Microsoft to Offer Cloud Data Beyond NSA Reach

John Lister's picture

Microsoft says its customers in Europe can now store data online in a way US security services can't access. It's a surprising and potentially controversial move from an American technology giant.

The move follows a recent European ruling which means US firms can no longer ignore local regulations on data privacy. According to Microsoft, this affects data customers in 32 European countries connected to Internet-based Microsoft applications, including Office 365.

Data Accessed Only In Specific Circumstances

The data will be stored in two data centers in Germany, controlled by local telecommunications company Deutsche Telekom. Microsoft says it will only access the data in two ways. The first is if a customer gives direct permission.

The second is if Deutsche Telekom gives permission, presumably as the result of a local court order. According to the Wall Street Journal, in this latter situation Microsoft says it will access the data "under supervision." (Source: wsj.com)

National Security Agency Prompts Move

Microsoft is open about the fact that the move is designed to ease the fears of European customers who believe that data stored on US servers is vulnerable to inappropriate surveillance by the US government, specifically the National Security Agency (NSA). A spokesman for Microsoft said that "In Europe, there is fundamental skepticism toward cloud services and transfer of data outside the European judicial area."

It appears the new set-up means the US will be unable to force Microsoft to hand over data belonging to European customers, even though Microsoft is based in the US itself. The data center services are said to be available in the second half of 2016. (Source: reuters.com)

Microsoft isn't the only company rethinking its data handling procedures. Last month a European company struck down a 15-year-old deal known as the "Safe Harbor" arrangement. That meant that any company transferring data from Europe to the US - for example an American company with a European customer - did not have to follow local data privacy laws in the relevant European country.

What's Your Opinion?

Is this a smart move by Microsoft? Is it pandering to paranoia or serving a genuine need? Do you worry about your online data coming under surveillance by governments, particularly if you use a service from a company based in another country?

Rate this article: 
Average: 5 (3 votes)

Comments

Dennis Faas's picture

Does this mean that the NSA won't be able to pry the data if the customer is located outside of Europe (example: North America), while the data is stored in Europe? Surely the service could be easily extended to customers outside of Europe, though with a data center that far away it would most likely mean lags in connection.

Rodney.h53_4744's picture

Any system can be hacked...
I am firmly convinced that if the NSA wants your data... they will get it.

kitekrazy's picture

Said China when it comes to the NSA.

Our founders are spinning in their graves.

Don Cook's picture

How dose this work in Australia?.

Syscob Support's picture

Anyone who believes this also has a 10,000,000 Euro account in the Central Bank of Nigeria.

gi7omy's picture

Does nobody recall the case where a US court ordered Microsoft to hand over e-mails that were stored on an IRISH server.

Apart from that 'Echelon' was a system whereby MI5 snooped on the US and the CIA snooped on the Brits and just swapped information without any problem over 'warrants' (after all they weren't snooping on their own people)