[bestbits] Microsoft unveils German data plan to tackle US internet spying

Felipe Sanches juca at members.fsf.org
Fri Nov 13 09:59:00 EST 2015


<This is an intentional repost of the same content. I took the effort
of reformating the article as a pure-text message to aid in the
readability of the content.>

Microsoft unveils German data plan to tackle US internet spying
November 11, 2015 8:46 am

Murad Ahmed in Berlin and Richard Waters in San Francisco

Microsoft will allow foreign customers to hold data in new European facilities
designed to shield customers from US government surveillance, in one of the
most drastic corporate responses yet to the American internet spying scandal.

On Wednesday, the US software company said it was setting up new data
centres in Germany that will be under the control of Deutsche Telekom, the
German telecommunications group. The legal and technical arrangement is
intended to put the data of European government and business customers,
along with millions of citizens, out of reach from US authorities.

Technology analysts say it is a “watershed moment”, describing the manoeuvre
as the first time a major US tech group had accepted its inability to protect
customer data from US governmental over-reach.

Microsoft’s initiative could have a ripple effect across the industry, creating
a tough new privacy standard that customers may soon also demand from
other “cloud computing” providers such as Google, Amazon and Oracle.

Silicon Valley groups are struggling to regain the trust of European customers
in the wake of disclosures by NSA whistleblower Edward Snowden about
widespread internet surveillance by US intelligence agencies.

Mr Nadella told the Financial Times that the effort was designed to regain
the trust of customers which had been lost as a result of the Snowden
disclosures.
“We need to earn both trust of our global customers and operate globally.
That’s at the cornerstone of how we’ve done business and how we will
continue to do business,” he said.

In response, US tech groups have moved to build data centres in European
countries. But many of the region’s customers remain unsatisfied that these
efforts alone can protect against snooping.

“I think Microsoft have come to the conclusion that they can’t get away from
being a US company,” says Carsten Casper, analyst at Gartner, the
research group.
“I find that more honourable than others who try to move their data centres to
Europe to appease customers, but how good is it to have data centres in those
countries if you can access it from abroad with no particular problem?”

Analysts say Microsoft’s concession could complicate negotiations between
US and EU politicians on a new transatlantic data sharing pact known
as “Safe Harbour”. Talks have been faltering for months over the thorny
political issue of surveillance.

Under Microsoft’s German arrangement, T-Systems, a Deutsche Telekom
subsidiary, will operate two new data centre facilities in the country that will
open for business in late 2016. They will be used solely to house information on
Microsoft European customers, who will also be asked to pay more to
store data in this way.

But T-Systems will act as a “trustee” of the facilities, with
Microsoft insisting
its employees will have no access to the data held at the facilities without the
German company’s permission.

The companies believe this arrangement means Microsoft will not have to
respond to governmental demands for information held in these data centres,
forcing official requests to go through German authorities instead.

Germany’s data protection laws, enforced by powerful privacy watchdogs,
are considered to be among the continent’s strictest.

The trustee solution is also a response to Microsoft’s legal battle against
an order from a New York court, which is trying to force the software group
to hand US authorities emails from a US citizen stored on a Microsoft
server in Ireland.

Brad Smith, Microsoft’s president and chief legal officer, has made the case a
centrepiece of the company’s pushback against intrusive government demands
for personal information, pledging to take the case to the US Supreme
Court if necessary.

Executives at rival technology companies are concerned about the
implications of the high-profile case because of the precedent it will set
in the running of their businesses. Microsoft’s German plan would address
this issue, should it lose the case.

But Paul Miller from Forrester Research says the trustee model
is also likely to come under legal attack in the US.

“As with all new legal approaches, we don’t know it is watertight until it
is challenged in court,” he says. “Microsoft and T-Systems’ lawyers are
very good and say its watertight. But we can be sure opposition lawyers
will look for all the holes.”

Last month, Europe gave a stinging rebuke to the transatlantic digital alliance,
scrapping a 15-year pact that allowed US tech companies to ship personal
information about European citizens wholesale to the US.

The European Court of Justice decision to invalidate the “Safe Harbour”
agreement has left thousands of businesses scrambling to change their legal
footing to avoid breaking the law. Europe’s data protection authorities have
given companies until January to find alternative data transfer agreements.

The US and EU are working to secure a new Safe Harbour treaty but analysts
say Microsoft’s decision may strengthen the resolve of EU diplomats who are
holding out for stronger assurances over whether citizens data will be
subsumed into the US surveillance regime.

“I think it will put pressure on negotiators trying to reach a new transatlantic
privacy agreement,” says Mr Casper. “There’s a new piece in the puzzle now.”

source: http://www.ft.com/cms/s/0/540a296e-87ff-11e5-9f8c-a8d619fa707c.html#axzz3r4thbhrI
(paywalled)


More information about the Bestbits mailing list