Microsoft must hand over customer data held in Dublin to US government

A landmark court decision for ISPs and IT companies

Microsoft will be forced to hand customer data including bank details and emails to the US government after a search warrant was upheld on Friday, even though the information is stored on a server in Dublin.

The company had challenged the warrant on the basis that the US government should not be able to search information stored entirely on overseas servers.

But a New York Magistrate, Judge James Francis, ruled that Microsoft and other ISPs including Google could not refuse to hand over customer data even if the information was held on foreign soil.

In a blog post following the ruling, Microsoft's deputy general counsel David Howard said: "A US prosecutor cannot obtain a US warrant to search someone's home located in another country, just as another country's prosecutor cannot obtain a court order in her home country to conduct a search in the United States.

"We think the same rules should apply in the online world, but the government disagrees."

Judge Francis ruled that this was true of "traditional" search warrants but not warrants seeking digital content, which are governed by a federal law called the Stored Communications Act.

This comes at a time when trust in information security and data confidentiality is at the forefront of the ICT world following the widely reported Edward Snowden leaks.

Microsoft has been publicly anti "government snooping" and has previously promised to alert customers if they had received requests from third parties to view their data.

Last year, Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft said: "We also will take new steps to reinforce legal protections for our customers' data. For example, we are committed to notifying business and government customers if we receive legal orders related to their data.

"Where a gag order attempts to prohibit us from doing this, we will challenge it in court. We've done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data. And we'll assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country."

The name of the agency who originally issued the search warrant has not been disclosed.

Join the CSO newsletter!

Error: Please check your email address.

Tags GoogleMicrosoftsecuritypublic sectorIT Business

More about CounselGoogleMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Margi Murphy

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place