Microsoft warns against privacy evisceration in American-Irish email row
Microsoft says it fears that a precedent could be set, leading to a "global free-for-all" eroding personal privacy, as US government seeks to force it to hand over user's email.
Microsoft warns on yet another zero-day security flaw
International legal wrangling over information housed in an Irish datacentre is at the centre of a dispute involving Microsoft and the US prosecution service. American prosecutors want access to emails held on servers in Dublin as part of a drugs investigation.
The prosecutors have sought access to the files by issuing a search warrant in the US itself; Microsoft says the legalities for such action should originate and take place on Irish soil.
The case follows a ruling in the summer by a New York district judge that Microsoft must hand over customer data to the US Government even though it's held overseas.
Eviscerated personal privacy
America-based Microsoft has insisted that if this power were granted to the American law enforcement services, it could lead to a "global free-for-all" that eviscerates personal privacy.
The US statute at issue here is the Stored Communications Act, which was enacted in 1986 in the comparatively early days of the access to the world wide web. The individual from Dublin in this case has not been identified.
As detailed on the Reuters news service, Microsoft's lawyer Joshua Rosenkranz has warned the 2nd US Circuit Court of Appeals in New York that upholding the warrant would open the door to other countries using their law enforcement powers to seize the emails of Americans held in the United States.
Tim Erlin, director of security and product management at Tripwire says that it is tempting to think that data stored in the cloud “isn't really anywhere”, as he puts it. But says Erlin, even the cloud is ultimately made up of bits on disk in some number of physical locations – in this case, Ireland.
Speaking to SCMagazineUK.com this week, Erlin said that the repercussions of any precedent set will be widespread. “Jurisdictional issues, definitions of custody and location, all impact a myriad of current and future legal decisions,” he said.
Reuters describes this case as a question of whether the warrant is an "extraterritorial" application of the law (which is what Microsoft contends it is), or whether the fact that US-based Microsoft employees can retrieve the data in question means that, in this case, the statute is being actually physically used and applied solely within the United States, as the government argues.
Balancing act: privacy-to-security
Gavin Reid, VP of threat intelligence at Lancope says that this is an age-old problem, the balance between privacy and security. Speaking to SC this week, Reid offered up the “often butchered” Benjamin Franklin quote: Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.
“While not being strictly about personal privacy, this misses the point that there is an inflection where a small amount of privacy lost for a huge gain in safety is worth it. We depend on our governments to ride this balance carefully – and the press to tell us when they don't,” said Reid.