Microsoft: Patriot Act can access data, even outside US

Microsoft's UK managing director, Gordon Frazer, admitted that cloud data stored online, even in Europe, is not protected against the 'Patriot Act' in the United States of America. As ZDNet reports, Microsoft's admission of this fact came after Frazer was posed this question:

Can Microsoft guarantee that EU-stored data, held in EU-based datacenters, will not leave the European Economic Area under any circumstances - even under a request by the Patriot Act?

Frazer explained that due to Microsoft being headquartered in the United States, they must comply with United States laws, even when dealing with subsidiary companies. He went on to say that customers would be notified whenever possible, should a request by the Patriot Act need this. It has been suspected, perhaps even feared, for some time but Microsoft's admission that data can be accessed regardless of whether it is in the United States or not is the first of its kind. Should data be housed, stored, or processed by an American company - or a company owned in its entirety by an American parent company - then it is possible for the Patriot Act to intercept and inspect this information.

In his response to the quoted question, Gordon Frazer said the following:

Microsoft cannot provide those guarantees. Neither can any other company.

Information about what can be done with your data, including when it may be accessed by an outside authority such as the government, is available on Microsoft's online Trust Center. Posters on Reddit have suggested information that could contradict what Frazer has said, as well as suggesting that the Patriot Act could potentially break European Union laws. Reddit user 'canyouhearme' has said the following:

In doing so they would be breaking EU laws.

Explicitly, they have to follow EU laws if they are acting as EU entities and working with EU data. Making reference to US laws gives them no leeway - processing of EU data, in the EU particularly, means they can be arrested for not following EU data protection regulations.

 

Report a problem with article
Previous Story

Developer build of Gears of War 3 leaked to internet

Next Story

Samsung drops patent-infringement lawsuit against Apple

56 Comments

Commenting is disabled on this article.

This *is* M$'s fault.
They *do* (like every other business in the US) have to comply with current laws + regulations [that's the only way to stay in business ;-)], but they can *refuse* to embed code in their products that they might believe to be harmful/detrimental to presumably innocent [we still presume innocent until proven guilty, don't we... as every civilized country should? ;-)] + unaware *paying* customers [pay $$ to be spied on?! wow!!!], no matter their physical location on the planet. Do people have less rights just because they do not live in the US? M$ thinks so... ;-(
Of course, such refusal results in not selling certain products in certain markets, which results in loss of income/profit.
This basically boils down to 1 question: what's more important, human rights or profit?
Google has a history of taking a stance, a.k.a. the right position (sometimes, sometimes not) against human rights violations. Why can't M$ do the same? Easy, because they lose profits in certain markets, and that's not acceptable company policy. And profit to businesses (like M$) is more important than human rights, obviously. ;-(

Somehow it feels like the US has become the new Soviet Union... They are becoming more and more control freaks... Hopefully the EU will tell them it's gone too far now, what will be the next step? Plant gps chip into peoples bodies so they can track every step we take?
I'm not against USA at all, but what the hell is going on over there? I remember a time when they used to brag about how "free" their country was, I didn't really understand what they meant since our countries in western europe was just as "free"... But however, I think they need to think about what they're doing before it's to late ...
I'm sorry about my bad english, I hope what I wrote made any sense

Speaking of other countries... It really does not matter. The US Government gets what the US Government wants, period!!!

If we want you under the Patriot Act for something it really does not matter if you are in another country because that other country's government will bend to the US Government.

Only a question of time and how much effort we put behind it. If we want you bad enough, your a dead man (or company) no matter what country you call home. As that other country will simply bend to our might!

Duh!! Right?

Out of curiosity ... can't MS open a subsidiary (or something else but not directly attached to MS) in the EU and have that company (an EU company technically) manage the servers? If its unrelated to MS in the US, the Patriot Act wouldn't affect them, no?

