Microsoft’s subpoena: Is non-US cloud safe from the Patriot Act?

In April 2014, a federal judge ordered Microsoft to release a customer’s information from their Dublin data centre. This raised concerns over the privacy of cloud-stored data and the seemingly unbounded reach of the US government outside of American soil.

This was the first instance of the US government demanding access to data stored outside of the United States. It made headlines for the fact that even tech giant Microsoft is not exempt from the long arm of the Patriot Act.

Back in January 2014, Microsoft announced that it planned to allow enterprise users to decide where their data was held, either in its US cloud or in their new Dublin data centre. This indicated that there were doubts over the privacy of US-based cloud data, and suggested that Microsoft considered their European data centre safer from potential investigation by US authorities.

However, in April 2014, US Magistrate Judge James Francis ruled that ISPs and cloud vendors, including big brands like Microsoft, Google and Amazon Web Services, must comply with the US’s post-9/11 Patriot Act and hand over, when requested, customer information even if that data resides outside of US borders.

In fact, all that is required is for the cloud provider itself to fall under US jurisdiction and that staff within the US have access to the data.

This is alarming for non-US customers that host their data with US-based cloud providers. Even if their data is stored locally (outside of the United States), it is potentially still vulnerable to surveillance by US government under this ruling. The only way for non-US cloud customers to guarantee their data is private is to choose a non-US cloud provider.

HighQ is a registered UK company with data centres in Europe, the US and offshore (with data centres in Australia, Canada and the UAE set to open in summer 2014).

HighQ’s customers can choose which jurisdiction their data is held in, and ensure that none of our US staff have access to any data held outside of the United States. This guarantees that non-US customer data is entirely protected from US laws.

While the world waits for the outcome of the Microsoft case, it has certainly brought to light the importance of understanding the law surrounding data jurisdiction, and how vital it is for cloud customers to carefully consider which provider you choose to best protect your data.


Susanna James

Manager of Demand Generation at HighQ
Susanna specialises in social business and content marketing. Her expertise lies in helping companies streamline the way they work and improving how they collaborate through enterprise technologies and social tools.

 Twitter  Google +  LinkedIn

Related posts

Hybrid cloud and encryption key management: Added data security for enterprise cloud

Back in 2010, Forrester Research predicted that by 2015, security would shift from being the number one inhibitor of cloud to one of the top enablers. This prediction has proved to be correct, as enterprise cloud has now become one of the most secure ways to store and share data. […]

What’s the difference between public, private and hybrid cloud?

A guest post by Dejan Lukan of InfoSec. It’s well known by now that the cloud is here to stay and it’s important to familiarize yourself, as well as users, by reading up on the subject and experimenting! […]