when relevant content is
added and updated.
when relevant content is
added and updated.
Microsoft is continuing its fight with the U.S. government regarding access to data located on the company’s servers outside the U.S. And this time, it brought some friends.
28 major companies, including Microsoft competitors such as Apple, Amazon, and AT&T (but not Google, surprisingly enough), filed friend of the court briefs on December 15, after Microsoft formally appealed the ruling on December 8. Other organizations filing briefs of support include the U.S. Chamber of Commerce, CNN, ABC, Fox News, the Guardian, and Verizon.
Altogether, ten briefs were signed by 28 leading technology and media companies, 35 leading computer scientists, and 23 trade associations and advocacy organizations “that together represent millions of members on both sides of the Atlantic,” noted Microsoft legal counsel Brad Smith. Signatories also included nonprofit organizations such as the Center for Democracy & Technology, the American Civil Liberties Union, the Electronic Frontier Foundation, the Brennan Center for Justice at New York University School of Law, and the Berkman Center for Internet & Society at Harvard.
If upheld, the decision “allows the government to adopt a ‘seize first, search later’ view of the Fourth Amendment, where the government can seize a computer, copy all of its data, and keep that information indefinitely—without a search warrant at all,” writes the EFF in explaining its support.
Why do news organizations such as CNN and ABC care? Because they want to protect their reporters and sources, Smith writes. “These organizations are concerned that the lower court’s decision, if upheld, will erode the legal protections that have long restricted the government’s ability to search reporters’ email for information without the knowledge of news organizations,” he writes.
In addition, the Irish government also stepped in, saying the ruling violated its sovereignty, as did a German representative to the European Parliament.
In case you’ve missed it, a judge ruled in May that a search warrant with which it was served also applied to data on servers in data centers in Dublin, Ireland. (The exact person and crime has not been revealed, but it is reportedly drug-related.) Microsoft is protesting this ruling. Another U.S. judge reiterated this decision in August.
There’s more than just data at stake. The ruling means that the U.S. government lays claim to any data owned by a U.S. company, no matter where in the world it is located — such as in the cloud on servers in another country. This has the potential to conflict with privacy laws in other countries, as well as makes it a lot less likely that customers outside the U.S. will be willing to put their trust into U.S.-based cloud companies. In addition, it opens the door for non-U.S. governments to make their own data demands of countries operating within their borders.
Microsoft’s appeal wasn’t a surprise; in fact, the company had said in May that it intended to appeal the decision. Several other U.S. companies had also announced their support of Microsoft in August, since the decision has such wide-ranging effects.
The notion of data sovereignty has been discussed for several years, and in fact Microsoft’s Dublin data center had been specifically cited as an example, before this case came up. “Microsoft, like other cloud providers, will need to clarify data sovereignty issues, if Office Live is to be taken seriously,” wrote Computerweekly presciently in June, 2011. “While it does have a datacentre in Dublin – so it can guarantee data resides in the EU – Microsoft is headquartered in the US and will be subject to US legislation, such as Homeland Security, as well as UK and EU law.”
Ireland, in its brief, indicated that it wasn’t unwilling to grant the U.S. government access to the data in question, but that the mechanism for doing so was the Mutual Legal Assistance Treaty (MLAT) between Ireland and the United States, and that it was up to the U.S. to ask first, not Ireland to stop the U.S. from taking the data. “Ireland respectfully asserts that foreign courts are obliged to respect Irish sovereignty (and that of all other sovereign states) whether or not Ireland is a party or intervener in the proceedings before them,” the brief warned, before going on to hint, “Ireland would be pleased to consider, as expeditiously as possible, a request under the treaty, should one be made.”
In addition, Jan Philipp Albrecht, a Member of the European Parliament (“MEP”) from Germany, filed his own brief urging the U.S. to use the MLAT mechanism, and warning that failing to do so could make it more difficult for European and U.S. companies to work together.
“European citizens are highly sensitive to the differences between European and U.S. standards on data protection. Such concerns are frequently raised in relation to the regulation of cross-border data flows and the mass-processing of data by U.S. technology companies,” Albrecht writes. “The successful execution of the warrant at issue in this case would extend the scope of this anxiety to a sizeable majority of the data held in the world’s datacenters outside the U.S. (most of which are controlled by U.S. corporations) and would thus undermine the protections of the EU data protection regime, even for data belonging to an EU citizen and stored in an EU country.”
Legal argument is expected this spring or summer, according to the EFF.