Microsoft

Ruling against Microsoft has consequences for all US businesses

A US District Court ruling that Microsoft must surrender data will have ramifications for US tech companies trying to do business around the world.

Conducting business on a global scale requires navigating different cultures and customs, plus dealing with different political and legal expectations from one region to the next. It also means that the cultures, customs, politics, and legal expectations of your home nation can impact your ability to do business, which Microsoft and other US companies are beginning to learn firsthand.

It would be nice if business was just business and could be separated from politics and culture, but that is often not the case -- especially for companies that deal in technologies that conflict with regional laws or industries with the potential to compromise national security for the customer's country. Those concerns have led the US government and US businesses to question the motives of Chinese companies, like Huawei and ZTE, and block the acquisition of Sourcefire by Check Point.

Now, the shoe is on the other foot. A federal judge ruled that Microsoft must comply with a US warrant for customer data stored in a company datacenter in Ireland. This ruling has a widespread and negative impact on the US technology industry, particularly for cloud companies.

The European Union has a different perspective on privacy and has been much more aggressive in defending personal liberty rather than caving to paranoia to justify infringing on those liberties. The difference in culture was demonstrated recently when Google and other companies were ordered to comply with the "right to be forgotten." When US laws and policies conflict with the privacy expectations of other nations, businesses in those countries are reluctant to do business with US companies.

"As a result of the District Court ruling last week in the Microsoft case, coupled with the NSA PRISM program, US policy is having a serious negative impact on the ability of US technology companies to compete in the global market for cloud-based services and infrastructure," proclaimed Carson Sweet, cloud and data security expert and CEO of CloudPassage. "Cloud computing is likely the largest technology disruption of the last 20 years, and cloud providers are seriously hampered, particularly in Europe, by recent US policies and legal rulings."

If companies can't be confident that their data is secure, that the US government isn't spying on it and doesn't have the legal authority to demand access to it, they will choose to do business with companies that aren't based in the US.

Sweet explained, "As we've worked with EU-based enterprises on cloud security, we've seen a marked drag in public cloud IaaS (Internet-as-a-Service) adoption as the result of privacy concerns. Most of our international customers lean toward private cloud adoption as a result, and many are waiting for non-US-based cloud providers before adoption public cloud IaaS."

The irony for Microsoft is that complying with US law might violate EU law at the same time. It's a tough position for a company like Microsoft to be in -- a pawn in an ideological struggle that should really be worked out between the governments. It seems like a no-win scenario for Microsoft, and the fallout of the Microsoft case just adds to the damage already done by NSA PRISM and the Snowden revelations. Ultimately, the US reputation as a surveillance state is affecting the ability of US companies to function around the world.

Get the latest information about Microsoft, including some tips and tricks, by automatically subscribing to TechRepublic's Microsoft in the Enterprise newsletter.

About

Tony Bradley is a principal analyst with Bradley Strategy Group. He is a respected authority on technology, and information security. He writes regularly for Forbes, and PCWorld, and contributes to a wide variety of online and print media outlets. He...

27 comments
ronald44181000
ronald44181000

This has happened many times here in Canada for a long time now especially since the creation of the U.S. Department of Homeland Security after 911.

One of these day's the U.S. is going to push to far and they're going to get a collective kick in the teeth as people here are  getting fed up with it. What the U.S. Government forgets is they need us just as much as we need them. It wouldn't take very much for the Canadian Government to shutdown the U.S. Economy for an extended period to show their displeasure and the U.S. Congress would be powerless to do anything about it. Especially if it were done in the winter months as close to 50 million Americans would be freezing their asses off within a few day's.

Eamon_Walsh1
Eamon_Walsh1

You're probably using a social app, or your mobile device to comment here; even re-tweeting your friends how you don't use cloud. For all you know this blog or an app near it are tapping into every privacy data and even your location as 'you' have permitted them to do so. Cloud is inevitable. The key is to be aware of security threats, knowing your sensitive data, writing good service level agreements (SLA) around the integration points and 'transparency'. There'll always be govt. policies, but YOU have to know and take ownership of this data. More about cloud based data protection services here http://ibm.co/1rP5o5q

info
info

A lot of Western countries are getting in on this act, not only for the Cloud, but for laws in general. For instance, when my parents took me to Germany back when I was sixteen, the first thing I did was to have a beer. I was above the legal drinking age in Germany. Were I to do that today, I wouldn't be surprised to be arrested as soon as I set foot on home soil for 'underage drinking'.


They're basically saying that the laws of that country don't reply apply (or are good enough) for the citizen's country... Where would things go from there? Extradition? It's too bad Common Sense is being conveniently forgotten in all of this.

Pekka Niikkonen
Pekka Niikkonen

I'm sorry but this just bullshit. I really second the line fro the articled "It would be nice if business was just business and could be separated from politics and culture, but that is often not the case"

Jeff Gebhart
Jeff Gebhart

Hate to break it to you, Geno, but you're using the cloud right now...

Shawn Quinn
Shawn Quinn

The US is ideologically almost identical to China now.

Pronounce
Pronounce

WTO Rules United States Violated International Law

When the WTO world court ruled on the filing, they supported Antigua’s claims and said the US federal government was violating agreed-upon international laws, including a treaty signed by the US government meant to regulate international commerce. Since the WTO ruling came down in 2006, every attempt by US authorities to reverse the decision have been rebuffed.

At the same time, the United States government has shown no willingness to repay the $21 million in annual damages the World Trade Organization believes the US owes. These days, the total unpaid liability is almost $150 million.


