The Supreme Court announced Oct. 16 that it will hear a case on data privacy that relates to Microsoft’s data centers in Ireland.
The Department of Justice (DOJ) filed a petition last year requesting an en banc rehearing of the 2nd U.S. Circuit Court of Appeals case, which sided in favor of Microsoft that American service providers are not required to honor warrants seeking data outside the United States.
In this case the data the DOJ was asking for belonged to a non-U.S. citizen and was stored in a data center in Ireland.
The DOJ argued that the decision should be overturned because the location of the stored data is arbitrary and not determined by law, the case doesn’t follow precedents, and the decision gives technology companies loopholes in the U.S. law.
Microsoft has been expanding the reach of its overseas data centers by establishing its cloud services in German data centers that have privacy protections in place that ban anyone other than the data trustee, including Microsoft and law enforcement, from gaining access to user information.
Following the 2nd Court of Appeals decision, Microsoft would have no legal trouble establishing these services, according to Stewart Baker, former National Security Agency general counsel and partner at Steptoe & Johnson. If the decision is overturned, the fates of these data centers are uncertain.
The move toward excluding the U.S. intelligence and law enforcement community occurs after a push from Federal officials including NSA Director Mike Rogers, former FBI Director James Comey, and former Attorney General Eric Holder, for companies to leave a “backdoor” in their encryption so that the intelligence community could gain access to data. However, technology and cybersecurity experts said there’s no way to do this without exposing the material to hackers.
The Microsoft data centers focus on attracting clients in the public, financial, or health sector that specifically deal with sensitive data.
“Microsoft’s latest offering addresses companies who need to comply with the most stringent privacy regulations,” said Arthur Kaindl, general manager for Digital Health Services at Siemens Healthcare. “It now enables us and our customers to scale and to successfully implement new business models even broader.”
Baker said that prohibiting law enforcement access to data centers is possible when the facilities are built abroad. Baker also thinks the Federal government is less likely to go after a U.S. company for information than a foreign company.
“I think that Microsoft has a good chance of keeping it out of the hands of the U.S. government,” Baker said last year. “Whether that’s a good idea or whether it exposes the U.S. to more terrorism is a different question.”