Speaking at the Microsoft Worldwide Partner Conference (WPC) this week, Microsoft president and lead counsel Brad Smith provided a glimpse into the legal battle Microsoft is conducting against the U.S. government to protect data in the cloud from unreasonable search and seizure.
Smith told attendees that Microsoft has received a large number of subpoenas from the U.S. government demanding access to data in a way that prevents Microsoft from even informing customers this is occurring. Microsoft argues those orders are a violation of the Fourth Amendment to the U.S. constitution, which requires the government to inform people when their property is being searched or seized.
Microsoft is also resisting requests from the U.S. government for data that is stored in data centers outside the boundaries of the U.S. For example, the U.S. government was seeking access to a customer's data that is being stored by Microsoft in a data center in Dublin. Because the data belongs to the customer, Microsoft argued that it’s not in a legal position to comply with the government request. Microsoft also contended that the U.S. government is abusing a legal loophole to request access to the data in first place. On July 14, a federal appeals court sided with Microsoft and ruled that U.S. companies don't need to hand over customer data that's stored exclusively on foreign servers.
Bypassing Privacy Shields
Obviously, most cloud service providers are watching these cases closely. The core issue is the level of trust any customer is going to have in a cloud service that is subject to indiscriminate searches by a government.
In fact, this whole issue is at the core of a controversy over a Safe Harbor agreement that includes Privacy Shield requirements that the U.S. government is resisting. Without those Privacy Shields in place, the U.S. government argues it has the right to inspect any data being transferred between Europe and the U.S.
At the same time, governments around the world are passing data sovereignty laws that require data to be stored locally within their own borders. Unfortunately, not all of them are equally committed to preserving privacy in the cloud in the digital age. The end result is increased infrastructure costs, not to mention all the legal fees generated by having to answer various government subpoenas.
Democracy in the digital age
Microsoft along with other providers of cloud services such as Apple are clearly trying to start a digital rights movement. The issues they face are the concerns governments have about their need to access data to pursue investigations spanning everything from global terrorism to financial fraud. In addition, governments in democracies are also aware that governments in more totalitarian societies are not going to be bothered by niceties such as the notion of privacy when it comes to accessing data.
Of course, therein lies the rub. If democratic governments are not willing to respect the privacy of the individual citizen or business in the cloud, they will eventually have to admit that one of the core tenets of the social contract they establish with the people who elect them no longer applies in the digital age.