes at one of the fundamental questions about technology today: How can we strike a balance between digital privacy and public safety?
On the impact to US businesses in particular, both Apple and Cisco argue that “neither the broad economic interests nor the political interests of the United States will be served if foreign citizens believe that they are better off not doing business with U.S. based companies.”
Delving deeper, Cupertino believes “by excluding considerations related to the laws of the country where data is stored and to which the data controller would be subject, the District Court’s analysis places providers and their employees at risk of foreign sanctions with no clear answers on resolving the inevitable conflicts between United States and foreign law.”
Such sentiment is echoed by Verizon, which states that “the magistrate’s ruling, if left standing, could cost U.S. business billions of dollars in lost revenue, undermine international agreements and understandings, and prompt foreign governments to retaliate by forcing foreign affiliates of American companies to turn over the content of customer data stored in the United States.”
In short, this provides a reason for non-US companies to basically say “don’t use US company cloud services because that means the US Department of Justice will have access to everything. Use ours instead.”
So much so that a government victory is almost certain to further erode willingness on the part of foreign companies to trust American business with their data, in a move which many believe will “break the cloud computing ecosphere.”
The knock-on effect would be that tech titans such as Apple, Amazon, Google or any other company continuing to offer internet based email or cloud network services, would now forced to create a subsidiary in each country they operate - each which has a slightly different set of privacy and data protections.
“In a nutshell, this case is about how we best protect privacy, ensure that governments keep people safe, and respect national sovereignty while preserving the global nature of the internet,” Smith states.
“While there are many areas where we disagree with the government, we both agree that outdated electronic privacy laws need to be modernised.
“The statute in this case, the Electronics Communications Privacy Act, is almost 30 years old. That’s an eternity in the era of information technology.”
Enacted by the United States Congress in 1986 to extend government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer, the entire technology community is united in its belief that the act is in desperate need of a refresh.
“In the U.S. we believe there is an important debate to be held about the best way to reform the law and our international relationships, and there are critical policy considerations on both sides,” Smith adds.
“Law enforcement needs to be able to do its job, but it needs to do it in a way that respects fundamental rights, including the personal privacy of people around the world and the sovereignty of other nations.
“We hope the U.S. government will work with Congress and with other governments to reform the laws, rather than simply seek to reinterpret them, which risks happening in this case.”
As Microsoft urges Congress and the White House to seize the opportunity to update the law and advance international solutions, the world watches on intently as Redmond’s fight for change enters a crucial phase.
Should Microsoft lose, the technology industry is under no illusions that it too will go down with the verdict.