US court orders cloud providers to hand over customer data
New York judge rules no matter where you live your data can be scrutinised
A US judge has made a major ruling in a dispute with Microsoft over the seizure and searching of overseas data which could see data stored on providers’ servers open to prying eyes in spite of their worldwide location.
The decision comes in the wake of a challenge issued by Microsoft on behalf of one of its Irish customers. Redmond insisted it should not have to disclose user data stored overseas, as the US government does not have jurisdiction there.
New York judge James Francis struck down that argument in his ruling, declaring the investigative efforts of law enforcers and governments would be “seriously impeded” should that be the case.
“Even when applied to information that is stored in severs abroad, an SCA [Stored Communications Act] warrant does not violate the presumption against extraterritorial application of American law,” he said.
Effectively, the searching of customer’s overseas data does not currently violate international law.
The ruling means any company that employs a US-based cloud provider based will be vulnerable to having their data taken and searched at a moment’s notice, regardless of what country it’s stored in.
This news could see companies that were already wary of migrating avoid it completely, propagating the cloud “fear factor” that some firms are still working through.
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
Microsoft has come out fighting, and set out plans to appeal the ruling.
“The magistrate judge, who originally issued the warrant in question, disagreed with our view and rejected our challenge,” said deputy general counsel David Howard in a blog post.
“This is the first step toward getting this issue in front of courts that have the authority to correct the government’s longstanding views on the application of search warrants to content stored digitally outside the US.”
US companies, which assured users that data stored away from US shores would be safe, could reconsider the location of their centres, now that the original promise has seemingly been rendered moot.