Microsoft will allow international customers to store their data on servers located outside US borders, Microsoft’s general counsel said Wednesday.
The fallout from documents leaked by ex-Booz Hamilton contractor Edward Snowden made this decision necessary, Brad Smith, Microsoft’s general counsel, told the Financial Times (FT) in an interview at the World Economic Forum in Davos, Switzerland. Customers would be able to specify the location, such as a European company selecting the data center in Ireland, Smith said. A Microsoft spokesperson confirmed Smith’s remarks.
“People should have the ability to know whether their data are being subject to the laws and access of governments in some other country and should have the ability to make an informed choice of where their data resides,” Smith told the FT.
Technology companies are grappling with concerns from their customers—especially overseas ones—on how they are protecting the data from government snooping. While Google and Yahoo have announced plans to encrypt traffic between its data centers, Microsoft’s announcement is the first to give overseas customers the choice of keeping their data out of the United States.
“Our entire industry is concerned that some customers outside the US are feeling less confident with [American] online services today. Technology today requires that people have a high degree of trust in the services they are using…the events of the last year undermine some of that trust [and] that is one of the reasons new steps are needed to address it,” Smith said.
In an older blog post, Smith hinted at what would happen if the government demanded data stored outside the United States. “We’ll assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country,” Smith wrote on the Microsoft Europe blog last December.
In his remarks to the FT, Smith also proposed a new transatlantic agreement to replace the existing Mutual Legal Assistance Treaty to ensure governments would not try to find or retrieve data in each other’s jurisdictions through technology companies. “Secure a promise by each government that it will act only pursuant to due process and along the way improve the due process,” Smith said.
Microsoft, along with Apple, Facebook, Google, Twitter, and others have called for reforms in how governments use the Internet for surveillance and lobbied for more transparency.
Read an article by legal expert Mark Rasch on why as a matter of law non-US persons may enjoy better data protection against NSA surveillance if their data is in the United States.
Fahmida Y. Rashid is an accomplished security journalist and technologist. She is a regular contributor for several publications including iPCMag.com where she is a networking and security analyst. She also was a senior writer at eWeek where she covered security, core Internet infrastructure and open source. As well, she was a senior technical editor at CRN Test Center reviewing open source, storage, and networking products.