Microsoft has warned a US appeals court that forcing it to hand over emails stored on a server in Ireland would demolish internet user privacy worldwide in a “global free-for-all”. At the heart of the matter is a row over whether the Redmond giant should cough up messages held in an Irish data center – messages belonging to someone living in Dublin. US prosecutors chasing a drugs investigation sought a search warrant in the US to access the files, but Microsoft thinks the action should be taking place on Ireland’s soil, where the information is stored. Tim Erlin, Director of Security and Product Management at Tripwire gives insight into the issue.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire :
“It’s tempting to think that data stored in the cloud isn’t really anywhere, but even the cloud is ultimately made up of bits on disk in some number of physical locations.
If your data is out there, then this is a case worth watching. While the details are more subtle than the current row about encryption, the repercussions of any precedent set will be widespread. Jurisdictional issues, definitions of custody and location, all impact a myriad of current and future legal decisions.
Interestingly, if Microsoft were employing the same end-to-end encryption for this email content as Apple and Google have implemented on mobile devices, this court case would be a very different discussion.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.