Major Privacy Win For Microsoft in 'free for all' Data

The US government cannot force Microsoft to give authorities access to the firm's servers located in other countries, a court has ruled.

The decision is being seen as a precedent for protecting the privacy of cloud computing services.

The US Department of Justice had wanted to access a server in Ireland, as part of an investigation into a drugs case.

The ruling, made by an appeals court, overturns an order granted by a court in Manhattan in 2014.

The US Dept. of Justice  (DoJ) said it was disappointed by the decision and was considering what it would do next. If it appeals, the case could then move to the US Supreme Court.

Microsoft said it welcomed the ruling. "It makes clear that the US government can no longer seek to use its search warrants on a unilateral basis to reach into other countries and obtain the emails that belong to people of other nationalities," Brad Smith, president and chief legal officer, of Microsoft told the BBC. "It tells people they can indeed trust technology as they move their information to the cloud," he said. Microsoft thanked the companies that had backed its appeal, which included the likes of Amazon, Apple and Cisco.

No bullying

Another of Microsoft's backers was the Open Rights Group , a UK-based organisation that campaigns for digital rights. "The US Court's decision has upheld the right to individual privacy in the face of the US State's intrusion into personal liberty," the group's legal director Myles Jackman said recently. "As a consequence, US law enforcement agencies must respect European citizens' digital privacy rights and the protection of their personal data.

Microsoft boss Satya Nadella has made cloud computing and its security a big focus for the company "States should not arbitrarily reach across borders just because they feel they can bully companies into doing so."

Microsoft had warned that allowing the search warrant to be conducted could open up a global privacy "free for all". Other countries, the company said, would perhaps seek to apply their own search warrants to servers located in the US.

Echoing a constant concern of those in tech industry, Microsoft said the laws were simply too outdated to be effective. "The protection of privacy and the needs of law enforcement require new legal solutions that reflect the world that exists today - rather than technologies that existed three decades ago when current law was enacted." 

Safe havens

But there is continued concern in the law enforcement community that cloud storage, together with encryption, is providing something of a safe haven for criminals.

Judge Susan Carney ruled against the DoJ on the basis that the Stored Communications Act of 1986 limited the reach of warrants applicable outside the US. She noted that such restrictions were vital to maintaining good relations with other nations. Furthermore, she said there were mechanisms available for co-operation between countries in investigations - though law enforcement agencies often complain that this route is more expensive and time-consuming.

"Going to court to seek a Stored Communications Act (SCA) warrant is normally a quicker path than dealing with international resolution channels," explained Daniel Stoller, senior legal editor at Bloomberg Law Privacy & Security News. He said the initial decision in 2014 interpreted the SCA in a way that favoured the DoJ's view. But the appeals court prioritised international law in its ruling.

Another judge involved in the ruling, Gerard Lynch, said the 1986 law was in urgent need of an update.

"I concur in the result," he wrote. "But without any illusion that the result should even be regarded as a rational policy outcome, let alone celebrated as a milestone in protecting privacy."

BBC

« Next Steps For Data Protection: Implementation, Compliance & Best Practice
Mining Bitcoin Just Halved »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Firebrand

Firebrand

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

Hack The Box

Hack The Box

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.

Carbide

Carbide

Carbide (formerly Securicy) breaks down enterprise-class security and privacy requirements and makes them accessible to, and achievable by, companies of all sizes.

Innovasec

Innovasec

Innovasec provide information security consulting and training services.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

iTechArt Group

iTechArt Group

iTechArt is a top-tier custom software development company offering Cybersecurity Consulting, Application Security Testing, Risk Management and Compliance, and Infrastructure Security services.

Byos

Byos

Byos provides visibility of devices across all networks, regardless of location, integrating with your existing security stack.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Allstate Identity Protection

Allstate Identity Protection

Allstate make it easy to provide complete identity protection, so everyone can live more confidently online.

Diversified Technical Services Inc. (DTSI)

Diversified Technical Services Inc. (DTSI)

DTSI provides a wide range of technology solutions for Federal Agencies, the Department of Defense, and commerical organizations with capabilities including Cyber Security and DevSecOps.

Oak9

Oak9

Oak9's Security as Code platform dynamically secures Infrastructure as Code (IaC) and deployed cloud workloads, automatically.