“Might Makes Right”, Says Antigua

Since the US has waited nearly 10 years to pay its fines, the WTO has authorized Antigua to collect damages using other means. One of these means is to offer royalty-free downloads of US intellectual property, including music downloads, television programs, and movies.

Antigua’s statement before the WTO’s DSB on Friday stated that the case gives ammunition to critics of the global trade agreements who say it is a sham, because binding global trade laws only follows the natural law of “might makes right“.


The above quote is taken from a recent online article in regards to an international ruling against the US and the US' refusal to obey international law. Is it any wonder that the world-at-large has a negative perspective in regards to the US government.


Not until the US economy becomes globally irrelevant will this bullying nature change.

Patrick Clark
Patrick Clark

This is why your cloud computing is a bad idea. Keep your data on your servers in your data center. The idea to consolidate your data is only a ploy to get your data out in the cloud for easy access. Cheaper is not Always better.

Van Jump
Van Jump

Time to relocate to Canada

Kenneth Kendall
Kenneth Kendall

And here comes big brother again, trying too stick it's nose into things that they can barely comprehend. It's funny how they want to be able to snoop threw every ones business, but an agent for the FBI (in the cybercrimes division) addressed our school, and informed us that "We are seriously understaffed to handle all of the reports we receive." speaking of cyber crimes. Maybe if the CIA wasn't so busy with Bullshit and trying to spy on everyone and put other regimes in place threw out the world, they might find a means of better protecting us, the people, from cyber crimes.

cduance
cduance

I imagine that as there are at most only 300 million potential users in the US and up to 6.7 BILLION potential users outside of the US then it might seem like an interesting proposal to put to the judge that Microsoft HQ and the company register outside the US?

sysop-dr
sysop-dr

The way I understand it is that even though the company tht holds the data (Microsoft Ireland) is a separate company from Microsoft US it is controlled by Microsoft US and so is ruled by the court to be a part of Microsoft US since the control is from Microsoft US. So even though the data is not in the US and the client in question is not a US citizen they still have to hand over the data.

Time for them to move their companies completely out of the US. 

williams_jh
williams_jh

So if the USA can reach in to servers hosted abroad by a US company. What implications doe this have for the U.S.-EU & U.S.-Swiss Safe Harbor Frameworks that were set up under the EU's 1998 Directive on Data Protection?

In this case, as the servers as hosted in the EU, Microsoft should ask the EU Courts for their ruling on the matter.

simonschilder
simonschilder

Office365 anyone?

So glad we chose Office 2013 when we had to make that decision. 


buchajaa
buchajaa

I wonder how long the big money makers will take before a higher judge is told to overturn that ruling.  After all, they are the biggest losers in regards to money and they do not want to lose control of all that cash.  I'm glad I haven't anything in the cloud as of yet.  But when I do it will be with a foreign country, not even Canada.

But then again if they want to set up a world government and have control of it, they have to start somewhere.

Recoconnav
Recoconnav

As I understand the ruling, the court has ruled that a US company must comply with other countries laws that protect privacy to a greater extent, particularly from  US government monitoring or spying. If only such a ruling protected our companies and citizens from government snooping.


As I see it, the answer is straight forward; companies should comply with the laws of other countries that protect privacy of individuals or ours, whichever are stronger. Thus, for a company to give up private data stored in the US it should first receive a US court warrant.

If a US company has servers in a foreign country and data is requested on citizens of that country in accordance with that countries laws, it should comply. But it the request would involve US citizens it should comply with US laws and any treaties the US is party to.


Have I missed anything? Any help would be appreciated as pettifoggers can be so confusing.

k1p2k1p2
k1p2k1p2

Can't the data, or the cloud just evaporate before it's time to surrender to the Wicked Witch?

dawesi
dawesi

I think this ONLY has ramifications for business with a US registered company, and will lead to many companies with a US presence withdrawing so that they have no jurisdiction over international borders.


Microsoft should split it's companies into different slabs in each country, that way the US court would have no power to demand data of a non-us company, even if their laws pretended it did.

Putting servers on your own property wouldn't stop this. Just look at dotcom. The USA got New Zealand to change it's laws to get to his servers. At the end of the day without government approval the USA's laws have little to no effect on other countries.

llsdigitek1350
llsdigitek1350

Another vote for having your own servers on your own property!

Tony_Bradley
Tony_Bradley

@simonschilder  -- Why? I don't understand this comment, really. I have Office 365. That means I am using the exact same Office 2013 as you are. The difference is that when Office 2015 or Office UberNew or whatever they call it comes out, I will have the latest release and you will still have Office 2013. There is nothing inherently cloud-based or owned by Microsoft about Office 365. It's just a different business model for buying the same thing you're already using.

alfred
alfred

@Recoconnav I think you have got the wrong end of the stick. The US judge ruled that data held in Ireland must come under US law because Microsoft is a US company. European law applies in Ireland and provides much better privacy protection. Microsoft in Ireland or elsewhere in Europe must comply with European law. If the US can really justify getting some information from Microsoft (Ireland) there is a mechanism by which the US government can ask the Irish government to get that data released. The US must justify their needs to the Irish government not just say we want it.


Companies in US are buying companies where the tax is less and then using inversion so that they are no longer liable for tax in US even when the US is their major customer. Perhaps if Microsoft , Twitter, Facebook and the others did this then the rest of the world would be better able to trust them with their data. As things stand those outside US will be seriously considering that their data is not safe with a US company

sasadler
sasadler

@llsdigitek1350 

Yep, I won't touch any of the cloud services for any important data (Steam games are not important!).  All of my important data is on encrypted systems/disks that I control directly, and that is not going to change.

Editor's Picks