[PS: I am not good at this corporate stuff so sympathize with my lack of knowledge]

georgevella said,
Out of curiosity ... can't MS open a subsidiary (or something else but not directly attached to MS) in the EU and have that company (an EU company technically) manage the servers? If its unrelated to MS in the US, the Patriot Act wouldn't affect them, no?

[PS: I am not good at this corporate stuff so sympathize with my lack of knowledge]

They'd essentially have to branch off all of their european staff and start a completely independent company. They're still screwed if Microsoft US owns it as a subsidiary.

georgevella said,
Out of curiosity ... can't MS open a subsidiary (or something else but not directly attached to MS) in the EU and have that company (an EU company technically) manage the servers? If its unrelated to MS in the US, the Patriot Act wouldn't affect them, no?

[PS: I am not good at this corporate stuff so sympathize with my lack of knowledge]


The problem is that Microsoft wouldn't be able to completely own a subsidiary and at the same time be free from the Patriot Act. I.e. it would have to be partially owned by another European company, and I am not sure if Microsoft would want that?

I am getting sick of American government thinking it can do anything with it laws. The American government needs to learn its place in the world, there are other laws and governments in the world other than you! If the servers are in your country than it falls under your data protection laws, if they are in another country then its their laws that apply. If this situation continues a lot of American companies wont want to do business outside there own country, as they don't want to be have to put in a difficult position.

TrekRich said,
I am getting sick of American government thinking it can do anything with it laws. The American government needs to learn its place in the world, there are other laws and governments in the world other than you! If the servers are in your country than it falls under your data protection laws, if they are in another country then its their laws that apply. If this situation continues a lot of American companies wont want to do business outside there own country, as they don't want to be have to put in a difficult position.
As if that would matter.

The other countries would still apply with United Sates Laws when the United Sates applies a bit of pressure. Every country on the face of the earth bends to our will. For obvious reasons!

war said,
As if that would matter.

The other countries would still apply with United Sates Laws when the United Sates applies a bit of pressure. Every country on the face of the earth bends to our will. For obvious reasons!


Obvious troll is obvious?

*care*

Just dont do any Terrorism stuff and you wont notice a **** of it -_-" if you dont do bad stuff you wont "suffer" from it.

FransB said,
*care*

Just dont do any Terrorism stuff and you wont notice a **** of it -_-" if you dont do bad stuff you wont "suffer" from it.


Try wearin butt-plug and after few days you wont notice a **** of it -_-" if you dont do bad stuff you wont "suffer" from it.

The amount of servers being used by American companies in Europe is probably a 50/50 statistic or close. So if the EU banned American companies from having servers in Europe, you are talking stripping billions if not a trillion dollars from the European economy which would skyrocket the unemployment rate in the IT market and could be the catalyst for a major economic depression. So go ahead ban American companies in the EU I hope you like being destitute for the next ten years while your economy recovers.

SpecialK. said,
The amount of servers being used by American companies in Europe is probably a 50/50 statistic or close. So if the EU banned American companies from having servers in Europe, you are talking stripping billions if not a trillion dollars from the European economy which would skyrocket the unemployment rate in the IT market and could be the catalyst for a major economic depression. So go ahead ban American companies in the EU I hope you like being destitute for the next ten years while your economy recovers.

No one suggested banning American companies from having servers in Europe, and FYI it would destroy your economy as much as it would ours.

You won't find a more un-American piece of legislation than the "Patriot Act". Sold by the war criminal GW Bush and his punk thugs with a title that makes it seem that you're NOT a patriot if you don't want people sniffing in on everything you do.

This is the by-product of the failed Total Information Awareness. Go look it up.

Soulsiphon said,
You won't find a more un-American piece of legislation than the "Patriot Act". Sold by the war criminal GW Bush and his punk thugs with a title that makes it seem that you're NOT a patriot if you don't want people sniffing in on everything you do.

This is the by-product of the failed Total Information Awareness. Go look it up.

How did it get extended after Bush was no longer President? Is Obama a war criminal too?

Enron said,

How did it get extended after Bush was no longer President? Is Obama a war criminal too?

