Major Privacy Win For Microsoft in 'free for all' Data

Uploaded on 2016-07-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The US government cannot force Microsoft to give authorities access to the firm's servers located in other countries, a court has ruled.

The decision is being seen as a precedent for protecting the privacy of cloud computing services.

The US Department of Justice had wanted to access a server in Ireland, as part of an investigation into a drugs case.

The ruling, made by an appeals court, overturns an order granted by a court in Manhattan in 2014.

The US Dept. of Justice  (DoJ) said it was disappointed by the decision and was considering what it would do next. If it appeals, the case could then move to the US Supreme Court.

Microsoft said it welcomed the ruling. "It makes clear that the US government can no longer seek to use its search warrants on a unilateral basis to reach into other countries and obtain the emails that belong to people of other nationalities," Brad Smith, president and chief legal officer, of Microsoft told the BBC. "It tells people they can indeed trust technology as they move their information to the cloud," he said. Microsoft thanked the companies that had backed its appeal, which included the likes of Amazon, Apple and Cisco.

No bullying

Another of Microsoft's backers was the Open Rights Group , a UK-based organisation that campaigns for digital rights. "The US Court's decision has upheld the right to individual privacy in the face of the US State's intrusion into personal liberty," the group's legal director Myles Jackman said recently. "As a consequence, US law enforcement agencies must respect European citizens' digital privacy rights and the protection of their personal data.

Microsoft boss Satya Nadella has made cloud computing and its security a big focus for the company "States should not arbitrarily reach across borders just because they feel they can bully companies into doing so."

Microsoft had warned that allowing the search warrant to be conducted could open up a global privacy "free for all". Other countries, the company said, would perhaps seek to apply their own search warrants to servers located in the US.

Echoing a constant concern of those in tech industry, Microsoft said the laws were simply too outdated to be effective. "The protection of privacy and the needs of law enforcement require new legal solutions that reflect the world that exists today - rather than technologies that existed three decades ago when current law was enacted." 

Safe havens

But there is continued concern in the law enforcement community that cloud storage, together with encryption, is providing something of a safe haven for criminals.

Judge Susan Carney ruled against the DoJ on the basis that the Stored Communications Act of 1986 limited the reach of warrants applicable outside the US. She noted that such restrictions were vital to maintaining good relations with other nations. Furthermore, she said there were mechanisms available for co-operation between countries in investigations - though law enforcement agencies often complain that this route is more expensive and time-consuming.

"Going to court to seek a Stored Communications Act (SCA) warrant is normally a quicker path than dealing with international resolution channels," explained Daniel Stoller, senior legal editor at Bloomberg Law Privacy & Security News. He said the initial decision in 2014 interpreted the SCA in a way that favoured the DoJ's view. But the appeals court prioritised international law in its ruling.

Another judge involved in the ruling, Gerard Lynch, said the 1986 law was in urgent need of an update.

"I concur in the result," he wrote. "But without any illusion that the result should even be regarded as a rational policy outcome, let alone celebrated as a milestone in protecting privacy."

BBC

« Next Steps For Data Protection: Implementation, Compliance & Best Practice
Mining Bitcoin Just Halved »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Interpol

Interpol

Interpol is the world’s largest international police organization. It is committed to the global fight against cybercrime, as well as tackling cyber-enabled crimes.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

Hillstone Networks

Hillstone Networks

Hillstone Networks offers a broad range of security solutions for enterprises and data center networks – whether physical, virtual, or in the cloud.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

UltraSoC Technologies

UltraSoC Technologies

Exire Technologies

Exire Technologies

Exire Technologies is comprised of a team of professionals who are specialised in cybersecurity and a value added reseller and integrator of ICT security systems.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

CHEQ

CHEQ

CHEQ provides fully autonomous, preemptive technology for brand safety and ad-fraud prevention.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.