ISO Prepares to Launch Standard Building Blocks for Cloud SLAs

Jeff Gould by Jeff Gould, SafeCloud.org
Monday, September 12, 2016

When large cloud customers deal with multiple cloud providers, as they typically do, there is bound to be some conceptual and terminological drift between the different SLAs. An obvious need arises for a standard way of building cloud service level agreements that meets the requirements of both customers and providers. The forthcoming ISO/IEC 19086 is just such a standard for cloud SLAs. A multinational committee of experts has been working on this project since 2013 and is expected to finalize the first of four planned parts this November. The four parts are as follows:

Should U.S. States Store Their Citizens’ Data Overseas?

Jeff Gould by Jeff Gould, SafeCloud.org
Tuesday, September 6, 2016

After a recent federal court ruling against prosecutors seeking emails stored abroad, a new case in Virginia again highlights the clash between privacy rights and data sovereignty

Obama administration can secure another win for data privacy

Julie Anderson by Julie Anderson, AG Strategy Group
Tuesday, August 9, 2016

In its final months in office, the Obama administration finalized Privacy Shield with the EU. Now it needs to implement it and work with U.S.-based tech companies to remove any uncertainty about exchanging data across the Atlantic. Then, Congress must take action to improve the process for law enforcement agencies to request email data from U.S.-based tech firms when conducting a criminal investigation. All three branches of government have a responsibility to help digital privacy rights catch up with physical ones. If our government achieves parity between privacy rights across those two spheres, then Americans will be safer and can enjoy the protections of their individual privacy.

Microsoft, Ireland and a Level Playing Field for U.S. Cloud Companies

Paul Schwartz by Paul Schwartz, Berkeley Law School
Friday, July 29, 2016

After the recent Microsoft v. United States decision, the law faces the task of clarifying questions about the international reach of a variety of a legal authorities and processes. In so doing, it should maintain a level playing field for U.S. cloud companies who store their data extra-territorially. There is no policy reason to set a heavier compliance burden on U.S. companies in meeting these requests, the author writes.

The US can’t go stomping on other countries’ laws. Period.

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Monday, July 25, 2016

Sadly, however, today threats to the free flow of information across the globe come, not only from authoritarian countries but, also, from misguided actions of Western nations that ought to know better. The latest example of this unfortunate trend is the U.S. government's effort to force Microsoft to provide it with data that Microsoft stored in a data center in Ireland. In December 2013, Microsoft received a warrant from a magistrate in the Southern District of New York directing the company to turn over content and non-content information relating to a user associated with the company's Dublin, Ireland data center. Microsoft produced the non-content material associated with the user stored on its U.S. servers, but objected to the order for content data stored in Ireland. The government's view was that the U.S. government can compel the company, a U.S. based cloud provider, to disclose a user's content data stored outside the United States. Happily, that argument has not carried the day. The United States Court of Appeals for the Second Circuit recently issued a decision rejecting the government's request and allowing Microsoft to refuse to produce the data.

Microsoft Search Warrant Case Is A Win For Privacy

Bradley Shear by Bradley Shear, Law Office of Bradley S. Shear
Friday, July 22, 2016

The unanimous 3-0 ruling is a victory for not only personal privacy rights but also for the theory that people’s rights in the physical world should be extended to the digital world. This decision will have a tremendous impact on international technology service providers, social media platforms, apps, law enforcement, and individual users of mobile and cloud-based services.

Microsoft wins a signal court victory for cloud privacy against the U.S. government

Jeff Gould by Jeff Gould, SafeCloud.org
Tuesday, July 19, 2016

To the surprise of many, Microsoft has just won a historic court case defeating efforts by the U.S. government to seize private data held by the firm’s customers overseas. According to a U.S. Appeals Court ruling, Federal prosecutors cannot use search warrants to grab the content of email messages from data centers located outside the United States, even when these facilities are owned and operated by a U.S. cloud provider such as Microsoft.

It's Time to Update the 30-Year-Old Electronic Communications Privacy Act

Julie AndersonKaren Evans by Julie Anderson, AG Strategy Group
Karen Evans, KE&T Partners
Tuesday, July 19, 2016

Many Americans may not understand why this decision is relevant to their daily lives: The federal government asserted tech companies own individuals’ personal information such as emails and photographs, and not the individuals themselves. This would give your personal information less privacy protection than the family notes you place in your dresser drawer at home. Multiple branches of government have important responsibilities in remedying this problem. The Court of Appeals has acted. Now, it’s time for Congress to modernize an outdated law.

A Key Win by Microsoft

Tracy Mitrano by Tracy Mitrano, Mitrano & Associates
Sunday, July 17, 2016

Mark the Second Circuit decision in the Microsoft case as a turning point. The win for Microsoft is a victory for U.S. innovation, manufacturing and Internet companies, privacy advocates, and legal due process. The Court held that the Electronic Communications Privacy Act (“ECPA,” and specifically in this case, Title II, Stored Communications) does not extend beyond the United States and its territories. Its reasoning does yet more.

Microsoft Just Won a Big Victory Against Government Surveillance -- Why It Matters

Daniel J. Solove by Daniel Solove, TeachPrivacy
Friday, July 15, 2016

Yesterday, Microsoft won a huge case against government surveillance, a case with very important implications: In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation. Why does it matter how the government seeks to obtain data stored abroad? It matters because the US government was seeking to use to obtain data stored in Ireland in a way that would violate Irish law. Had the government used the MLAT process, the government would have had to seek the information by going to a judge in Ireland. Although the MLAT process is clunkier and more difficult than just using ECPA, following the MLAT process is important to avoid at least three very troubling consequences.