You really think presidents are anything more than puppet figure heads? Globalist isn't just a term thrown around by "conspiracy nuts" anymore. It's a fact, one just needs to open their eyes. Before a candidate is even allowed to be taken seriously and supported, they have to be given the nod from the real power brokers. Wake Up.

KingCrimson said,
If you have nothing to hide, what's the problem?

Words alone can't describe my disgust by the incredible ignorance of people like you. One day in the future when your children ask why you just let all their freedoms and privacy get stolen, try your stupid "Nothing to hide" remark. They'll look at you with the same disgust I'm giving you now.

Hahaiah said,

Words alone can't describe my disgust by the incredible ignorance of people like you. One day in the future when your children ask why you just let all their freedoms and privacy get stolen, try your stupid "Nothing to hide" remark. They'll look at you with the same disgust I'm giving you now.

+10000

KingCrimson said,
If you have nothing to hide, what's the problem?

Hearing that from a retard hiding behind a nickname without a blank profile photo?

KingCrimson said,
If you have nothing to hide, what's the problem?
Looks like you have plenty to hide, so you are 1 to talk, eh!

grrrr... how will i ever sell all my nuclear devices, my bunker bombs, my chemical warfare agents, and even my terrorist materials now?

i think most of you are a little bit too paranoid... if you're not selling what i am selling then why do you care? haha

I can only assume that the reason MS makes these retarded claims is because they love appearing before the EU regulators. Must be some kind of corporate fetish...

Thats bull****. The "Patriot Act" should not be allowed to apply to other Nations. It already infringes on Americans Constitutional Rights, how can they use it to infringe of the privacy and human rights of others?

They can't. I've done a fair bit of work with EU & UK data protection laws in the past as part of my job, and I can tell you now, no matter WHAT Microsoft or even the US government may think they can do, if MS give them access to EU citizen's data that's held on EU located servers, they ARE breaking EU data protection laws.

Whether anything would actually HAPPEN to them for doing so though, that's another matter entirely.

Well, it should be clear for every company, that since you put your data in not your cloud, it is not a secret anymore...

alexalex said,
I wonder what else is open under the "Patriot Act", like maybe all Windows running PCs ?

Most are connected through the internet! They could use some bs excuse to hack it under the act!

alexalex said,
I wonder what else is open under the "Patriot Act", like maybe all Windows running PCs ?

Jesus just can't give it a rest? If it does, it would apply to OSX, ChromeOS, most Linux distros, etc too. Hell before you post it, yea it'll probably cover non-Microsoft phones and tablets too.

Nothing better to do on a Sunday but post this nonsense?

alexalex said,
I wonder what else is open under the "Patriot Act", like maybe all Windows running PCs ?

Why does "patriot act" would be limited to windows only?

Max Norris said,

Jesus just can't give it a rest? If it does, it would apply to OSX, ChromeOS, most Linux distros, etc too. Hell before you post it, yea it'll probably cover non-Microsoft phones and tablets too.

Nothing better to do on a Sunday but post this nonsense?

No, it would not. You didn't read such statement from Google, Apple, IBM.....

alexalex said,
No, it would not. You didn't read such statement from Google, Apple, IBM.....

Then kudos for Microsoft for pointing it out first. Again, how is this a Microsoft issue? They're just pointing out how they're complying with the law.. imagine that. You got a beef with it, start throwing evil overlord comments about the US government instead. That's where the fault actually belong instead of turning this into another cookie cutter anti-Microsoft tirade.

alexalex said,
I wonder what else is open under the "Patriot Act", like maybe all Windows running PCs ?

looks like you're one big troll in internet station

subcld said,

looks like you're one big troll in internet station

Windows OS is Microsoft's property and the user has only licence to use the OS, not to own it, so why the idea of a "backdoor" under "Patriotic Act" is so far-fetched ?

alexalex said,
Windows OS is Microsoft's property and the user has only licence to use the OS, not to own it, so why the idea of a "backdoor" under "Patriotic Act" is so far-fetched ?

