A decision appears imminent in the battle between Microsoft and the U.S. government over access to customer email held on servers in an Ireland data center that Microsoft refuses to turn over to the feds in a narcotics case. The issue is not whether a government can request data held within its borders but whether it can access data held by a company based within its borders but that stores the data in another nation.
The issue of where borders start and stop for accessing data is a troubling one in the cloud, where data can reside in multiple nations and move among them easily. But this case seems a poor one to try to set a precedent giving U.S. officials worldwide reach.
The drug trafficking case is, in the grand scheme, a minor issue that doesn't seem to rise to the level seeking a backdoor method to access an E.U. data center via a U.S.-based company.
As InfoWorld's David Linthicum argues, if the United States gets backdoor access in other nations, we can expect other countries to seek the same for data held in the United States. Brad Smith, Microsoft's general counsel, shares that fear:
The U.S. government cannot expect to have one model that it follows without anticipating that the rest of the world will follow that model. ... And this is a model that encourages governments to reach into other territories. That does not seem like a sound approach to international stability or mutual respect in the 21st century.
Another odd fact is that the U.S. government could request that data directly from Ireland using the Mutual Legal Assistance Treaty. InfoWorld's Caroline Craig reports the United States is not taking advantage of this treat because the "Justice Department considers that process too slow and wants to deal directly with the U.S.-based company." Convenience also doesn't seem a compelling enough reason to gain the unfettered right to extraterritorial reach.
From where I sit, the decision is easy: Microsoft should win, and not only to satisfy the concept of privacy. There's a big business need at stake: How many companies will refuse to move to the cloud, despite all its advantages, simply because there is no guarantee their data is safe from prying eyes of the U.S. government -- or Chinese or Russian or British or Saudi or ...
You might think that the U.S. government wouldn't abuse extraterritorial reach. But the revelations of Edward Snowden show that it in fact would do (and has done) so, as would other governments. Although I'm not looking to get into a political debate, the simple truth is I cannot convince folks in some E.U. countries to move to Office 365 because of such fears. These legal issues will and do affect adoption of new technology in global enterprises.
Sign up for CIO Asia eNewsletters.