Last month we told you of a U.S. court case to keep an eye on involving a government attempt to get Microsoft to hand over email data held in one of the company’s data centres in Ireland.
Microsoft’s attempt to politely refuse have been dismissed. A judge ruled because the company controls the data, under the Stored Communications Act it has to turn over what the government lawfully requests under a simple warrant. Note that the case doesn’t involve the often invoked and feared U.S. Patriot Act, which CEOs, CIOs and CSOs often cite as being the reason why they won’t store personal or sensitive corporate data outside the U.S.
As reported by Neowin and other news sites, the judge suspended her order to give Microsoft time to appeal because of the constitutional and international sensitivity of the issue.
Carriers AT&T and Verizon, as well as IT vendors Apple Inc. and Cisco Systems filed court briefs supporting Microsoft’s position.
Microsoft argued that U.S. search warrants can’t be executed outside the United States. The Justice department argues that the Stored Communications Act makes no exception on where data is stored. The judge agreed, saying it doesn’t matter where the data is held.
The issue will undoubtedly go to the U.S. Supreme Court (which may decide not to hear the case). But it is another warning that organizations need to encrypt more data to avoid being caught in U.S. law.