Cloud

Microsoft And Data Sovereignty: Can The US Government Still Take Your Company's Cloud Data?

As Amazon, Microsoft and other cloud providers move to break ground and build Australian data centres and points-of-presence, data sovereignty and the security of data stored offshore is still a massive concern for Australian companies. Microsoft is flipping the script on data sovereignty in a post-Snowden world, and now pledges to fight US Patriot Act orders it receives. So can the US government still take your company’s data despite Microsoft’s new fighting spirit? Sort of.

Thief picture from Shutterstock

According to Rich Sauer, Microsoft’s corporate vice president and deputy general counsel, Redmond now has its back up about Patriot Act requests.

For those late to the fight, Microsoft had previously told customers in Europe and elsewhere that because of the regionalisation of content to datacentres around the world and its home base in the US, it couldn’t guarantee that US law enforcement agencies wouldn’t be accessing that data.

Sauer was speaking to journalists overnight about Microsoft’s new legal battleground in a post-Snowden world overnight, saying that it’s now prepared to fight the US government and its agencies which have used “self-help mechanisms” (read: hacking methods) to break into servers and take data related to surveillance and law enforcement activities.

Obviously Microsoft wants to tackle US agencies hacking the crap out of its secure services, but what of the US Patriot Act?

Microsoft execs speaking at TechEd last year specified that the Patriot Act has no power outside of the US. But according to Sauer, Microsoft is now going further in a post-Snowden world and actively fighting the US government in its attempts to run over the company and scoop data out of international services.

So what if a US government agency wants your company’s data stored in a cloud datacentre in Singapore? According to Sauer, Microsoft now palms these requests off to local law enforcement bodies.

“[If an agency wants customer data, we encourage them] to use the mutual legal processes in place and don’t run over us to get it. This gives the Australian government the process to maintain checks and balances about what’s happening with their citizen’s data,” Sauer said.

“If [the US government doesn't] use these treaties, the Australian government wouldn’t know what was happening with its citizen’s data,” he added.

Sauer said that Microsoft is now fighting the principle of the US Patriot Act, not just because the company disagrees with the blanket collection of data, but because security is a “sales blocker” for the company following Snowden’s revelations about the behaviour of the National Security Agency.

“For a few years up until that point one of the hardest issues for us and a sales blocker was the Patriot Act. This was viewed as an effort by the US government to overreach and essentially surveil customers and citizens around the world. We spent a lot of time helping to debunk some of the myths around the Patriot Act; there were legitimate concerns but some of them were wildly overblown.”

Microsoft can still be compelled to provide data if it’s ordered to by a judge under probable cause, but it has to know that the country in which the data is being taken from is aware of the action. There’s also a new level of resistance from Microsoft to providing data to US agencies from around the world following the Snowden leaks.

Your data is never 100 per cent safe from foreign governments, but Microsoft’s move suggests it is indeed fighting back at a level not seen before.

Disclosure: Luke Hopewell travelled to Seattle as a guest of Microsoft.