Random blabbering time again.
There’s a legal case being argued before the United States Supreme Court (or SCOTUS, as some call it), involving Microsoft and the governments of Ireland and the United States. The details are spelled out in a court filing of Amicus Curiae with the 2nd Circuit Court of Appeals in New York.
The Center of Conflict
At odds are this: Microsoft contends that information stored in a data center in one country should be treated as outside the jurisdiction of another country, even if the data center is owned and operated by a vendor with a permanent presence in both countries.
Alternatively, this could be stated as: Microsoft contends that information stored on servers in data center “A” residing in country “A” should be treated as being in the jurisdiction of country “A”, and country “B” should have to obtain authorization from country “A” in order to gain access to that information, or to request seizure of related data center assets within country “A”.
The basic goal of this effort is to answer one question: Who really controls access to information on the Internet? Businesses or Governments. The customer doesn’t really factor into this at all, which should be cause for concern.
But most customers don’t feel they have any information in the “cloud” that would put their company at risk if it were snooped upon, shared or seized by someone else without there knowing.
Clear enough? Let’s apply a “what if” example:
Let’s say a customer creates an Azure account and associates their subscription with data centers in the EU, such as Germany. Then the NSA learns that this customer might be involved in a major terrorist incident or initiative. The U.S. government contends that they should have the right to gain access to that information in the German data center, without having to wait for authorization from Germany. Microsoft contends that the U.S. should have to obtain authorization from Germany first. Also, that the U.S. government’s request should be evaluated under the applicable laws of the land in which the data center resides (e.g. Germany).
Given that U.S. privacy laws are often very different from other nations’ laws, this becomes a huge sticking point.
But wait – there’s more.
If the U.S. government prevails in this argument, that opens the door for the reverse scenario, wherein other governments could gain access to customer data residing on U.S. data center servers. The potential loopholes in this could be significant.
This case is actually a continuance from an earlier case in which the NSA demanded Microsoft turn over information from user accounts residing on Microsoft’s data centers abroad. However, Microsoft is going back into the ring to insist U.S. jurisdiction law be clarified and updated to reflect the emergence of multi-national cloud services.
This situation points out two critical shifts in business and world politics. First is whether a pro-US-government ruling will have any market impact on cloud services demand in general. Second is how will government and multi-national corporate turf battles change from here on.
Option 1 – Microsoft Prevails
If the court sides with Microsoft, cloud business in general should continue on and remain robust, while also signifying the power of corporate jurisdiction over government jurisdiction. This would be good news for Amazon, Google and other cloud services providers who maintain replicated data centers across national borders.
Customers might be less worried about government “snooping”, and more importantly, less concerned about government confiscation of data or assets (servers, network connectivity, even entire data centers). Keep in mind that this is only the beginning, and only involves the U.S. government. Such issues could still arise in other countries, requiring a whole new set of legal recourse and different rules to abide by.
Expected outcome: The current trend towards migrating on-premises operations into the cloud will continue and likely accelerate. Potential for emerging business opportunity with respect to helping customers navigate international law to target optimal data center resource services based upon the nature of their business and or property.
Option 2 – Government Prevails
If the court sides with the U.S. government, it might add concern, and possible hesitation, in the minds of current and potential cloud services customers. Maybe a customer wants to maintain services which involve data or processes which are legal in one country, but not in another, but now the country who outlaws the activity has legal rights to access or seize those remote assets. This might cause them to delay or cancel planned migrations to the cloud, in favor of continuing on-premises operations.
Aside from the legal and marketing aspects this may impact, there’s secondary impacts such as career trends and partnership strategies, which branch off into the abyss.
Expected outcome: The current trend towards migrating on-premises operations into the cloud will continue at current pace, and maybe slow down a bit. Most customers will continue on with plans to migrate. Some will hold back, based on proprietary concerns related to the nature of their business and applicable privacy laws.
I’m admittedly no expert on legal affairs. However, based on precedent with regards to interactions between Microsoft and the U.S. government, as well as the reach demonstrated by the likes of the NSA, CIA, DIA and other agencies since 9/11, I’m betting on the U.S. government to prevail.
That said, it will be even more interesting to see how Microsoft, and other cloud providers, respond to customer concerns over government reach and geographic aspects.