Microsoft lawyer suggests non-U.S. data storage for overseas users: FT

SEATTLE Wed Jan 22, 2014 9:16pm EST

People visit the Microsoft booth at the 2013 Computex exhibition at the TWTC Nangang exhibition hall in Taipei June 4, 2013. REUTERS/Pichi Chuang

People visit the Microsoft booth at the 2013 Computex exhibition at the TWTC Nangang exhibition hall in Taipei June 4, 2013.

Credit: Reuters/Pichi Chuang

Related Topics

SEATTLE (Reuters) - Microsoft Corp's head lawyer has suggested that overseas customers will be allowed to have their personal data stored in non-U.S. data centers, the Financial Times reported on Wednesday.

It would be the most radical move yet by a U.S. technology company to combat concerns that U.S. intelligence agencies routinely monitor foreigners.

A Microsoft spokesperson declined further comment on the remarks that Brad Smith, Microsoft's general counsel, made to the comments to the Financial Times, which published them on Wednesday.

"People should have the ability to know whether their data are being subjected to the laws and access of governments in some other country and should have the ability to make an informed choice of where their data resides," Smith told the FT.

He went on to say that customers could choose where to have their data stored in Microsoft's wide network of data centers, for example Europeans could specify a facility in Ireland.

The airing of the idea, which Smith did not back up with concrete plans, was the clearest sign so far that Microsoft is worried about the public backlash, especially overseas, to revelations by former National Security Agency (NSA) contractor Edward Snowden that the NSA claimed to directly tap into tech companies' servers to spy on foreign individuals.

Microsoft denies that, and has said that it only hands over customer data when properly requested by intelligence agencies, but an air of mistrust has remained, especially in Europe and China.

If Microsoft follows through on Smith's suggestion, it would mark a departure from U.S. technology companies' largely unified response to the NSA scandal, which has so far steered away from the idea of offering non-U.S. data storage for overseas users.

Microsoft, along with Apple Inc, Facebook Inc, Google Inc, Twitter Inc and others jointly called in December for reforms in the way governments use internet surveillance, lobbying for more transparency and a ban on bulk data collection.

But the companies also backed free access to data and demanded that "governments should not require service providers to locate infrastructure within a country's borders or operate locally."

Offering customers the choice of data centers would be easier for Microsoft than some smaller companies, as it already has a number of storage facilities across the globe.

Smith has in the past written about Microsoft's desire to protect customer data from cross-border snooping by governments, in earlier attempts to soothe overseas concerns.

"We'll assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country," Smith wrote in a blog on Microsoft's site in December.

(Reporting by Bill Rigby; Editing by David Gregorio)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see
Comments (1)
Imoyse wrote:
Interesting when during Microsoft’s Office 365 launch, Gordon Frazer, Managing Director of Microsoft UK, admitted exclusively to ZDNet that the Patriot Act can be invoked by U.S. law enforcement to access EU-stored data without consent. The managing director of Microsoft UK admitted that it would comply with the Patriot Act as its headquarters are based in the US. While it would try to inform its customers before this should happen, it stated that it could not guarantee this. This means that if you do business with a UK subsidiary of a USA based cloud operator who is hosting your data in the UK and you specify that English law applies as well as operating under EU data protection laws, the FBI can still get access to your data. While this had already been suspected, this was the first clear affirmation and is true for any US-based cloud provider.

Ian Moyse

Jan 24, 2014 12:55pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.