Major Privacy Win For Microsoft in 'free for all' Data

Uploaded on 2016-07-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The US government cannot force Microsoft to give authorities access to the firm's servers located in other countries, a court has ruled.

The decision is being seen as a precedent for protecting the privacy of cloud computing services.

The US Department of Justice had wanted to access a server in Ireland, as part of an investigation into a drugs case.

The ruling, made by an appeals court, overturns an order granted by a court in Manhattan in 2014.

The US Dept. of Justice  (DoJ) said it was disappointed by the decision and was considering what it would do next. If it appeals, the case could then move to the US Supreme Court.

Microsoft said it welcomed the ruling. "It makes clear that the US government can no longer seek to use its search warrants on a unilateral basis to reach into other countries and obtain the emails that belong to people of other nationalities," Brad Smith, president and chief legal officer, of Microsoft told the BBC. "It tells people they can indeed trust technology as they move their information to the cloud," he said. Microsoft thanked the companies that had backed its appeal, which included the likes of Amazon, Apple and Cisco.

No bullying

Another of Microsoft's backers was the Open Rights Group , a UK-based organisation that campaigns for digital rights. "The US Court's decision has upheld the right to individual privacy in the face of the US State's intrusion into personal liberty," the group's legal director Myles Jackman said recently. "As a consequence, US law enforcement agencies must respect European citizens' digital privacy rights and the protection of their personal data.

Microsoft boss Satya Nadella has made cloud computing and its security a big focus for the company "States should not arbitrarily reach across borders just because they feel they can bully companies into doing so."

Microsoft had warned that allowing the search warrant to be conducted could open up a global privacy "free for all". Other countries, the company said, would perhaps seek to apply their own search warrants to servers located in the US.

Echoing a constant concern of those in tech industry, Microsoft said the laws were simply too outdated to be effective. "The protection of privacy and the needs of law enforcement require new legal solutions that reflect the world that exists today - rather than technologies that existed three decades ago when current law was enacted." 

Safe havens

But there is continued concern in the law enforcement community that cloud storage, together with encryption, is providing something of a safe haven for criminals.

Judge Susan Carney ruled against the DoJ on the basis that the Stored Communications Act of 1986 limited the reach of warrants applicable outside the US. She noted that such restrictions were vital to maintaining good relations with other nations. Furthermore, she said there were mechanisms available for co-operation between countries in investigations - though law enforcement agencies often complain that this route is more expensive and time-consuming.

"Going to court to seek a Stored Communications Act (SCA) warrant is normally a quicker path than dealing with international resolution channels," explained Daniel Stoller, senior legal editor at Bloomberg Law Privacy & Security News. He said the initial decision in 2014 interpreted the SCA in a way that favoured the DoJ's view. But the appeals court prioritised international law in its ruling.

Another judge involved in the ruling, Gerard Lynch, said the 1986 law was in urgent need of an update.

"I concur in the result," he wrote. "But without any illusion that the result should even be regarded as a rational policy outcome, let alone celebrated as a milestone in protecting privacy."

BBC

« Next Steps For Data Protection: Implementation, Compliance & Best Practice
Mining Bitcoin Just Halved »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZDL Group

ZDL Group

At ZDL (formerly ZeroDayLab) we take a comprehensive view of our clients cyber security risks and provide quality services to address those risk

Packet Storm

Packet Storm

Packet Storm is an online resource for security tools, whitepapers, exploits, and advisories on computer security issues.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Surevine

Surevine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

Enclave Networks

Enclave Networks

Our mission is to give IT professionals a simple way to rapidly build secure connectivity between any application, computer system, device or infrastructure - regardless of the underlying network.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

8com

8com

8com is an established Managed Security Service Provider (MSSP) with over 75 employees and customers in over 40 countries.

Aardwolf Security

Aardwolf Security

Aardwolf Security specialise in penetration testing to the highest standards set out by OWASP. We ensure complete client satisfaction and aftercare.