Modern field guide to security and privacy

Opinion: Why Microsoft's data access case matters to everyone on the Internet

The ongoing legal dispute between Microsoft and the US government over access to information held in Irish data servers is about more than the company's European business. It's about whether users everywhere can ever trust that their information is safe on the Web.

Jason Redmond / Reuters
Microsoft is currently amid a data sovereignty case, pitting the software giant against the Department of Justice over whether files stored in Ireland fall under US jurisdiction.

Balancing privacy with the rapid advancement of technology is no small task, especially across sovereign borders. But that's the crux of what is possibly the most significant data sovereignty case in the Internet's short history.

Microsoft is in the middle of a dispute with the US government, arising from an investigation in which federal law enforcement sought access to information about a Microsoft account in which the data is stored in Ireland. The fight over the applicability of a warrant highlights the critical need to bring clarity to the issues surrounding the territoriality of data.

Notably, it is important not just for Microsoft’s European business or for the sake of US law enforcement, but for another reason – maintaining users’ trust in technology and the services it enables.

During the dispute, Microsoft produced the address book of the user but challenged the warrant to produce customer’s e-mails. After the magistrate judge upheld the warrant, the company continued to refuse to produce the materials and was held by the district court in contempt. The company appealed, and the last round of proceedings took place on Sept. 9 without resolving the issue.

Most discussions on the topic focused on the legal aspects of the issue. But ultimately this dispute is not one for courts to settle but a policy discussion that will require a statutory fix.

Regardless of the outcome of the case, law and policymakers will have to balance the interests of a range of stakes, most notably those of private citizens, law enforcement, and the tech industry.

Technology and its main byproduct – data – challenge existing notions about territoriality, sovereignty, jurisdiction, and control. Data has great value for law enforcement, industry, advertising, science, and other fields, but its value to the individual is even greater – it is the most personalized and intimate outcome of one’s interaction with technology and the center of trust in the relationship between the individual and technology. A user needs to trust the interlocutor with the data in order to provide it. Once this trust is undermined – regardless of the reason for it – the individual’s interaction with technology might change. If one mishandles the data, they completely mishandle the trust.

In recent years, a constant stream of data breaches, intrusions into government systems, and attacks on service providers have injected fear and paranoia into our interactions with technology. But while cyber-insecurity is slowly chipping away at our trust in technology, the lack of clarity and consensus on rules for government access to data or private communications could lead to the same result.  

Users in whichever county need transparency, predictability, and clarity on what is going happen with their data during its life cycle. Unpredictable situations, such as the issuance of a warrant to seize the contents of an e-mail or an address book, test any rules designed to address data regulation.

Therefore, policies governing transnational data issues must be set and clarified, and not taken with short-term law enforcement, intelligence, or national security goals in mind. Instead, these decisions must take the unique values and sensitivities surrounding data into consideration.

Last week's Safe Harbor opinion from the Advocate General of the Court of Justice of the European Union makes the case in point. A complaint against Facebook that ended up with the CJEU, filed after Edward Snowden's disclosures, argued that the Safe Harbor arrangement does not provide appropriate level of privacy protection. More than 4,000 US companies daily self-certify that they are following EU data protection rules.

The court’s Advocate General now argues that Europeans can't trust that their information in US servers will be safe, citing the systemic deficiencies in the protection of personal data as one of the main reasons. Should the Court agree with the opinion and suspend Safe Harbor, US companies relying on the current mechanism would have to use much more burdensome solutions to prove that data protection significantly hampers their operation.  

By failing to address the novel challenges brought on by the unique character of data and the lack of clarity on when and how private sector actors are compelled to comply with legal requirements around the world, the current situation clearly plays in the hands of those who stand on the side of data localization.  

Protectionism and data localization initiatives are clearly not in the interest of the United States – they go against the stated US policy on open Internet supportive of innovation, hamper the business of global tech companies, and have a potential for significant economic impact. 

The potential loss of confidence in US providers has possible repercussions that go far beyond the monetary costs for individual business. The lack of user confidence in how the industry operates will impact global cloud services and Internet infrastructure providers.

The global Internet has been the enabler of economic growth and innovation in the past two decades. Failure to address uncertainties stemming from its global nature can easily undermine its potential. We could lose as much as $20 trillion of cumulative benefits from information and communication technologies by mismanaging the role of governments vis-à-vis the Internet.

The industry has been striving to enable its users to understand how it handles their data and information. Now it’s time for law and policymakers to augment these efforts by taking into consideration all the equities coming with data. 

Klara Jordan is the associate director of the Cyber Statecraft Initiative at the Atlantic Council think tank. Follow her on Twitter @JordanKlara.


You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Opinion: Why Microsoft's data access case matters to everyone on the Internet
Read this article in
QR Code to Subscription page
Start your subscription today