Sep 09, 2015

How does extraterritorial jurisdiction pose a threat to cloud providers?

I heard a snippet of an interview with a lawyer talking about risks businesses face, and he claimed that assertions of extraterritorial jurisdiction pose a significant threat to cloud centered businesses. Unfortunately, I didn’t get to listen to the rest of the discussion. Any idea what he meant by this?
The problem is that the US government is claiming to have jurisdiction over data stored in any data center, anywhere in the world if the provider is based in the US. Microsoft is currently fighting against the Dept. of Justice over a search warrant that demands data stored on a server in Ireland be turned over to the government. In general, a search warrant can only be issued within a court or law enforcement agency’s jurisdiction (a New York court cannot issue a search warrant for an Illinois address, for example). The DOJ is arguing that it has jurisdiction over ALL data EVERYWHERE if the company hosting the data is based in the US, AND that the private documents of the individual are simply business records belonging to the provider.

This means that if you live in another country, have never been to the US, but have email with a US based provider (Microsoft, Google, Yahoo, etc.), if the DOJ wins this fight, they can simply get a search warrant for the provider to access all of your data. Again, that’s even if you have never been to the US, your data is not stored in the US, and your only contact to the US was, for example, opening an email account. This obviously poses a threat to US based providers because most customers are not ok with their emails being treated as mere business records owned by US companies, and readily accessible by the US government.

The Guardian has a pretty thorough article on this issue, although it doesn’t really get into the finer points of the legal arguments:
Answer this