​Snowden effect? Microsoft hands control of cloud customer data to German ‘trustee’

Or is this Microsoft’s answer to a US warrant for email stored in its Irish data centre?

Microsoft has cobbled together a deal to put telecom giant Deutsche Telekom in control of its Germany-based customer data.

The agreement will see Deutsche Telekom subsidiary T-Systems become Microsoft’s German “data trustee” of all customer data stored in two new data centre regions in Germany, located in Magdeburg and Frankfurt am Main.

Microsoft expects German-based Azure, Office 365 and Dynamics CRM Online services to launch in the second half of 2016.

When it launches, Microsoft’s German customers will need to sign a contract that enables Deutsche Telekom’s T-Systems to act as the data trustee.

“Under the contract, Microsoft will have no access to customer data unless granted by T-Systems or customers,” Deutsche Telekom said in a statement today.

There are heightened concerns over US surveillance in Europe after former CIA hand Edward Snowden revealed details of National Security Agency programs like PRISM. Evidence of this supported the recent European Court of Justice’s ruling to invalidate the EU-US Safe Harbour Agreement, making it much more difficult to legally transfer EU user data to the US.

It is the latest sign of the Balkanisation of the internet and follows Microsoft's recent renewal of a partnership with 21Vianet in China to deliver cloud services through the local intermediary.

The new German contract should also mean data from users of German-based Microsoft cloud services will be more tightly linked to German surveillance and privacy laws than US laws.

“Our new datacenter regions in Germany, operated in partnership with Deutsche Telekom, will not only spur local innovation and growth, but offer customers choice and trust in how their data is handled and where it is stored,” said Microsoft CEO Satya Nadella.

However the new data centres and the data trustee agreement with Deutsche Telekom could be significant to Microsoft as the battle for supremacy in the cloud comes down to latency and data sovereignty.

Microsoft’s new data centres will help it respond to Amazon Web Services (AWS), which announced the launch of a new UK region last week, adding to its Dublin and Frankfurt regions. As AWS CTO highlighted last week, “strong data sovereignty” was one of the the key benefits of the AWS UK region scheduled to come online in late 2016.

Meanwhile, the agreement with Deutsche Telekom could add weight to Microsoft's legal battle with the US government over a warrant that demands Microsoft provide access to email stored in its Irish data centre for a US criminal investigation.

US law enforcement has only asked Microsoft to produce the email online from US soil and has not requested physical access to the Irish data centre. Microsoft has likened the warrant to US law enforcement kicking down the doors of its EU data centres when it lacks the legal authority to do so. It's campaigning for an interpretation of US law that would require authorities there to seek agreement from Irish authorities to access the email.

Read more: Realtime firewall-endpoint links focus, accelerate IT-security response: Sophos exec

US judges have so far supported US government’s authority to issue such a warrant, however if Microsoft faces a similar scenario in the context of German user data, presumably the new contract means Deutsche Telekom will need to grant access to the data.

This broadly fits the ideal trans-Atlantic data transfer rules recently outlined by Microsoft's chief legal counsel Brad Smith in response to Europe's top court killing off Safe Harbour.

"We need to create an expedited process for governmental entities in the U.S. and EU to access personal online information that is moved across the Atlantic and belongs to each other’s citizens by serving lawful requests directly with the appropriate authority in an individual’s home country," said Smith.

Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list.

Get newsletters, updates, events and more right here.

Join the CSO newsletter!

Error: Please check your email address.

Tags Dynamics CRM Online servicesnew dataazureSatya Nadellatelecom​SnowdenAmazon Web Services (AWS)German ‘trustee’deutsche telekomCSO AustraliaOffice 365MicrosoftBrad Smith

More about Amazon Web ServicesAtlanticAWSCSODeutsche TelekomEUMicrosoftNational Security AgencyT-Systems

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts