Microsoft’s subpoena: Is non-US cloud safe from the Patriot Act?
In April 2014, a federal judge ordered Microsoft to release a customer’s information from their Dublin data centre. This raised concerns over the privacy of cloud-stored data and the seemingly unbounded reach of the US government outside of American soil.
This was the first instance of the US government demanding access to data stored outside of the United States. It made headlines for the fact that even tech giant Microsoft is not exempt from the long arm of the Patriot Act.
Back in January 2014, Microsoft announced that it planned to allow enterprise users to decide where their data was held, either in its US cloud or in their new Dublin data centre. This indicated that there were doubts over the privacy of US-based cloud data, and suggested that Microsoft considered their European data centre safer from potential investigation by US authorities.
However, in April 2014, US Magistrate Judge James Francis ruled that ISPs and cloud vendors, including big brands like Microsoft, Google and Amazon Web Services, must comply with the US’s post-9/11 Patriot Act and hand over, when requested, customer information even if that data resides outside of US borders.
In fact, all that is required is for the cloud provider itself to fall under US jurisdiction and that staff within the US have access to the data.
This is alarming for non-US customers that host their data with US-based cloud providers. Even if their data is stored locally (outside of the United States), it is potentially still vulnerable to surveillance by US government under this ruling. The only way for non-US cloud customers to guarantee their data is private is to choose a non-US cloud provider.
HighQ is a registered UK company with data centres in Europe, the US and offshore (with data centres in Australia, Canada and the UAE set to open in summer 2014).
HighQ’s customers can choose which jurisdiction their data is held in, and ensure that none of our US staff have access to any data held outside of the United States. This guarantees that non-US customer data is entirely protected from US laws.While the world waits for the outcome of the Microsoft case, it has certainly brought to light the importance of understanding the law surrounding data jurisdiction, and how vital it is for cloud customers to carefully consider which provider you choose to best protect your data.
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)