Microsoft has lost its appeal against data disclosure on its foreign-held servers, with the the US courts declaring that a warrant served against its Dublin-based data centre must be fulfilled.
US District Judge Loretta Preska has rejected Microsoft's appeal against a court order levelled at its Dublin-based data centre, declaring foreign-held data a valid target for US court orders.
Microsoft, like any other company, frequently receives court orders requesting that it turn over data belonging to its customers. Recently, however, one such order from the US government made a request Microsoft was loath to fulfil: to turn data from its data centre in Ireland over to US authorities. Microsoft, naturally, appealed
, stating that it believed laws against search and seizures on foreign soil protected said data; the government, equally naturally, said that was nonsense and that Microsoft's operations in the US make its data available upon the issuance of a valid court order regardless of the physical location of the zeros and ones.
Now, US District Judge Loretta Preska has sided with her paymasters. A report on the case by Bloomberg
followed a two-hour hearing, and fully validates the decision made by US Magistrate Judge James C. Francis IV in April. 'Congress intended in this statute for ISPs to produce information under their control, albeit stored abroad, to law enforcement in the United States,
' Preska reportedly ruled. 'As Judge Francis found, it is a question of control, not a question of the location of that information.
The news may have a chilling effect on the burgeoning cloud computing industry. While only a naïf would presume privacy when storing data on remote systems owned by a multinational corporation, there was previously an understanding that the physical location of the servers on which the data is held would have an impact on which privacy laws applied. The court ruling suggests that the US, at least, believes this is not the case, and that any cloud provider with operations in the US will be expected to comply with data access request court orders regardless of the locality of the data or its owner.