Remember that court case where Microsoft sued the US government over a warrant to collect someone’s cloud data? Well, it’s over and the result isn’t good for anyone who likes to keep their documents, databases, photos or emails private.
The case was about data saved on Microsoft’s cloud service in Ireland. The US government wanted to see that information while Microsoft argued it was outside the USA and not subject to US laws. The US Supreme Court was to hear the case until Congress intervened.
The Cloud Act (Clarifying Lawful Overseas Use of Data Act) confirms the past practice of the US government. The act gives the government the right to access data of US citizens stored anywhere in the world, on servers run by a US company.
For Microsoft’s customers that means the US government can view, without your knowledge, anything saved on OneDrive, Office 365 hosting (Sharepoint, Email etc), Office recent documents list, searches done on Bing or Office services and a lot more.
There’s now a procedure for dealing with data requests that might conflict with the data protection laws of other countries. Those conflicts were a problem for tech companies who were in the middle of a legal fight between governments.
Out with the old warrant, in with the new
The immediate result of the Cloud Act is that the long-running case of United States vs Microsoft Corp is now irrelevant or ‘moot’ as lawyers say.
The US Dept of Justice withdrew the warrant for the Irish based data; the old warrant that caused the case in the first place. And issued a new warrant, under the Cloud Act, for the same data.
Everyone is happy, except customers
This appears to be the result Microsoft wanted from the original case. Microsoft and other tech companies didn’t really want to protect their customers data from government reach. Instead they wanted a law which allowed them to hand over private information with a firm legal justification.
The Cloud Act gives both the tech giants and the US government what they wanted with customers (individual and corporate) open to intrusion.
No public warrants, no genuine oversight, no notice to the people affected. All very convenient to Microsoft, Google, Apple and the US government.
This isn’t anything new. It seems to formally legalize the government snooping on people and organizations that has been happening for at least two decades.
The Patriot Act also applies to anything on the Internet that passes through a US based company, however briefly. See Privacy, Law and Cloud Storage.