Microsoft says it will let users choose where data is stored, but things aren't that ...

Microsoft's top lawyer has said the company will let non-U.S. customers choose to have their data stored outside the U.S. On the face of it, this would be a boon for the privacy of the firm's foreign customers. But in reality, privacy advocates should dampen their enthusiasm.

Brad Smith, Microsoft's general counsel, told the Financial Times (subscription required) late Tuesday that a European customer, for example, could select Microsoft's Irish data center for its storage:

'People should have the ability to know whether their data are being subjected to the laws and access of governments in some other country and should have the ability to make an informed choice of where their data resides.'

Firstly, I'm not sure this counts as Microsoft 'breaking ranks' with other big U.S. tech firms, as the article suggests. U.S. firms storing non-U.S. data outside the country is no novelty - it's not purely a latency move for Google, Facebook and Amazon to all have big data centers in Europe, as they do. Many business customers already demand it for compliance reasons.

That said, allowing consumers to demand the same would be a weightier and much more unpredictable affair, so Microsoft's latest move would certainly move the situation on from the status quo. On that basis, it is to be commended.

But there are two big things to bear in mind if you're non-U.S. and hoping Microsoft's storage choice will let you evade the watchful eyes of the NSA:

The Patriot Act: Contrary to what many people believe, the U.S.'s post-9/11 Patriot Act (which largely underpins the current surveillance scandal) does not just compel U.S. tech firms to hand over what's stored on U.S. soil. All that's needed is for the cloud provider to itself fall under U.S. jurisdiction, which Microsoft most certainly does and will continue to do. In order for Microsoft to be able to guarantee that it can't turn European customers' data over to the U.S. authorities, for example, it would probably have to create an entirely separate European Microsoft. Non-U.S. intelligence activities: The NSA has partners, and lots of them. Britain's GCHQ, for one, has been shown through the Snowden leaks to be a very eager consumer of the world's data, merrily tapping into communications that pass through its borders (which covers a lot) and quite likely beyond. And on the national level, even privacy-friendly countries such as Germany have strong intelligence ties to the U.S.

On the second point, it is still fair to say the non-U.S. user will enjoy better legal protections than they would if their data were stored in the U.S. And, as Microsoft has reacted to the NSA scandal by beefing up its encryption efforts, there's a good chance GCHQ won't be able to listen in so easily anymore.

But the first point remains a real problem. As it happens, it was Microsoft itself that broke ranks back in 2011 by admitting, as none of its compatriots had done, that the Patriot Act meant it 'cannot provide those guarantees' regarding data sovereignty. True, at this point it becomes a matter of targeted rather than bulk surveillance, but for many users - particularly those using Microsoft's services for business or other sensitive information - the risk may remain unacceptable.

On this one, the devil will be in the detail. When Microsoft follows through with its location-choice move, it will need to be very clear about what it can and cannot promise.

Related research

Subscriber Content

?Subscriber content comes from Gigaom Research, bridging the gap between breaking news and long-tail research. Visit any of our reports to learn more and subscribe. Gigaom Research predictions for 2014 What you missed in cloud in the third quarter of 2013 Who to watch in the growing European cloud market By David Meyer

Like this post? Share it!

Follow @superglaze or@gigaom for more stories like this.

Get top stories delivered daily. Subscribe

You're subscribed to our newsletter. If you'd like, you can update your settings

Join the conversation

Advertisement

Related stories Verizon's first transparency report sheds no light on NSA data collection

Verizon gave accounts of the subpoenas, security orders and warrants it received and the wiretaps it executed...

Kevin Fitchard Three-strikes laws don't stop piracy, researchers say

Gradual copyright enforcement legislation, also known as three-strikes laws, don't curb piracy: That's the result of a...

Janko Roettgers How should the internet develop after Snowden? New commission aims to find out

The independent, international commission has been set up by two thinktanks, as a way of figuring out...

David Meyer

Lokasi:

Share :

You may like these posts :

• 
  Microsoft invests $15M in Foursquare, licenses location data
• 
  Asus Announces $179 Chromebox Desktop PC
• 
  Microsoft Names Engineering Executive as New Chief
• 
  Sochi Olympics give Adobe's video platform the spotlight