You're only licensed to use quite a few products, many of which aren't from Microsoft. Why the extreme paranoia against only Microsoft when that same theory can apply to most any computer, software or consumer devices under the sun? My television has internet connectivity, should I be worried about the US government spying on me through that too? Or how about all the OSX users?

Jen Smith said,

You're only licensed to use quite a few products, many of which aren't from Microsoft. Why the extreme paranoia against only Microsoft when that same theory can apply to most any computer, software or consumer devices under the sun? My television has internet connectivity, should I be worried about the US government spying on me through that too? Or how about all the OSX users?

he's only going on about windows and MS because he is very pro apple from the comments we've seen in the past

Reddit user 'canyouhearme' has said the following

i'm pretty sure that on reddit comments leave a lot of lawyers.

jackkk1 said,

i'm pretty sure that on reddit comments leave a lot of lawyers.

Yeah, I felt the same way, but I figured I would throw that in because it seemed like an interesting point if the user is correct. If not, at least it gives an idea of some opinions of people within Europe.

neo158 said,
Wouldn't this be a breach of EU privacy laws?

Yeah I'm pretty sure I can sue someone that breaches my privacy. Dutch Laws... too many ;(

alexalex said,
The EU and all countries should ban the use of Office 365.

*Sigh* Completely expected trolling. And how exactly is the Patriot Act Microsoft's fault again? May as well add any American company that has servers located in Europe. Should start banning the fanboy trolls who can't even bother to read the article before spouting their typical "Evil M$" nonsense.

Edited by Max Norris, Jul 3 2011, 3:10pm :

Max Norris said,

*Sigh* Completely expected trolling. And how exactly is the Patriot Act Microsoft's fault again?

The same as Chinese laws where not Google's fault. Microsoft should stand up to this or keep Office 365 for US only.

alexalex said,
The same as Chinese laws where not Google's fault. Microsoft should stand up to this or keep Office 365 for US only.

Google isn't a Chinese corporation however, not a fair analogy. These laws would apply to the Google servers located in the EU as well, and since they're an American company being slapped by an American law, the outcome is going to be a bit different if they decided to just ignore it. Going to get burned either way though, either breaking US law or breaking EU law.. personally as an American company I'd err on the side of the US law.

alexalex said,
The EU and all countries should ban the use of Office 365.

Wow, you really thought that one through, didn't you?

alexalex said,
The EU and all countries should ban the use of Office 365.

they should ban iCloud also then as it will have servers outside the US...

thenonhacker said,
Stupid Idiot. That will go both ways on ANY cloud-based apps. That includes Google Docs. THINK. Do you have at least a brain cell?

People are really quick to bash him for that remark, and tbf it doesn't seem very well thought out, but he may have a point. Banning it, or Microsoft voluntarily not releasing it in EU countries, would seem to be the only way to comply with both US and EU laws.

Although, yes, chances are they'll ignore EU law and nobody will do anything about it. Since we'll either never find out when/how many patriot act requests have been made, or America may even very diplomatically not make any requests for data stored on EU servers.

Having said that, I think the best option would be to release the product using a subsidiary company that is partly owned by an EU company. Giving the EU company a nominal share, and Microsoft the legal right to tell the American government to do one.

Nihilus said,


Although, yes, chances are they'll ignore EU law and nobody will do anything about it.

Having said that, I think the best option would be to release the product using a subsidiary company that is partly owned by an EU company. Giving the EU company a nominal share, and Microsoft the legal right to tell the American government to do one.

I agree and think that if Microsoft ignores EU law then Europe will gather the required evidence and heavily fine them until they stop ignoring the law or, in an extreme scenario, ban them from doing business over here. Since Microsoft doesn't want that kind of future, nor do they want to break U.S. laws, I think that your final point is the more likely option... or they may petition to get U.S. law changed which is the cause of the problem.