MS lost a battle in its strong consumer based stance regarding stored data. In short, MS has come out many times in its unyielding stance regarding data privacy. However, a New York District Court Judge has ruled a warrant ordering MS to deliver data stored in Ireland (outside the Court’s jurisdiction) legal. The reason for the request for data was not given publicly.
MS intends to appeal this decision and therefore the Judge agreed to suspend the ruling until the appeal is ruled upon. The Judge explained, “It is a question of control, not a question of location of that information.” So, although I’m not a lawyer, it would seem to me to be both.
The implications of the Judge’s rulings are huge…not just for MS, but for Amazon and Google as well. It would mean that data, no matter what it might be, is subject to U.S. government scrutiny no matter where it’s stored. It would be a serious blow to Cloud based enterprise, and would cause companies to reconsider using the Cloud for enterprise. It would also encourage transferring the burden of data storage to local data farms, seriously affecting the big data storage companies business models. It might also cause U.S. companies to do the same, creating shell entities in foreign countries just to store data there.
It is also uncertain how foreign governments will react to this. Their concepts of location and control might not jive with those of the U.S. District’s Court Judge.
This comes on the heels of several U.S. companies’ reports of business decline since Snowden’s revelations of NSA data collection techniques. Cisco, Qualcomm, IBM, MS and HP reported declines in China sales since the Snowden leaks. European Data storage companies were quick on the uptake and profited from the revelations. It was estimated that the leaks could end up costing $22-35 billion over the next three years, and if this ruling stands, those losses will only increase.
The essential problem revolves around connectivity. The fact that MS or a customer can press a button in Oklahoma and retrieve data stored in (say) Italy plays havoc with the old ways of thinking about the Fourth Amendment, the concept of jurisdictions, the power of U.S. Courts and the U.S. government. Connectivity and availability are being confused with actual physical location. Also, if a corporation is a person and that person owns a house in another country, is a U.S. search warrant executable in that other country? The case of “Megauploads” comes to mind and why it was thrown out of Court and the search ruled illegal by the New Zealand High Court.
OK…now the stinger. Let’s say U.S. search warrants become executable on data stored abroad. Well, will foreign data stored in data farms in the U.S. become equally searchable by foreign governments?
What bothers me most about this is that it pretty much destroys any concept of privacy for companies and individuals, if it’s allowed to stand. It also might compromise the security of us all if it isn’t. Something to think about.