Must Read: Google Glass 2 wish list: Allow us to turn it off

Topic: Government US

Microsoft admits Patriot Act can access EU-based cloud data

Summary: Microsoft's U.K. head admitted today that no cloud data is safe from the Patriot Act, and Microsoft can be forced to hand EU-stored data over to U.S. authorities.

Zack Whittaker

By for iGeneration |

LONDON -- At the Office 365 launch, Microsoft U.K.'s managing director Gordon Frazer, gave the first admission that cloud data -- regardless of where it is in the world -- is not protected against the USA PATRIOT Act.

After a year of researching the Patriot Act's breadth and ability to access data held within protected EU boundaries, Microsoft was the first cloud provider to openly admit it.

The question put forward:

"Can Microsoft guarantee that EU-stored data, held in EU based datacenters, will not leave the European Economic Area under any circumstances -- even under a request by the Patriot Act?"

Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based).

Though he said that "customers would be informed wherever possible", he could not provide a guarantee that they would be informed -- if a gagging order, injunction or U.S. National Security Letter permits it.

He said: "Microsoft cannot provide those guarantees. Neither can any other company".

While it has been suspected for some time, this is the first time Microsoft, or any other company, has given this answer.

Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities. 

Last week, Microsoft opened up its Online Services Trust Center which explained in great detail how data was managed, handled and if necessary, handed over to the authorities.

Related content:

Also read ZDNet’s Patriot Act series:

Topics: Government US, Collaboration, Government, Government UK, Microsoft, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

90 comments
Log in or register to join the discussion

  • RE: Microsoft admits Patriot Act can access EU-based cloud data

    There is no surprise here, you are reporting on activities that have been going on since 2004. The only difference between outsourced and cloud exposure is that, when your data is in a specific datacenter, you at least know who might get access to it. If you have stuff in an IBM DC in Germany, you know who can look at it:
    - US (all Federal agencies via Patriot Act)
    - Germany (Bundespolizei and Bundeskriminalamt)
    - EU (Interpol and 17 associated organizations).

    But in the cloud, you really have no idea where your data resides, it could be sitting on a server in Shanghai, which means that any number of Chinese local and national groups could demand access, including the PLA. Once again, you have no idea if such access is happening, because the hoster is prevented from informing you.
    terry flores
    Reply Vote

    • RE: Microsoft admits Patriot Act can access EU-based cloud data

      @terry flores That's not true. Every cloud-based service I've used has been very upfront about where my data is stored. I have server in GoGrid's California data centre, and many cloud backup solutions not only let you choose with cloud storage provider to use, but also which of those provider's data centres (e.g. Amazon's UK data centre).

      Not all vendors provide this information, but many (if not most) do.
      dereksilva
      Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        @dereksilva
        Yes, that's true, but if Amazon's UK data center goes down, your data will be in another data center, possibly in a different country or even continent. Your provider doesn't ask you where to DR your data, they ask where to store your data. There's a difference.
        swmace
        Reply Vote

      • Derek's right..

        @swmace

        You are talking tosh. AWS' datacenter is in Ireland and they are very public on the fact that they don't move your data from where you put it. The US East problems a month back prove that.
        notanothercomment
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        @dereksilva

        [i]Every cloud-based service I've used has been very upfront about where my data is stored.[/i]

        I think you misunderstood. What "the hoster is prevented from informing you" is the fact a government agency is snooping your data. The OP is right.




