Access To User Data: If Microsoft Wins, Do Startups And Innovators Lose?

Next Story

Tor Exec Claims NSA Agents Supply It With Vulnerability Information

Editor’s note: Kate Westmoreland is an international consultant and attorney, helping companies to manage government access to user data. She’s an affiliate with the Stanford Center for Internet and Society and has a background working with government and the UN.

With user trust at an all-time low, keeping the FBI’s hands off foreign users’ data seems like good business sense for U.S. companies. Microsoft says it’s fighting the feds over your email, but it also happens to be fighting to support the Microsoft business model. If your business isn’t like Microsoft (and if you’re a tech company that’s fewer than 10 years old that’s probably you), backing this case might not actually be in your best interest.

Microsoft is trying to stop the U.S. government from using domestic search warrants to access user data that is hosted overseas. Microsoft is arguing that if a government wants to access a user’s email records, it should have to follow the law of the country in which that data is hosted, not the law of the country where the company is based. This aims to build international user confidence in U.S. companies by making it harder for the FBI to access foreign user data. Instead of just getting a search warrant, they would need to go through international channels such as the mutual legal assistance treaty (MLAT) process. However, it’s not only the FBI that would find this process harder; it also creates difficult legal issues for smaller companies with international users.

What is best for the company’s legal structure may be completely at odds with what is best for technical requirements.

If a U.S. company only has U.S. users, it is pretty straightforward to ensure fast page load times and have a sensible disaster-recovery strategy just by hosting data in the East Coast and West Coast of the U.S. This keeps things simple for the lawyers (read: less expensive) because it is only U.S. law that controls how governments access your data. However, once you start adding international users, you’ll probably need to host data outside of the U.S.

If the courts adopt Microsoft’s approach, this creates a new range of legal headaches because your data will suddenly be governed by the laws of a slew of different countries. Any time you add another country to your data-hosting locations, you are making that data subject to that country’s laws (even if the user is in another country altogether). This is even more complicated if copies of the data are hosted in two different countries. This is where the lawyers and the developers may come to fisticuffs, because what is best for the company’s legal structure may be completely at odds with what is best for technical requirements.

So why is Microsoft’s general counsel, Brad Smith, so comfortable with this approach? Because Microsoft has a fundamentally different business structure from newer, cloud-based companies. Microsoft began as an enterprise software company.

When you’re selling your product on floppy disks, you need employees on the ground. Microsoft has therefore invested the time and money in setting up a huge international infrastructure with employees (including lawyers) and subsidiaries all over the world.

Microsoft’s terms of service already offer different jurisdiction choices across the world. Similarly, Apple, Verizon and AT&T all have business structures that involve an in-country, physical presence. It therefore makes good business sense that they support Microsoft’s position. However, if your company has evolved in the era of clouds, with a leaner business structure and a virtual international presence, you are at a distinct disadvantage.

In order to maintain market dominance and keep growing, U.S. business needs to win back international trust. However, tech companies also need to be able to adopt decentralized, cloud-based business and data models and to build an international user base. Microsoft’s approach would entrench its own, old school business model and make it hard for startups to grow internationally unless they’re ready to hire a team of international lawyers. A win for Microsoft might bring short-term improvement in international user trust, but it would have long-term repercussions for the next generation of startups.