It’s a big internet. Your social media account or email could be stored anywhere. Your blog could be hosted anywhere. One Italian website could be hosted in Texas or some US drug lord’s email account could be stored as far off as Ireland. Recently, many large websites branch out to countries that they serve and are also hosted there. The content also changes accordingly. The same isn’t true for old data and smaller and recent websites. For example, I have two Yahoo email accounts about five years apart. The older one defaults back to the US Yahoo homepage after logging out while the one I set up in Singapore puts me back to the Singapore homepage. Cloud storage and infrastructure could be either way. To cut costs, companies like Microsoft or Amazon could set up their infrastructure in other countries. This now opens up the question: could data be extradited by a country for investigative purposes if it’s stored in another country? Does data stored in another country share the same privacy as Swiss bank accounts? Does data have a nationality? This is now a problem being faced by Microsoft as the US Justice Department seeks to open an email account stored in a data center in Ireland.
This case has some similarities to problems involving The Piratebay and other torrent sites. US Copyright owners could not prosecute them directly for copyright infringement when their sites are hosted in another country wherein they would have to coordinate with that country and its copyright laws. This buys torrent sites the time to continue their operations until their host country becomes aware of their existence and the time for them comes to move on. In the case of Microsoft and the “Irish” Hotmail account in question, the case opens up issues on privacy and sovereignty.
“The power to embark on unilateral law enforcement incursions into a foreign sovereign country – directly or indirectly – has profound foreign policy consequences. Worse still, it threatens the privacy of US citizens.”
“Microsoft has contested the decision on the grounds that the records are stored in a data centre in foreign country, not owned by Microsoft but rather by the email user, and that the order entails a conflict of laws and the impermissible exercise of extraterritorial authority.”
–Center for European Policy Studies
Microsoft is not defending the suspected felon that owns the account but its customers as a whole and that the data is protected by the host country’s laws. The government seeks to get the data from the company itself, Microsoft since the account is Hotmail instead of coordinating with the host country’s law department since it’s a much easier channel. Otherwise, it will be the same as going after The Piratebay. In the government’s point of view, it’s simple for Microsoft, an American corporation, whose headquarters lie in Washington State, to just grab the data from any of its foreign servers.
“We have formal mechanisms for this. They are cumbersome, and we fully support expediting them and appropriating more money to make that thing work, but at the end of the day it’s like saying: ‘Gee, we shouldn’t have to get a search warrant because it’s a pain in the ass.’”
–Lee Tien, senior staff attorney, Electronic Frontier Foundation
Microsoft even made some unlikely allies in this case such as Apple, the Electronic Frontier Foundation, Verizon, Fox News, eBay, the Guardian and the Irish government (which is very touchy with their sovereignty). Should the government win, data privacy through cloud computing could be in jeopardy. In a customer’s point of view, they would rather invest in their own infrastructure rather than allow any host country to rummage through their sensitive data on demand. If the US can do it, so can countries like China.
“…It will force companies to look for more ways to encrypt data and not retain the keys. Partner with non-US companies so that non-US companies have the servers. None of which will be helpful to the US,”
–Brad Smith, Microsoft lawyer
The whole thing would be also bad for the US, should the courts win. Not only on a privacy standpoint but in business as well. If the scenario Mr. Smith described happens, it will be much tougher for the US to get the data it needs in case it does manage to pass a proper law that can subpoena data. While Microsoft has much to lose since it recently invested a lot of time and money in its own cloud business, it does recognize the importance of privacy and international sovereignty. Cloud computing is an increasingly competitive business that will get flushed down the drain when confidence in it drops; because its hosts can’t be trusted to keep its data discreet.