Well, these always take time to get anywhere, and this one certainly took 4 years to get where it was going, to the highest court in the United States.
It is a simple case. The US law enforcement was investigating a drug case and got a warrant for e-mail from the suspect. This is fairly standard thing to do. But, the response was anything but standard. Microsoft gave up e-mail that was in the US but not the e-mail stored in Ireland. Microsoft has data stored in 100 centers in 40 countries. The lower court upheld the warrant, but on appeal, the 2nd Circuit Court decided against it. Microsoft said it would leave itself open to having other countries do the same thing - requesting data stored in the US.
This seems to have some importance to data storage in general, and I would guess, is more important to Azure than to e-mail which is why Microsoft is fighting so hard. Cloud services could be affected by the same type of ruling.
The cloud companies cannot have their cake and eat it too. The US does not have the same kinds of rules on data storage that Russia and China have - store here that data you collect here. We should have the same kind of rules. That would simplify Microsoft’s concerns, and ease the issue with overseas warrants. If you think about it, Microsoft is asking law enforcement to get warrants in every country where they store data to cover all the places that data might be, an equally preposterous demand.
We got into this several times on defense data being stored in places outside the US and we didn’t like it very much. Microsft was using an overflow system for servers that sent some of our emails (hence other data attached) to storage in Eastern Europe. We didn’t like that very much. You can bet that it is not so simple as having data stored in the US and Ireland because that data is sent many places that are clearly not the US or Ireland before they get to storage. Microsoft may have opened Pandora’s Box by going this far with this case.
We were concerned that some of that data might end up in China or places that were not very friendly to the US. Microsoft does have data storage in China because Chinese law says they have to keep data collected in China, stored in China. But, they may have some US data stored there too, something nobody in their right mind would want. On any given day, I wonder if they could say where all that cloud data was stored. In the few cases we identified, Microsoft, as a policy matter, did not direct the data to be stored anywhere. It was stored where operations put it. Tell me that Microsoft knew that e-mail was in Ireland before the warrant was issued. At some point it may have passed through US servers even though it wasn’t stored there for long. Microsoft could probably not answer a question about where it passed through any country of those 40 it serves.
So, it is a simple case, if you listen to how Microsoft and their brethren have described it. It may not be so simple after all, if the Justice Department asks the right questions.
No comments:
Post a Comment