CIOs, CSOs and risk managers concerned about the reach of U.S. courts into data stored in foreign jurisdictions will be interested to note that Microsoft appears willing to risk being found in contempt of court in a fight over an order to hand over data stored in company-owned servers in Ireland.
Emma Woollacott reports on Forbes.com that Microsoft is refusing to comply with the order in a tricky legal strategy to continue loudly fighting over the ability of the U.S. Congress to pass legislation obliging American companies to hand over information in their control when ordered by a court. On Aug. 29 Microsoft repeated that it will not comply.
UPDATE: The judge has given Microsoft until Friday Sept. 5 to comply with her order.
In a case involving a narcotics investigation and email stored in a Microsoft data centre in Ireland, Microsoft lost its fight to resist the order by arguing the email is in a foreign country. Not only that, Irish privacy law forbids companies there from handing over data. However, a New York judge ruled Microsoft not only has to obey her order, her ruling can’t be appealed.
Microsoft now appears ready to be found in contempt of court, so that ruling can be appealed.
However, a post on GigaOM.com suggests that rather than being a symbol of defiance, it is part of a quietly agreed strategy by both Microsoft and the U.S. Justice Department. The piece quotes a Justice letter to the court “respectfully” asking Microsoft to be found in contempt so the issue can be appealed.
Although in many ways this is a battle over Congressional power, Microsoft is framing its defence as a fight over international privacy rights, as well as over the ability of the U.S. high tech industry to continue expanding into other countries. Increasingly organizations are refusing to store data on servers owned by U.S. giants like Microsoft and Amazon because of fears the information could be seized under U.S. legislation.
That has lead a number of companies here to expand Canadian-owned data centres.
One way Microsoft has been leading the fight is by commissioning and releasing U.S. public opinion polls on the issue. One says 56 per cent of those surveyed are worried that if the U.S. government demands information in foreign countries, those jurisdictions will force companies there to turn over Americans’ private information.
Woollacott’s piece does have an interesting idea on how U.S.-based cloud service providers can fight back: Change their systems so data in offshore data centres is only controlled locally.
The other option, she adds, is that organizations may start encrypting all data held in the cloud. That way providers like Microsoft can argue customer data isn’t under their control.