Kudos to Microsoft: Fighting US attempt to access emails at Dublin data centre

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Earlier this year, a US judge ordered Microsoft to hand over details of a customer’s email conversations.

Why so controversial? Because the contents of those emails were stored on servers located in Dublin, Ireland.

Check out this video that Microsoft published yesterday. It’s the latest salvo in Microsoft’s PR campaign to protect the privacy of its users from over-reaching governments.

Sign up to our free newsletter.
Security news, advice, and tips.

The above video summarises Microsoft’s objections clearly:

“Microsoft is resisting this warrant on the grounds that digital content should have the same privacy protections as physical content. The US government would not attempt to travel to another country and execute a search warrant. The approach shouldn’t change just because that content is stored digitally.”

Hear hear.

Microsoft’s deputy general counsel, David Howard, summarised the company’s objection to the judge’s ruling in a blog post earlier this year:

“The US government doesn’t have the power to search a home in another country, nor should it have the power to search the content of email stored overseas.”

“A US prosecutor cannot obtain a US warrant to search someone’s home located in another country, just as another country’s prosecutor cannot obtain a court order in her home country to conduct a search in the United States.”

Data centreApple, Cisco, eBay, Verizon, Salesforce and others have joined forces with Microsoft to back the case before the appeals court to block access to the Dublin servers.

In an appeal filed last week by Microsoft, the company claimed that the US government’s move was comparable to the German Stadtpolizei serving a warrant on the Deutsche Bank headquarters in Germany to obtain records that an American reporter has stashed in a safety deposit box at a New York bank:

Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany. They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter’s box with a master key, rummage through it, and fax the private letters to the Stadtpolizei.

The US Secretary of State fumes: “We are outraged by the decision to bypass existing formal procedures that the European Union and the United States have agreed on for bilateral cooperation, and to embark instead on extraterritorial law enforcement activity on American soil in violation of international law and our own privacy laws.”

Germany’s Foreign Minister responds: “We did not conduct an extraterritorial search—in fact we didn’t search anything at all. No German officer ever set foot in the United States. The Stadtpolizei merely ordered a German company to produce its own business records, which were in its own possession, custody, and control. The American reporter’s privacy interests were fully protected, because the Stadtpolizei secured a warrant from a neutral magistrate.”

No way would that response satisfy the US Government. The letters the reporter placed in a safe deposit box in Manhattan are her private correspondence, not the bank’s business records. The seizure of that private correspondence pursuant to a warrant is a law enforcement seizure by a foreign government, executed in the United States, even if it is effected by a private party whom the government has conscripted to act on its behalf.

I can hardly imagine the United States being happy with Germany’s response in that hypothetical scenario. So why should America be allowed to get away with it in real life?

Microsoft deserves our support and whole-hearted thanks for playing hard ball with the US authorities on this important privacy issue.

To find out more, visit the Digital Constitution website.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Kudos to Microsoft: Fighting US attempt to access emails at Dublin data centre”

  1. Coyote

    I'm very often critical of Microsoft. I'm the same with Apple. I'm the same way with others (though worse of all is any and all patent trolls). But when one of them (obviously patent trolls don't count here) does something right, I'm the first one to commend them and defend them indeed. This is the only way to be, if I am to be honest. If you are only critical it is just negative and only negative doesn't really make you look good (and it is incredibly biased – can't do anything right no matter what it is yet if someone else did it would be commended).

    So: yes, Microsoft does deserve credit here. Much respect to their decision here (it also takes a certain amount of credibility and strength I might add, to fight in this case) and I hope they win this because it is absolutely absurd what … the US … is doing.

    I love the incident involving Germany. I'd like to throw in something else, speaking of Germany. I know there could be some furor (which, incidentally, as far as spelling goes (I have heard it but it has been a long time and I'm not German so I will not remark on the sound), looks much like Führer, doesn't it ? And of course I am referring to a specific one at that… and naturally I chose 'furor' over other words for this reason) but I honestly don't care because it is the truth nonetheless: the US government is acting like the Gestapo. It is shameful at best and unfortunately it IS NOT best (and not even close). It is also incredibly ironic given the above and the countries involved (i.e. Germany and United States and specifically Germany).

  2. Ramesh

    American judge has no business in Irish republic. What would US do if an Chenese, Russian, Syrian, Iranian or Turkish judge orders the same from a date center in the US?
    Isn't the distance from my house to your is same as that from your house to my house?
    Gandhi said "First, you be the change you want to see". US judge can not preach before following the same rule.
    Microsoft is correct and should fight full force.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.