Jumpin' Jehoshaphat, Batman! Looks like Microsoft is defending email privacy. This, after it confirmed over the weekend that it would not be handing over email data to US federal regulators.
The decision follows a ruling on Friday by a US judge, which instructed the company to turn over email stored in Ireland to US prosecutors. But Microsoft does not plan to turn over the emails, and plans to appeal, a company spokesperson said.
Mail vs. Email
In late July, Chief Judge Loretta Preska of the US District Court in Manhattan upheld a magistrate's ruling on the fate of the email in the overseas data center. Preska ruled that the location of the email was irrelevant because Microsoft controls the messages from the US.
At that time, she put a freeze on the decision. But she lifted the freeze Friday and insisted that Microsoft handed over the email.
Microsoft, however, denies that it has control over the email in question, arguing instead that customers’ email deserves the same legal protections afforded to other forms of communication, including snail mail and the content of telephone conversations.
The contents of the email in question have not been revealed although they were requested in relation to a narcotics investigation.
Microsoft claims the investigation is irrelevant. It is in the process of turning the case into a cause celebre of the digital age in a case that is likely to get a lot bigger than Microsoft. Microsoft argues that while it is fully cognizant of the importance of public safety, there are legal processes that can be followed to obtain information from email.
In fact, already, other technology companies have thrown their support behind Microsoft, worried that if this doesn’t go well for Microsoft then US law enforcement agencies may win powers to seize data stored in data centers.
There is also the prospect that other law enforcement agencies around the world will apply for similar powers in their own jurisdiction if the US case is successful. This would have the effect of killing off the cloud storage industry and shatter whatever trust there is in cloud computing.
AT&T, Apple, Cisco Systems and Verizon Communications have already submitted briefs supporting Microsoft's opposition to the warrant with more vendors likely to follow as the case snowballs.
The Problem With Data
So what is the issue here? In an editorial by Brad Smith in the Wall Street Journal, Microsoft outlined its case. Smith is general counsel and executive vice president for legal and corporate affairs at Microsoft.
As a small, but interesting aside, you may also recall that he was identified earlier this year as one of the Internet of Things movers and shakers for his work on security and privacy for the IoT, reflecting how much importance Microsoft is placing on this case.
The editorial, which was written two days before the initial hearing in July, explains what is at stake and sums it up as follows:
This dispute should be important to you if you use email, because it could well turn on who owns your email — you or the company that stores it in the cloud."
And that’s the bottom line, Smith wrote. Microsoft, he added, believes that emails stored in the cloud are owned by the people who put them there and not the service provider.
He says that rules about search warrants and their geographic limitations whereby a law agency cannot search beyond its own boundaries also apply in this case. As such, those agencies have no right o data stored in servers located outside the US:
The government seeks to sidestep these rules, asserting that emails you store in the cloud cease to belong exclusively to you. In court filings, it argues that your emails become the business records of a cloud provider. Because business records have a lower level of legal protection, the government claims that it can use its broader authority to reach emails stored anywhere in the world."
Already, Microsoft says, the case is setting a bad example. Smith cites the case of Britain, where the government passed a law that asserts its rights to require tech companies to handover emails stored anywhere in the world. This would include the emails of Americans that are stored in a database in Britain, even if those Americans have never set foot in Britain.
Microsoft’s Chief Privacy Office, Brendon Lynch, sums up Microsoft’s position at the moment as follows:
- Endangered Species: The Corporate Intranet
- Think Digital Marketing Technology: Think ... Microsoft?
- Multitasking? You're Killing Yourself for Nothing
- Forget Intranets, Give Me an ESN
- Are These Vendors the Best at Social Media Monitoring?
- Microsoft's New BI Tool Plays Nice, Even With 3rd Party Vendors
- Apple Buys FoundationDB, Shuts Down Access to Code