Yesterday, a judge in a New York court ordered Microsoft to hand over information stored on a server in Ireland following a US search warrant. Magistrate Judge James Francis reckons a search warrant for servers is different to a search warrant for anywhere else – more of a subpoena to hand over documents. Unsurprisingly, Microsoft plans to roll the dice again with a Federal judge this time.
Microsoft, of course, has recently been soothing its cloud customers by saying that if the data is held outside the US, Uncle Sam won’t be able to plunder it in violation of the users’ local rights. In particular, the EU legislation being drafted to prevent companies sharing EU citizens’ data with foreign powers unless explicitly allowed by international treaty or another EU law. The NSA, or US corporations, would not be allowed to just look at whatever they wanted.
This plays right in to Angela Merkel’s proposal for an EU communications network that can’t be legally snooped on by the yanks by avoiding the use of US-based servers.
In a statement to Reuters, Microsoft said:
“A U.S. prosecutor cannot obtain a U.S. warrant to search someone’s home located in another country, just as another country’s prosecutor cannot obtain a court order in her home country to conduct a search in the United States. (Microsoft) thinks the same rules should apply in the online world, but the government disagrees.”
Is Microsoft really so naive? Although the ruling followed its challenge of a search warrant concerning a Microsoft account, its implications apply to all US cloud service providers. Although they intend to appeal, in the mean time any US company holding your data off-shore might as well have its servers in America – they’ll be forced to hand over all your data either way.
This isn’t to say that data held in the UK, for example, is any more secure. There’s RIPA to worry about – the Act allows authorities can plunder what they like, although it does make it illegal for anyone other than the State to do this.