Microsoft is challenging a federal search warrant that targets private email communications located in the company's facility in Dublin, Ireland. Microsoft took this action to a higher court after a judge quashed the company's opposition to the warrant in April.
It's an important case that could determine the direction of the cloud for years. That's why Apple, AT&T, Cisco Systems, and Verizon have all filed briefs in support of Microsoft. Google and Amazon Web Services are likely keeping a close watch on this case too.
[ Cloud computing shares resources that were never shared before, creating a new set of risks and demanding a new set of security best practices. Learn about those new security practices from the Digital Spotlight: Cloud Security PDF special report. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
The issue, of course, is not about the specific emails but the bounds of a country's jurisdiction in the cloud, which by its nature isn't in any one nation. Basically, if Microsoft is a U.S. company, do U.S. laws apply to its customer data, even when it exists outside of the United States in company-owned entities? If the answer is yes, perhaps the fears about the use of U.S.-owned cloud-based resources are well-founded. If the answer is no, companies can dodge U.S. warrants by leaving data in cloud data centers that are not on U.S. soil -- even if those data centers are owned by a U.S. company.
I support Microsoft in this case. If I were working with a company that stores my data outside of the United States, no matter if it is U.S.-based or not, I would expect only the laws in the country where the data resides to apply to that data.
You can see why companies with cloud businesses are concerned that the U.S. government's demands for data held abroad could spook potential foreign customers and limit their cloud market.
But the situation is not clear-cut. Some cloud providers replicate data all over the world, including Stateside, so you may not even know where the data is, was, or will be stored. If U.S. law applies to data stored anywhere by U.S. cloud providers, the government could abuse its authority, along the lines of the Edward Snowden revelations. If U.S. law does not apply, U.S. companies could enable bad actors to hide in plain sight, intentionally or otherwise.
It's funny -- and scary -- that the battle for cloud security is playing out more in the courtrooms than in the market. The technology has grown faster than the courts can understand it, but the courts still have to make decisions. Ironically, lawyers may be more important than cloud security managers to the future of cloud security and data handling.
Keep an eye on this case. If Microsoft loses, you may lose as well.
This article, "Last stand? Microsoft fights a U.S. warrant for the future of the cloud," originally appeared at InfoWorld.com. Read more of David Linthicum's Cloud Computing blog and track the latest developments in cloud computing at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.