Eric De Grasse / Chief Technology Officer
11 November 2015 – Microsoft has moved to dispel European mistrust of U.S.-operated cloud services by unveiling a German data plan to tackle U.S. internet spying. The following review from today’s Financial Times (with permission):
Microsoft will allow foreign customers to hold data in new European facilities designed to shield customers from US government surveillance, in one of the most drastic corporate responses yet to the American internet spying scandal.
On Wednesday, the US software company said it was setting up new data centres in Germany that will be under the control of Deutsche Telekom, the German telecommunications group. The legal and technical arrangement is intended to put the data of European government and business customers, along with millions of citizens, out of reach from US authorities.
“These new data centre regions will enable customers to use the full power of Microsoft’s cloud in Germany and ensure that a German company retains control of the data” said Satya Nadella, chief executive of Microsoft, at a press conference in Berlin.
Technology analysts say it is a “watershed moment”, describing the manoeuvre as the first time a major US tech group had accepted its inability to protect customer data from US governmental over-reach.
Microsoft’s initiative could have a ripple effect across the industry, creating a tough new privacy standard that customers may soon also demand from other “cloud computing” providers such as Google, Amazon and Oracle.
Silicon Valley groups are struggling to regain the trust of European customers in the wake of disclosures by NSA whistleblower Edward Snowden about widespread internet surveillance by US intelligence agencies.
In response, US tech groups have moved to build data centres in European countries. But many of the region’s customers remain unsatisfied that these efforts alone can protect against snooping.
“I think Microsoft have come to the conclusion that they can’t get away from being a US company,” says Carsten Casper, analyst at Gartner, the research group. “I find that more honourable than others who try to move their data centres to Europe to appease customers, but how good is it to have data centres in those countries if you can access it from abroad with no particular problem?”
Analysts say Microsoft’s concession could complicate negotiations between US and EU politicians on a new transatlantic data sharing pact known as “Safe Harbour”. Talks have been faltering for months over the thorny political issue of surveillance.
Under Microsoft’s German arrangement, T-Systems, a Deutsche Telekom subsidiary, will operate two new data centre facilities in the country that will open for business in late 2016. They will be used solely to house information on Microsoft European customers, who will also be asked to pay more to store data in this way.
But T-Systems will act as a “trustee” of the facilities, with Microsoft insisting its employees will have no access to the data held at the facilities without the German company’s permission.
The companies believe this arrangement means Microsoft will not have to respond to governmental demands for information held in these data centres, forcing official requests to go through German authorities instead.
Germany’s data protection laws, enforced by powerful privacy watchdogs, are considered to be among the continent’s strictest.
The trustee solution is also a response to Microsoft’s legal battle against an order from a New York court, which is trying to force the software group to hand US authorities emails from a US citizen stored on a Microsoft server in Ireland.
Brad Smith, Microsoft’s general counsel, has made the case a centrepiece of the company’s pushback against intrusive government demands for personal information, pledging to take the case to the US Supreme Court if necessary.
Executives at rival technology companies are concerned about the implications of the high-profile case because of the precedent it will set in the running of their businesses. Microsoft’s German plan would address this issue, should it lose the case.
But Paul Miller from Forrester Research says the trustee model is also likely to come under legal attack in the US. “As with all new legal approaches, we don’t know it is watertight until it is challenged in court,” he says. “Microsoft and T-Systems’ lawyers are very good and say its watertight. But we can be sure opposition lawyers will look for all the holes.”
Last month, Europe gave a stinging rebuke to the transatlantic digital alliance, scrapping a 15-year pact that allowed US tech companies to ship personal information about European citizens wholesale to the US.
The European Court of Justice decision to invalidate the “Safe Harbour” agreement has left thousands of businesses scrambling to change their legal footing to avoid breaking the law. Europe’s data protection authorities have given companies until January to find alternative data transfer agreements.
The US and EU are working to secure a new Safe Harbour treaty but analysts say Microsoft’s decision may strengthen the resolve of EU diplomats who are holding out for stronger assurances over whether citizens data will be subsumed into the US surveillance regime.
“I think it will put pressure on negotiators trying to reach a new transatlantic privacy agreement,” says Mr Casper. “There’s a new piece in the puzzle now.”
