Microsoft expands and renews international certifications in seven countries

Alice Rison, Microsoft Azure Blog,  Wednesday, August 17, 2016

Microsoft invests heavily in cloud computing to not only create the most advanced functionality and highest quality services possible, but also to ensure security, compliance, privacy and transparency are provided to our cloud services customers. Products like Azure Security Center and Microsoft Transparency Hub, and activities such as our ongoing legal effort to protect privacy rights across the globe, show our holistic approach to trust and security which no other cloud service provider can match. We continue to maintain the largest portfolio of cloud certifications. In the first half of 2016, we achieved four new international certifications as well as renewed and expanded other certifications in seven countries. Here is a quick recap of our international compliance activities:

EU plans to extend some telecom rules to web-based providers

Julia Fioretti, Reuters,  Wednesday, August 17, 2016

The European Union is planning to extend telecom rules covering security and confidentiality of communications to web services such as Microsoft's Skype and Facebook's WhatsApp which could restrict how they use encryption. The rules currently only apply to telecoms providers such as Vodafone and Orange. According to an internal European Commission document seen by Reuters, the EU executive wants to extend some of the rules to web companies offering calls and messages over the Internet.

Tim Cook: Privacy Is Worth Protecting

Eric Zeman, Information Week,  Wednesday, August 17, 2016

Apple CEO Tim Cook leans on the Founding Fathers to suggest the company did the right thing when asked by the FBI to unlock a terrorist's iPhone. It's an issue that affects IT professionals who need to protect company data, as well as consumers and their personal information.

American Economic Activity Is Rooted In Global Flow Of Information

Jim Pflaging, Forbes,  Tuesday, August 16, 2016

Today, evidence or information relevant to a law enforcement investigation is often in electronic form and, because of breakthroughs in cloud computing, this data could be stored in any number of locations around the globe. In such cases, the question is: Whose law applies when U.S. law enforcement requires access to digital evidence stored outside the United States? The U.S. government argued that Microsoft did provide the non-content user information that was stored in the U.S., it argued that the U.S. government would need to utilize the Mutual Legal Assistance Treaty process instead of an extraterritorial warrant in order to access information stored outside of the U.S. Despite the Court’s ruling in Microsoft’s favor, the government’s argument in this case remains a threat to a trusted and open Internet. A successful appeal to the Supreme Court, or the adoption of legislation codifying this argument, would accelerate a breakdown of trust between nations and increase the risk of internet “balkanization.”

How Private Is Your Public Cloud? Stacking Up Google, Microsoft And AWS Data Privacy

Sarah Kuranda, CRN,  Monday, August 15, 2016

"This is your data. This is not our data. As a general matter of principle, we design our systems and our processes to make sure that data is treated as yours and not as ours," said Neal Suggs, vice president and deputy general counsel at Microsoft, Redmond, Wash. "Microsoft runs on trust." Suggs said data usage, control and privacy together make up one of the four pillars on which Microsoft has built its cloud strategy, along with data security, compliance and transparency. Those pillars extend from the design of the company's systems, the processes in place, encryption technologies, an audit process and a culture that "respects that customer-generated content is the customers' content and not our right to use without our customers' consent."

The IoT threat to privacy

Christine Bannan, TechCrunch,  Monday, August 15, 2016

As the Internet of Things becomes more widespread, consumers must demand better security and privacy protections that don’t leave them vulnerable to corporate surveillance and data breaches. But before consumers can demand change, they must be informed — which requires companies to be more transparent.

Apple at BlackHat: Reopening the "Going Dark" Debate

Matt Tait, Lawfare,  Monday, August 15, 2016

Just over a week ago, at the BlackHat hacker convention in Las Vegas, Ivan Krstić, Head of Security Engineering and Architecture at Apple gave a talk entitled “Behind the scenes of iOS Security,” the slides of which are available here. It’s a historic talk for a couple of reasons. First, Apple is traditionally very secretive about how it technically does security on its devices. Apple also announced its first bug bounty program. So far, so newsworthy. But something else happened at that talk. Unbeknownst to the presenter or anybody in the audience, Apple just reopened the “Going Dark” dispute between the FBI and the privacy community, and it turned the entire dispute on its head.

Obama administration can secure another win for data privacy

Julie Anderson by Julie Anderson, AG Strategy Group
Tuesday, August 9, 2016

In its final months in office, the Obama administration finalized Privacy Shield with the EU. Now it needs to implement it and work with U.S.-based tech companies to remove any uncertainty about exchanging data across the Atlantic. Then, Congress must take action to improve the process for law enforcement agencies to request email data from U.S.-based tech firms when conducting a criminal investigation. All three branches of government have a responsibility to help digital privacy rights catch up with physical ones. If our government achieves parity between privacy rights across those two spheres, then Americans will be safer and can enjoy the protections of their individual privacy.

EU-U.S. Privacy Shield Program Overview

Dept of Commerce,  Monday, August 1, 2016

The Privacy Shield program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables U.S.-based organizations to join the Privacy Shield Framework in order to benefit from the adequacy determination. To join the Privacy Shield Framework, a U.S.-based organization will be required to self-certify to the Department of Commerce (via this website) and publicly commit to comply with the Framework’s requirements.

Microsoft, Ireland and a Level Playing Field for U.S. Cloud Companies

Paul Schwartz by Paul Schwartz, Berkeley Law School
Friday, July 29, 2016

After the recent Microsoft v. United States decision, the law faces the task of clarifying questions about the international reach of a variety of a legal authorities and processes. In so doing, it should maintain a level playing field for U.S. cloud companies who store their data extra-territorially. There is no policy reason to set a heavier compliance burden on U.S. companies in meeting these requests, the author writes.