Blog Post

Judge’s ruling spells bad news for U.S. cloud providers

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

A court ruling on Friday over search warrants means continued trouble for U.S. cloud providers eager to build their businesses abroad.

In his ruling, U.S. Magistrate Judge James Francis found that big ISPs — including name brands Microsoft(s msft) and Google(s goog) — must comply with valid warrants to turn over customer information, including emails, even if that material resides in data centers outside the U.S., according to several reports.

Microsoft challenged such a warrant a few months back and this ruling was the response.

In a blog post on Friday, Microsoft Deputy General Counsel David Howard characterized this as a necessary first step in a what will likely be a long battle. He wrote that the issue is straightforward even if the law is not:

“It’s generally accepted that a U.S. search warrant in the physical world can only be used to obtain materials that are within the territory of the United States. A U.S. prosecutor cannot obtain a U.S. warrant to search someone’s home located in another country, just as another country’s prosecutor cannot obtain a court order in her home country to conduct a search in the United States. That’s why the U.S. has entered into many bilateral agreements establishing specific procedures for obtaining evidence in another country. We think the same rules should apply in the online world, but the government disagrees.”

The ruling basically upholds the status quo for U.S. companies who have tried to reassure foreign governments that data residing in their data centers outside the U.S. will be safe from overreach by U.S. law enforcement or security agencies. The European Community, in particular, has been vocal in its distrust of U.S. authorities in the wake of Edward Snowden’s disclosures about National Security Agency data gathering practices.

European cloud providers have tried to use this to their own advantage, with some even advertising on their web sites that their data centers are immune to search under the U.S. Patriot Act. And some have claimed that U.S. security practices have slowed cloud adoption in Europe and beyond.

U.S vendors have tried to allay concerns. In January for example, Microsoft said customers could choose where their data is stored, implying that email stored in Microsoft’s Dublin data center are safe from U.S. search. Experts quickly pointed out that this does not really address the overreach problem because the Patriot Act — initiated after 9/11 as an anti-terrorism measure — compels U.S. firms to cough up not just what’s stored on U.S. soil, but anywhere.

As Gigaom’s David Meyer reported then: “All that’s needed is for the cloud provider to itself fall under U.S. jurisdiction, which Microsoft most certainly does and will continue to do.”



5 Responses to “Judge’s ruling spells bad news for U.S. cloud providers”

  1. The Patriot Act sucks, it is a fear based act, and bullying was used to get it passed and repassed. Data centers in other countries, do not have to cough up, data, because a US law illegal wants to strut his or her stuff. The US. is the biggerst outlaw country in the world, and needs to pack it in, and get legal, rather than self-serving, and drone dangerous.

  2. Magistrate judges are the lowest level of Judges in the Federal system. They are essentially advisers. The parties do not have to follow their rulings and can ask for a hearing on the matter in front of a Federal District Court Judge. This is only the first step and hardly news.

  3. Perhaps it’s time we considered repealing the Patriot Act, which happens to be the most half-baked, un-patriotic piece of legislation ever rammed down the throats of American citizens. It comes at the expense of the Constitution and the American way of life. It happens whenever politicians are allowed to write knee-jerk laws without considerable debate.