Microsoft: Conflicting data laws could cost tech companies billions

Lots of governments want access to customer data held in data centres around the world. Figuring out when to say 'yes' and when to say 'no' is an expensive legal headache for tech companies.
Written by Liam Tung, Contributing Writer

Microsoft chief legal counsel Brad Smith (above): "Unless governments change course and adopt a new and more international approach, we risk confronting a conflict of law on steroids."

Image: Microsoft

Microsoft is warning that unless the US takes an international approach to government requests for user data, tech companies will face a "conflict of law on steroids" that could cost billions.

The US House Judiciary Committee is holding a hearing on Thursday to discuss the tricky question of what happens when two countries stake a claim on the same data -- most likely being held by a US tech company either in a data centre in the US or, increasingly, abroad.

Microsoft's chief legal counsel Brad Smith will tell the hearing the US needs to seek new international legal processes to handle these requests, rather than relying on domestic laws.

"Unless governments change course and adopt a new and more international approach, we risk confronting a conflict of law on steroids," reads Smith's testimony.

In litigation pending before the Second Circuit Court of Appeals, Microsoft is fighting a US warrant to access data held in its Irish datacenter, which it says should be sought through mutual legal assistance treaties (MLAT).

But there's pressure on US tech companies from other countries too. Apple has criticised the UK's draft Investigatory Powers Bill, which it fears could force it to break US law. Facebook, Google, Microsoft, and others have also opposed it. Similarly Microsoft's Smith points to a new law in Brazil that compels US companies to disclose the contents of communications even if stored in the US.

US tech companies are bearing the brunt of international laws governing law enforcement access to data. As Gregory Nojeim, a senior counsel at Washington group, the Center for Democracy & Technology, pointed out: "The volume of data demands coming into the US from foreign governments far exceeds the volume of demands made by the US."

However, the US Justice Department is also worried by the rise of data centres owned by US companies abroad and what that means for its investigative capabilities.

"Even Americans who live in the United States can effectively choose to have their account data stored abroad by doing no more than choosing a desired country from the drop-down menu on the sign-up form," reads a testimony by David Bitkower, principal deputy assistant attorney general of the Justice Department's Criminal Division.

Bitkower points to several instances in which the Stored Communications Act and access to data stored abroad by a US company had helped US authorities respond to terror and criminal cases.

"Preserving the ability to investigate regardless of the physical location where data may be stored is essential to the department's mission and ensuring the safety of the American people," he says.

Microsoft's Smith points out that article 43 of Europe's new General Data Protection Regulation will make it illegal to comply with a US warrant that hasn't gone though a MLAT. Any breach of that law could result in a fine of up to four percent of a company's global revenues.

"The math is simple. Unless this problem is solved, we're talking about potential economic damages to the US tech sector of billions of dollars per year, beginning in 2018," says Smith.

Microsoft appears to be preparing for these conflicts to remain unresolved in the near future, having recently announced two new Microsoft data centres in Germany, which are controlled by Deutsche Telekom and would require any request for access to go through it rather than Microsoft.

Read more about Microsoft and data sharing

Editorial standards