        :)
        none none
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        @dereksilva
        The exception would seem to be Google, who persist in refusing to define where your data is stored. It may be that they really don't know, because the storage is all virtualised and striped across continents. That might be good engineering, but as usual they ignored the need to think about privacy and data protection laws.
        A.Sinic
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        I was under the impression my data is stored in EU and subject to EU laws. Hosting providers should be more transparent as to exactly who can access the data, just out of respect to their customers.
        Johnath
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        @notanothercomment<br><br>You might (though probably won't!) be interested to know that in Ireland, the Gardai (the Irish police) can access pretty much everything in Irish jurisdiction on the say-so of a senior officer. Asking a Judge is not even necessary; it's a hang-over from legislation used against the IRA and other paramilitary groups there in the past. <br><br>For such a small police force (less than 12,000 officers in total), they have an uncanny knack of finding out everything there is to know about a person of interest, from what they had for breakfast this morning, to whose pencil case they stole in 4th grade, to their preferred <a style="color: #252525; text-decoration: none; cursor: text;" href="http://www.thebadbreathreport.com/" >bad breath cure</a>, to how many holes are in their blue and red pair of socks! <br><br>And G2, the military intelligence branch of the Irish Defence Forces (the official title of the Irish Army), doesn't EVEN need a senior officer to okay things; they just ask (or, rather, TELL) and they get.<br><br>That's the case in a tiny democratic European country; just imagine what shenanigans the larger democratic (and not so democratic) countries are up to!
        Jimmy Murphy
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        Countries will need to draft their own laws to prevent Microsoft doing this or it'll be game over for the Cloud. Microsoft may need to assist sovereign counties in this regard. As the owner of Microsoft Partner Company I would not advise any of my customers to trust their data to the United States Government. Even people living in the United States, with good reason, don't trust their own government. Those of us who live in countries outside the United States definitely don't trust them. At least we from <a href="http://www.ehescheidung-jetzt.de"><font color="black">Scheidung Online</font></a> in Germany don't.
        manfredheineken
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        @dereksilva that's true, but if Amazon's UK data center goes down, your data will be in another data center, possibly in a different country or even continent. Your provider doesn't ask you where to DR your data, they ask where to store your data.
        fise
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        @dereksilva Bogus
        Todd Lillitch
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        That's right Zack, I was thinking almost the same thing. Thanks for sharing the links to more details. It was quite helpfull and if you ask me nobosy will ever give guarantees for the next 10 years less.
        <a href="http://book-villas.com/">Book villas</a> online from my travel guide for your desired summer holiday and <a href="http://book-homes.com/beach-vacation-resort">beach vacation resort</a>.
        stephanysun
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        @dereksilva Indeed. I'm agree with derek when he said: Not all vendors provide this information, but many (if not most) do.

        In fact, I believe that companies be more transparent and provide this kind of information..

        It's about customer respect then customer loyalty.

        Renan from <a href="http://www.ideiadepresentes.com">Dicas de Presentes</a> share love. share knowledge.
        Rafaelfernandez22
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        @dereksilva very interesting... this is what i think, a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities. <a href="http://www.shellacnailpolish.org">Shellac</a> and <a href="http://www.sulfate-free-shampoo.org">Sulfate free</a>
        hannah222
        Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        @dereksilva

        This kind of thing is why I don't see cloud computing being completely practicle at the moment. Businesses do not want their sensitive business information being compromised due to vulnerabilities and limitations associated with cloud computing. And of course people do not want their personal information and files floating about in the cloud ready to be taken advantage of by computer exploits etc.
        Until they can create a cloud network that is truely 100% secure I really don't see it being adopted any time soon on a significant level. And as mentioned in this article, litigation makes it such that this information is never truely protected.
        On a more positive note at least Microsoft admitted to it unlike other firms that do whatever they can not to give an answer to these types of questions.
        M4ylee
        Reply Vote

    • RE: Microsoft admits Patriot Act can access EU-based cloud data

      @terry <a href="http://www.qoxy.com">webhosting</a><br><br>Pretty much what it says on the tin. If it's stored on a cloud service controlled by a US company, the data can be seized under US law.
      justinsg21
      Reply Vote

    • RE: Microsoft admits Patriot Act can access EU-based cloud data

      @terry flores Definitely an issue if you are dealing with sensitive data. Privacy is always under attack these days and personal details of individuals are a commodity to certain groups both legal and otherwise. Cloud hosting has issues that should be addressed seriously in law and legislation and because of the very nature it must be addressed on a global level as no one nations laws would stop the trafficking of sensitive data on an international stage. I need to store data for my <a href="http://www.ozbootcamp.com.au" style="color: black; font-weight: normal; text-decoration: none ! important; background: none repeat scroll 0% 0% transparent ! important;">Bootcamp Sydney</a> clients. But there is no way I am willing to compromise with cloud hosting at this point.
      npmfitness
      Reply Vote

      • true story bro

        grwsxwgt
        abadok
        Reply Vote

    • RE: Microsoft admits Patriot Act can access EU-based cloud data

      @terry flores
      Surely these companies that supply cloud servers should comply to the local legislation of the country that they reside.
      paulmillard
      Reply Vote

      • RE: Microsoft admits Patriot Act can access EU-based cloud data

        @paulmillard of course they comply with the legislation of the countries they reside in. The problem is the governments of these countries and their post 9/11 treaties with the various intelligence agencies.
        s_jarmin
        Reply Vote
CNET Join | Log In | Privacy | Cookies Close