The stakes have been dramatically raised in a court case where Microsoft is fighting a US Government attempt to seize customer data held on its servers in Ireland - after it emerged that British MPs' emails are stored there as well.
On Monday, New York district court judge Loretta Preska ruled that Microsoft was in contempt for failing to hand over the emails of one of its European customers held in Dublin by a 5 September deadline.
The judge insists that a US search warrant to seize the data – made in relation to a drugs trafficking investigation – is valid, even though the data is stored outside the US.
But now John Hemming, Lib Dem MP for Birmingham Yardley, has revealed that Microsoft is storing the confidential emails of Britain's MPs on the same cloud-based servers - potentially giving the US the legal right to access that data, as well as that of ordinary UK companies and individuals.
Hemming is calling for the parliamentary information to be removed from US corporate control.
He told SCMagazineUK.com: “I just don't think it's a very sensible way forward. You could have an MP's emails discussing the devolution proposals for Scotland on a confidential basis, and they're made available to a foreign government.
“I know we've had situations where the Americans are spying on foreign leaders but we shouldn't make it that easy for them; make them do a little bit of work!
“If the court in the first instance says that if the secret court (FISA) wants copies of MPS' emails, then it can just have them, I would be worried.”
Hemming raised the issue with Commons Leader William Hague, who co-wrote a reply to him on 2 September saying: “The relevant servers are situated in the Republic of Ireland and the Netherlands, both being territories covered by the EC Data Protection Directive.
"Any access by US authorities to such data would have to be by way of mutual legal assistance arrangements with those countries.
“The US authorities could not exercise any right of search and seizure on an extra-territorial basis.”
But Hemming told SC: “William Hague's reply is transparently untrue. I'm not saying he's lying, I'm just saying what he says in his letter is provably false.
“The argument is about whether or not the US has legal systems that enable them to do extra-territorial search and seizure – and the answer from the court of first instance is, yes.”
Judge Preska's ruling has allowed Microsoft to appeal but Hemming doubts that will succeed. “It depends on what the Supreme Court in the USA states. If the Supreme Court says otherwise, it says otherwise. But because the US does a lot of extra-territorial stuff anyway I personally would be quite surprised if they did.”
UK cyber security expert Alan Woodward, a visiting professor at Surrey University, agreed with Hemming, telling SCMagazineUK.com: “This is opening up the can of worms even further.
“Even if the US had the right to get the data of British citizens from the cloud (which the UK courts say they don't under the Data Protection Act), then there's a further level which is - what about our parliamentarians? They've got a number of other protections, yet there's a foreign government that potentially gets hold of their data. That really should ring alarm bells.”
Woodward too doubted William Hague's assurances: “I'm not sure he's acknowledging this dramatic conflict between the two jurisdictions.
“He can give all the reassurances he likes but if a US company suddenly says ‘I've got to obey a US court', and they're actually in control of the data, there's nothing the UK Government could do to stop them.
“Yes it would be nice if the US Government were to use the mutual assistance pacts we've got to request this data – but that's not what they're doing.”
Woodward added: “This is doing enormous damage to the US technology industry where they're providing cloud services. If Microsoft does accede to the request of the US court, then people who absolutely want there to be no question over their data will never use a US company – they can't.”
He advised UK companies using cloud services: “They should be thinking very seriously – if they haven't already – of a UK or European-based solution. It's not just where their supplier is physically located, it's who runs it, where it's operated, and who owns the company. And really that will need to be euro-centric if you are a European company.”
In an official statement, Microsoft confirmed the judge's contempt ruling clears the way for it “to pursue its case against the US Government on appeal”.
Microsoft chief lawyer Brad Smith has said: “Microsoft believes you own your email no matter where it is stored. That's why we've gone to court to ask the US Government to follow long-established, internationally agreed upon processes to obtain email it is seeking as evidence.
“While technology advances, Microsoft is working to make sure that privacy endures and digital common sense prevails.”