Major Privacy Win For Microsoft in 'free for all' Data

The US government cannot force Microsoft to give authorities access to the firm's servers located in other countries, a court has ruled.

The decision is being seen as a precedent for protecting the privacy of cloud computing services.

The US Department of Justice had wanted to access a server in Ireland, as part of an investigation into a drugs case.

The ruling, made by an appeals court, overturns an order granted by a court in Manhattan in 2014.

The US Dept. of Justice  (DoJ) said it was disappointed by the decision and was considering what it would do next. If it appeals, the case could then move to the US Supreme Court.

Microsoft said it welcomed the ruling. "It makes clear that the US government can no longer seek to use its search warrants on a unilateral basis to reach into other countries and obtain the emails that belong to people of other nationalities," Brad Smith, president and chief legal officer, of Microsoft told the BBC. "It tells people they can indeed trust technology as they move their information to the cloud," he said. Microsoft thanked the companies that had backed its appeal, which included the likes of Amazon, Apple and Cisco.

No bullying

Another of Microsoft's backers was the Open Rights Group , a UK-based organisation that campaigns for digital rights. "The US Court's decision has upheld the right to individual privacy in the face of the US State's intrusion into personal liberty," the group's legal director Myles Jackman said recently. "As a consequence, US law enforcement agencies must respect European citizens' digital privacy rights and the protection of their personal data.

Microsoft boss Satya Nadella has made cloud computing and its security a big focus for the company "States should not arbitrarily reach across borders just because they feel they can bully companies into doing so."

Microsoft had warned that allowing the search warrant to be conducted could open up a global privacy "free for all". Other countries, the company said, would perhaps seek to apply their own search warrants to servers located in the US.

Echoing a constant concern of those in tech industry, Microsoft said the laws were simply too outdated to be effective. "The protection of privacy and the needs of law enforcement require new legal solutions that reflect the world that exists today - rather than technologies that existed three decades ago when current law was enacted." 

Safe havens

But there is continued concern in the law enforcement community that cloud storage, together with encryption, is providing something of a safe haven for criminals.

Judge Susan Carney ruled against the DoJ on the basis that the Stored Communications Act of 1986 limited the reach of warrants applicable outside the US. She noted that such restrictions were vital to maintaining good relations with other nations. Furthermore, she said there were mechanisms available for co-operation between countries in investigations - though law enforcement agencies often complain that this route is more expensive and time-consuming.

"Going to court to seek a Stored Communications Act (SCA) warrant is normally a quicker path than dealing with international resolution channels," explained Daniel Stoller, senior legal editor at Bloomberg Law Privacy & Security News. He said the initial decision in 2014 interpreted the SCA in a way that favoured the DoJ's view. But the appeals court prioritised international law in its ruling.

Another judge involved in the ruling, Gerard Lynch, said the 1986 law was in urgent need of an update.

"I concur in the result," he wrote. "But without any illusion that the result should even be regarded as a rational policy outcome, let alone celebrated as a milestone in protecting privacy."

BBC

« Next Steps For Data Protection: Implementation, Compliance & Best Practice
Mining Bitcoin Just Halved »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

ITrust

ITrust

ITrust develops breakthrough products in Cyber/Artificial Intelligence, offering its products in Europe, America and Africa through its partner network (VAR, MSSP, OEM).

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

IAC

IAC

IAC is a specialist Irecruitment consultancy covering Internal Audit, Risk, Controls, Governance, IT Audit, and Cyber Security roles.

Combis

Combis

COMBIS is a regional high-tech ICT company focused on the development of application, communication, security and system solutions and the provision of services.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

WWPass

WWPass

WWPass is a global cybersecurity company that provides password-less authentication and client-side encryption technology.

Xperience

Xperience

Xperience solves our clients’ toughest challenges by delivering business efficiency through digital transformation solutions across cloud, managed IT, CRM and ERP.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

Deutsche Gesellschaft für Cybersicherheit (DGC)

Deutsche Gesellschaft für Cybersicherheit (DGC)

As a leading provider of cyber security, DGC supports companies in taking advantage of the opportunities offered by the digital transformation – and in minimizing the associated risks.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

Queen Consulting & Technologies

Queen Consulting & Technologies

Queen Consulting & Technologies specialize in providing IT support, management, and Security to Gov’t Contractors, CPAs, and Nonprofits.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.