Microsoft And Data Sovereignty: Can The US Government Still Take Your Company's Cloud Data?

As Amazon, Microsoft and other cloud providers move to break ground and build Australian data centres and points-of-presence, data sovereignty and the security of data stored offshore is still a massive concern for Australian companies. Microsoft is flipping the script on data sovereignty in a post-Snowden world, and now pledges to fight US Patriot Act orders it receives. So can the US government still take your company's data despite Microsoft's new fighting spirit? Sort of.

Thief picture from Shutterstock

According to Rich Sauer, Microsoft's corporate vice president and deputy general counsel, Redmond now has its back up about Patriot Act requests.

For those late to the fight, Microsoft had previously told customers in Europe and elsewhere that because of the regionalisation of content to datacentres around the world and its home base in the US, it couldn't guarantee that US law enforcement agencies wouldn't be accessing that data.

Sauer was speaking to journalists overnight about Microsoft's new legal battleground in a post-Snowden world overnight, saying that it's now prepared to fight the US government and its agencies which have used "self-help mechanisms" (read: hacking methods) to break into servers and take data related to surveillance and law enforcement activities.

Obviously Microsoft wants to tackle US agencies hacking the crap out of its secure services, but what of the US Patriot Act?

Microsoft execs speaking at TechEd last year specified that the Patriot Act has no power outside of the US. But according to Sauer, Microsoft is now going further in a post-Snowden world and actively fighting the US government in its attempts to run over the company and scoop data out of international services.

So what if a US government agency wants your company's data stored in a cloud datacentre in Singapore? According to Sauer, Microsoft now palms these requests off to local law enforcement bodies.

"[If an agency wants customer data, we encourage them] to use the mutual legal processes in place and don't run over us to get it. This gives the Australian government the process to maintain checks and balances about what's happening with their citizen's data," Sauer said.

"If [the US government doesn't] use these treaties, the Australian government wouldn't know what was happening with its citizen's data," he added.

Sauer said that Microsoft is now fighting the principle of the US Patriot Act, not just because the company disagrees with the blanket collection of data, but because security is a "sales blocker" for the company following Snowden's revelations about the behaviour of the National Security Agency.

"For a few years up until that point one of the hardest issues for us and a sales blocker was the Patriot Act. This was viewed as an effort by the US government to overreach and essentially surveil customers and citizens around the world. We spent a lot of time helping to debunk some of the myths around the Patriot Act; there were legitimate concerns but some of them were wildly overblown."

Microsoft can still be compelled to provide data if it's ordered to by a judge under probable cause, but it has to know that the country in which the data is being taken from is aware of the action. There's also a new level of resistance from Microsoft to providing data to US agencies from around the world following the Snowden leaks.

Your data is never 100 per cent safe from foreign governments, but Microsoft's move suggests it is indeed fighting back at a level not seen before.

Disclosure: Luke Hopewell travelled to Seattle as a guest of Microsoft.


    What if you encrypt your data locally [Truecrypt] before uploading it to cloud based storage?

      You may like to read this before using TrueCrypt again

    This seems to be Microsoft's "Ah, Let me make this crystal clear, crystal clear, there will be no new taxes, no changes to the pension, no cuts to the ABC or the pension." sort of moment.

    Microsoft have only recently taken data from someone's Hotmail account without even a warrant. Yes they subsequently said they were wrong and promised not to do it again, but can you trust someone who has only a few weeks ago had zero regard to privacy? On top of that the NSA is weird.

    A national security letter prevents MS from even telling anyone that the USA government wants your data. Forget about palming this off to singapore legal to decide if they can't even talk about it.

    There are no two ways about this.

    The only cloud that you can safely use is one that is run by an Australian based company on Australian soil.

    Amazon, Microsoft, Digital Ocean... all of them MUST obey the NSA without question, and they must do it secretly too.

    "The only cloud that you can safely use is one that is run by an Australian based company on Australian soil."

    Very unlikely.

    Any data, information, email or anything else going through the internet is not safe.
    To have is safe disconnect.

    In Tony Abbott's world, he will hand over anything the Americans ask for. Personally, I don't trust the Australian government to protect the data rights of its citizens.

Join the discussion!

Trending Stories Right Now