Microsoft v the US Justice Dept - the real data privacy battle that must be won

Stuart Lauchlan Profile picture for user slauchlan July 13, 2016
Microsoft v the US Justice Department - this a battle that needs to be won. It's far more important for the future of data transfer rules than the ropey Privacy Shield.

Uncle Sam

We need an internet that respects people’s rights.  We need an internet that is governed by law.  We need an internet that’s governed by good law.

An important declaration from Brad Smith, President and Chief Legal Officer at Microsoft this week, a week in which the firm earlier voiced its approval of the adoption of the European Union/US Privacy Shield data transfer rules.

But while supportive of that, the firm is locked in a battle royal with the US Government that could have a far greater impact on the future of transatlantic data transfer than the hastily cooked-up Safe Harbor replacement, potentially more so than Max Schrem’s war against Facebook.

It centers on the US Justice Department’s pursuit of the contents of an e-mail account held by Microsoft on a server in Ireland.

Microsoft contends that the data is held outside the legislative reach of the Justice Department and as such US search warrants are not applicable.

For both sides, the stakes are high.

For Microsoft - and the entire cloud/tech industry - if a precedent is set that the US authorities can demand and receive data hosted outside of the US, then all the soothing Privacy Shield blandishments about ombudsmen and promises not to be naughty any more about mass surveillance will amount to a can of beans. That would have a hugely negative impact on US providers ability to trade with EU, particularly in public sector markets such as Germany.

For the US Justice Department, if the principle is established that US providers just need to stick a server into a non-US jurisdiction, then data about US citizens, never mind non-US ones, is placed outside of its reach. That could have serious ramifications for pursuit of criminal activities or the War on Terror, argue supporters of the Justice Department stance.

Societal impact

To date, Microsoft has taken a defiant stand on the matter, despite having US public sector commercial ambitions at stake here, particularly when it comes to its high stakes rivalry with Google in promoting cloud adoption across government.

But this matters, insists Smith, and it matters on a societal scale:

We need to stand up for transparency.  That’s why as a company we have brought not one but four lawsuits against our own government, the United States Government, starting three years ago to win the right that we pursued and achieved to share more information with the public.

It’s why we brought a new lawsuit just two months ago.  We looked at the search warrants that we had been receiving in the United States and we found that over 2,000 of them had a secrecy order that would prohibit us forever from letting customers know that the government had obtained their email.  We’ve gone to court to say that is not just unconstitutional, that’s not the future we want to build.

We recognize that we need to stand up for people globally.  That’s why we’re litigating a case in the United States to argue that the US government cannot reach customers’ email in our datacenters around the world.  It’s why we’re taking that message not just to court.  We’re bringing it to the public. We’re bringing it to Congress.

Inevitably of course, supporters of the Justice Department position are quick to try to tar the firm as unpatriotic or siding with criminals and terrorists. The presumptive Republican Presidental candidate Donald Trump has led the attacks on US tech firms and their supposed attitudes here, so this mindset is only likely to become more febrile as November approaches.

In fact, Smith is at pains to point out that the stand-off with the Justice Department in no way represents any abdication of responsibility here:

We’ve recognized that as we go forward we have an important responsibility to help keep people safe, a responsibility we’ve been exercising for many years with others, a responsibility that we needed to exercise in the past year. As I announced earlier this year, we received 14 lawful orders from the police in Paris and Brussels, after last November’s terrorist attacks.  We were able to verify that they were all lawful and we responded to all of them with an average turnaround time of less than 30 minutes.  That’s part of what it takes to keep people safe.

These are complex issues in a complex world, he argues, and ones being debated in the most challenging of times:

Just look at the headlines of the last couple of years:  Customers whose credit cards have been hacked; schools that are worrying about kids using the internet to engage in bullying; government officials in Europe expressing concerns about technology; the presidential candidates in the United States not just of one party, but of both, expressing skepticism, as well, skepticism that has even gone to the heart of the tech sector in Northern California.

We need to do more than advance the cloud.  We need to build a cloud for good.  We have to ensure that we build a cloud that people can trust.  More than anything, we hear from people around the world that as they move their most important information to the cloud what they want is the confidence that the rights and protections they’ve so long enjoyed when their information was stored on paper will persist in this new technology era.

My take

Well said that man. Stand strong. This is a crucial battle to be fought and won, far, far more important than the Privacy Shied comfort blanket, whose stitches will rapidly unravel in front of the European Court of Justice. Quite simply, none of us can afford for Microsoft to lose this battle with the Justice Department. The precedent that would be set would case long shadows, both for global society as a whole, but also for the US cloud computing industry’s ability to do business around the world.

A grey colored placeholder image