ITsecurity
twitter facebook rss

The big legal argument from Microsoft: “Well, you wouldn’t like it”

Posted by on December 12, 2014.

Brad Smith

Brad Smith, General Counsel, Microsoft

At the beginning of this year I began to think that Microsoft had changed. General Counsel Brad Smith announced that Microsoft would store its users’ personal data within their own jurisdiction, thus intimating that the NSA and FBI couldn’t get hold of it. “People should have the ability to know whether their data are being subjected to the laws and access of governments in some other country,” he said, “and should have the ability to make an informed choice of where their data resides.”

Basically he was telling Europe that Microsoft would comply with the General Data Protection Regulation. It was a great PR stroke that was widely well-received. Not by everyone, though. Alexander Hanff told me at the time,

Microsoft knows full well that it makes no difference whether the data is hosted in the US or not. They are a US corporation and therefore any data they hold is vulnerable to the US surveillance machine no matter where it is. It is clear from the announcement that Microsoft (as well as the rest of the cloud industry) is really concerned about losing revenues for cloud services and they know there is a strong movement within Europe (not least by the European Commission) to create infrastructure independent of the US and US tech giants.

His opinion was quickly put to the test. The US government soon demanded full details (with emphasis on ‘full details’) of the account of a European customer whose data was stored on a Microsoft server in Ireland. (I haven’t found any statement on the nationality of this customer, but there are hints that he is indeed Irish.) The demand had the backing of the US courts.

But Microsoft pushed back; and has been pushing back ever since. It is currently appealing the latest court instruction for it to hand over the data. Brad Smith has published a blog claiming that Microsoft cannot be asked to hand over the data. It’s an appealing argument:

Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany. They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter’s box with a master key, rummage through it, and fax the private letters to the Stadtpolizei.
What if? Microsoft appeal ponders U.S. reaction to foreign data demand

This says Smith is how Microsoft’s latest appeal begins. It basically says to the US government, ‘You wouldn’t like it; in fact you wouldn’t tolerate it – so how can you expect Europe to accept it?”

So perhaps, I thought to myself, perhaps Microsoft really has changed. And then I saw Caspar Bowden’s tweet. As background, Bowden had been a chief privacy adviser at Microsoft.

bowden tweet

When you look closer, Microsoft’s actions are entirely win/win; with no possibility of loss. Firstly, the European storage issue. Microsoft has nothing to lose – Google already dominates Europe. On top of this, there should be little difficulty for any of the big tech companies to constrain European data to European servers. It’s not a big deal.

Secondly, Brad Smith’s blog is an appeal to the emotions, not an appeal to the law. The judge will be unemotional and will uphold the law; and will insist that Microsoft hand over the data. In this sense, Smith’s blog is totally meaningless — or in Bowden’s words, nauseating cynicism.

The moral is simple – Europeans should not be swayed by PR exercises. Leopards do not change their spots; big companies do change, but only ever for the worse.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Expert Views, Kevin Townsend's opinions, News, News_privacy |