Select Page

In the latest twist of the global unpacking of “who trusts you? and who do you trust?” (it’s not yet “time to start running…” [sic]) furore, Microsoft have been dealt a blow that will, until such a time it is overturned, throw the “privacy of the Cloud” doors wide open.

In a New York District Court, Microsoft have been ordered to hand over emails and other content stored in overseas datacentres as the “location of the data is not the issue, the fact that a US company (Microsoft) controls the data is the issue, meaning that US laws apply regardless of the location of the datacentre”.

So why is this an issue?

First up, I’m not entirely sure that it is a major issue. I’m assuming that this hand-over ruling can only be enforced in an on-demand way and after judiciary due process to prove the legality and justification of the handover request has been followed. In other words “we can only look if we prove we have a reason to look”.

So is it really that bad?

I’m not sure, but what I do know is that I can see it from both sides.

I’m not au-fait enough with the legal complexity of international law and intra-government relations but I can see how both sides of the privacy argument can validly argue the pros and cons of this ruling.

On one hand it’s ostensibly the US courts (and by proxy, the government) saying out loud “forget you and your local legislation, if a US company (or ultimate parent company) owns, maintains and controls datacentres in your geographic jurisdiction with your data in them – tough titty, we can take a look if needed.

On the other hand it’s a mechanism for allowing global (albeit US originating) investigation into crime, terrorism, corporate fraud and other globally relevant naughty behaviour to take place within a construct that can be governed.

I’m drifting to the conclusion that the ruling itself is not that bad, it’s whether we could trust those making requests (to review the data) to only make those requests in the right circumstances and that all parts of the process for providing the access review the request correctly and impartially.

Perhaps it’s the last part that people can’t rationalise?


more to follow…