A troubling bit of news hit late Friday (isn’t that when all the troubling news seems to hit?). Reuters reported that:
“In what appears to be the first court decision addressing the issue, U.S. Magistrate Judge James Francis in New York said Internet service providers such as Microsoft Corp or Google Inc. cannot refuse to turn over customer information and emails stored in other countries when issued a valid search warrant from U.S. law enforcement agencies.”
So, if you are a non-US company, and your Cloud provider has stakes in the US, your data is exposed to the whims of US law enforcement – without protection of your home country. In other words, Safe Harbor counts for nothing.
And if you are US-based company that wants to retain a bit more control over your data such as location and protecting access without your knowing, note that this protection may be gone now.
Assuming this survives on appeal, it will no longer matter where your cloud storage provider stores your data, if they are served with a subpoena they will be compelled to turn it over. The company, (Google, Microsoft, DropBox, Box, etc.) when served with a warrant, can no longer hide behind the physical location of the data to circumvent complying with the order to produce data. And honestly, why would they? Yes, in this case it was Microsoft who brought the suit (and lost), but wouldn’t you trust your own legal team to protect your privacy, not a cloud provider?
US companies are certainly better served hosting the data themselves and making the argument to quash such requests based on legal grounds (again, a fight that your cloud storage provider might not be willing to take on). It’s another reason to just keep your data under your control – in this case, your legal control.
This is an interesting development well worth watching closely.