When Microsoft touts its Azure platform and the overall benefits of the intelligent cloud, it is inherently promoting the idea that data in the cloud is accessible on a global scale. While that concept is often considered as a positive for enterprise businesses, it is also a practical nightmare for governments. In the United States, for example, the legal framework that allows law enforcement to access Americans' electronic communications in servers located in other countries is more than 30 years old, inadequate, and woefully outdated.
The International Communications Privacy Act (ICPA), a bipartisan bill working its way through the US Congress, attempts to modernize and codify when and how law enforcement officials can gain access to communications and other data existing in the cloud and by extension, on servers located outside the United States. Microsoft and other high-profile tech companies have been quick to praise the bill and have openly lobbied for it to become the law of the land.
But why is the tech industry so enthusiastic about the ICPA--and what does this potential law mean for your privacy?
SEE: Microsoft Azure: What IT and business leaders need to know (TechRepublic PDF)
What is the ICPA?
The ICPA would allow a government agency with a properly issued court-approved warrant to access the electronic communications of US citizens and certain foreign nationals wherever those communications are stored. The law would compel providers of electronic communication services or remote computing services to disclose the contents of communications despite what laws from another country might apply to the data because of where it is physically stored.
A key secondary provision of the law would also require law enforcement to notify other countries of such data collection on their citizens in accordance with their specific laws. It is this secondary provision that has drawn such overwhelming support from Microsoft and the technology industry.
Why the tech industry support?
The enthusiastic support for the ICPA by the tech industry can be summarized in one word: clarity. This new law would relieve service providers like Microsoft from potential conflicts over which country's law to apply and comply with in certain circumstances. The ICPA would require Microsoft and others to comply with the ICPA and shift the burden of complying with another country's laws regarding privacy protection to the law enforcement agency enforcing the warrant.
Service providers of global multinational cloud services could effectively wipe their hands of any legal obligations that went beyond complying with the warrant requesting information. Any conflicts regarding privacy and more stringent foreign laws would be handled at the government level--Microsoft would be off the hook.
What does the ICPA mean for your privacy?
It is important to make one thing clear: With regard to electronic communications, the International Communications Privacy Act does absolutely nothing to improve or secure the privacy of US citizens. In fact, in many respects, it reduces privacy protections.
Enterprises taking advantage of Azure and other cloud services won't be able to count on the laws of other nations to protect their communications data. The ICPA essentially infers citizenship status on data. If an email was written by a US citizen, it is subject to the provisions of the ICPA regardless of the location of the physical server it is stored on.
SEE: Microsoft Universal Windows Platform Expert Bundle (TechRepublic Academy)
For service providers like Microsoft, this legislation would greatly simplify their procedures and clarify their obligations and potential liability. The ICPA provides certainty in an uncertain world--at least from their perspective. The rest of us may have to live with a bit more uncertainty, however.
- Big data privacy is a bigger issue than you think (TechRepublic)
- Privacy issues abound as UK passes controversial "snoopers' charter" (TechRepublic)
- Google pitches new legal framework for cross-border data handling (ZDNet)
Microsoft obviously likes the IPCA, but do you? Share your thoughts and opinions with your peers at TechRepublic in the discussion thread below.