The Department of Justice appears to be doing its best to kill off the cloud – at least in the U.S.
Microsoft has been fighting, for months, a DoJ search warrant to provide emails and address book information for a customer who’s data is stored in an Irish data center.
Microsoft has been fighting this search warrant at least since April when a New York judge ordered Microsoft to turn over the emails, but also suspended that order pending appeal. This week Microsoft filed an appeal of the order and included Amicus briefs from Amazon, Apple, AT&T, eBay, Verizon and dozens of other organizations.
Assuming those emails were stored on the user’s PC in Ireland, it would be clear that the DoJ would need to get the Irish courts involved. They could do a black bag job, but then the U.S. courts would never admit the evidence.
The reason, at least in part, for why there were over 40 amicus filings with this appeal is that part of the DoJ’s claim is that when personal emails and other documents are stored in the cloud they are no longer personal property, but rather business records, owned in part by the cloud providers.
While the records for this case are sealed, it appears to be part of a drug investigation and what is not clear is whether this person is a U.S. Citizen living in the US.
Microsoft is arguing that this data is being held by an Irish company (the Irish subsidiary of Microsoft) and if you want the data, you need to do so in Irish courts according to Irish law. Assuming that this person they are going after is not an American, this makes perfect sense.
Microsoft argues that the U.S. would not be fond of say, the Russian government ordering the Russian subsidiary of Microsoft to hand over information held in the U.S. based on a Russian search warrant and Russian law — and that is hard to argue.
In another article, Microsoft EVP and general counsel Brad Smith, when asked if users should encrypt their email in the cloud, said that encryption is important and protects data in many circumstances, but said that it would make it hard for Microsoft to hand over your stuff to the feds if it was encrypted. Duh! And your point is? I am not sure what the downside to Microsoft is if they were to say yes to that question. I don’t get their hedging. Obviously, if they did that, like Apple and Google are doing with their smartphones, it would make the feds upset, but is that their logic?
Remember – and this is very important – that any form of transparent encryption where Microsoft or any other cloud provider holds the encryption keys, DOES NOT STOP THE PROVIDER FROM TURNING OVER YOUR DATA IF THEY WANT TO. In fact, Smith specifically said that if the cloud provider does not hold the encryption keys, things get problematic for them (Microsoft).
If after all the appeals, the courts hold that YOUR data stored in the cloud is no longer personal property and is owned, at least in part, by the service provider, that will have a huge negative impact on U.S. cloud providers like Amazon, Google and Microsoft. Constitutionally, the protection of your stuff, if it is ruled to be a business record of the cloud provider you are using, is dramatically less than if it is your personal property.
I assume this is likely to be appealed all the way up the the Supreme Court, so stay tuned.