Cloud minefield set for explosion
Long arm of the law: US Justice Department re-writing the international rule book
We have been warned for years that cloud computing means business data is not secure. We have also been warned, by Ed Snowden and others, that the long arms of US government data surveillance have extended into every corner of the Internet.
An important court case in the US has highlighted these concerns. Its outcome has the potential to affect every user of the Internet – however it is decided. It will have ramifications for any Australian who uses email and any company that uses the cloud. This means you.
The case revolves around a warrant issue by the US Department of Justice (DoJ) for the contents of a Hotmail account held on a Microsoft server in the Republic of Ireland. The DoJ has not gone to an Irish court to retrieve the emails, but contends that because Microsoft is a US company, a warrant issued in the US means Microsoft must hand over the contents of the emails, no matter where in the world they are stored.
Microsoft is hotly contesting this, as you might expect. The case has become something of a cause celebre amongst civil libertarians and others concerned about what they see as a vast overreach of US law.
A number of organisations have filed amicus curiae briefs – ‘friend of the court’ or public interest submissions – with the court in support of Microsoft. They include Microsoft’s arch-enemy Apple, media groups The Guardian and NPR (the US National Public Radio network) and – interestingly – the Irish Government.
The contents of only one email account have been demanded by the DoJ, but if the court rules that Microsoft must hand them over there are serious concerns about the precedent it will set. It would mean that the US Government would have the right to demand any email from any US based email provider, no matter the jurisdiction in which they physically reside.
Neither the nature of the emails nor the case they pertain to has been disclosed, but they are believed to relate to a narcotics case. And therein lies the rub – this is the first instance of an electronic communications regarding a criminal, rather than a national security, matter being the subject of such US Government action.
We have started sliding down the slippery slope we warned you about, say those opposed to the DoJ’s demands. “This is an execution of law enforcement seizure on their land,” said Microsoft’s lawyer Joshua Rosenkranz. “We would go crazy if China did this to us.”
The DoJ says emails are the business records of the company hosting them. It has been successful with that contention in two lower courts. Microsoft appealed both times, unsuccessfully arguing that the content of an email is the account holder’s personal property.
The matter is now before the Federal Appeals court, which is expected to make a ruling before Christmas. If Microsoft loses again it is expected to make a further appeal – the matter could end up going to the US High Court.
Aidan Tudehope, co-founder of Australia’s Macquarie Telecom, says the matter has him worried. “There has been an ongoing debate over cloud storage and the jurisdiction in which data is stored,” he told InnovationAus.com, “but this takes things a step further.
“The US Patriot Act means that the US Government can undertake all sorts of surveillance beyond its borders in the interest of national security, but this is a criminal case. It sets a dangerous precedent. If the DoJ is successful, and Microsoft loses, it will have a ripple effect. Who knows what damage those ripples might cause.”
Mr Tudehope says that the case, however it is decided, may lead to a ‘jurisdictional arms race’ as different countries act to protect their own interests.
"It could have far-reaching consequences. Here in Australia many companies follow the Australian Signals Directorate guidelines for protecting data in the cloud. These guidelines raise the question of where data resides. They will need to be reviewed in light of this judgment"
“If the US Government can do this, and other governments decide they can do it too, or if they put up barriers, the whole concept of the international cloud computing is under threat. The ICT industry has come to rely on the free flow of data between countries.
“And if Microsoft is successful, the inverse could happen, and regulatory and law enforcement agencies could have increased difficulty in getting at data they want. Either way, it is a giant can of worms.”
InnovationAus.com will report on the outcome of the case when the court hands down its ruling.