Your data security, in the cloud and elsewhere, got weaker today.
U.S District Judge Loretta Preska ruled today that Microsoft must turn over a customer’s emails that are stored in Ireland. (see: U.S. Judge Rules Microsoft Must Produce Emails Held Abroad)
Whether your data is stored in the U.S. or controlled by a U.S. company, it is subject to seizure under by the U.S.
The ruling has been stayed pending an appeal to the 2nd U.S. Circuit Court of Appeals.
The Digital Constitution (MS) has a great set of resources on this issue:
Along with briefs filed by others:
More resources and news will appear at the Digital Constitution so sign up for updates!
The legal dancing in the briefs may not interest you but the bottom line is this:
If data can be seized by any government without regard to the location of the data, the Cloud is effectively dead for anyone concerned about data security.
You may store your data in the Cloud on European servers due to greater privacy protection by the EU. Not a concern for U.S. courts if your data is held by a U.S. company.
You may store your data in the Cloud on U.S. servers but if the Chinese government wants to seize it, Judge Preska appears to think that is ok.
Congress needs to quell this security thunderstorm in the Cloud before it does major economic damage both here and abroad.
PS: Many thanks to Joseph Palazzolo (WSJ) for pointing me to the Digital Constitution site.