

Microsoft admits Patriot Act can access EU-based cloud data (2011) - laumars
http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225

======
mosqutip
"Microsoft cannot provide those guarantees. Neither can any other company."

The most telling and most important line in the article. Recent days have made
it abundantly clear that anyone under US jurisdiction is susceptible to
scrutiny and surveillance.

------
toyg
Most large European corporations have known this for ages, and it's still a
big obstacle for cloud offerings here in Europe when dealing with sensitive
(or just very bureaucratic) engagements.

I know of at least one (massive) US company that had to create a special data
centre in the UK to host sensitive financial data for a (massive) bank,
because US-based servers were a huge no-no due to Patriot Act. In that case,
it was promised that the provider might have to comply with US requests
anyway, but would have been entitled to at least notify the client in
advance... and I bet there was a huge discount to sweeten the deal.

------
laumars
I find this article particularly disappointing (though sadly not at all
surprising) given the recent ad campaign Microsoft have launched in the UK,
which features the tag line: _Your Privacy is Our Priority_

[http://www.youtube.com/watch?feature=player_embedded&v=bt51M...](http://www.youtube.com/watch?feature=player_embedded&v=bt51MWll1oY)

~~~
3rd3
I recently thought of MS as one of the last giants that take privacy
seriously. Just goes to show you never know.

~~~
noinsight
This didn't surprise me at all. It's logical: if the company is U.S. based,
it's susceptible to the Patriot act.

------
belorn
It gets a bit scary when one consider the number of lawyers, priests, medical
professionals, judges, or even _complete political parties_ who's have their
every email sent over to the US for data processing and maybe NSA for copying.
Today I read an article about just such political party in Sweden. I can only
hope that at least diplomats knows better, but even there I doubt that
everyone is aware enough to always use secure email.

------
mhseiden
Given that multi-datacenter replication is a reality in massive systems, using
the point of _storage_ to determine jurisdiction seems like an antiquated
idea. Perhaps a system based on the _point of origin_ of data would lead to
more enforceable and amicable legislation...

~~~
marcosdumay
Physics are against rules beased on point of origin. The government of the
point of storage has all the power to take the data, the one of the point of
origin has none.

------
dendory
Let's not forget that by default, Windows 8 now stores even your personal
documents in the cloud. Basically everyone around the world is being directly
spied upon by the NSA. We need a strong offshore tech community with real
choices ASAP.

~~~
skrebbel
This is just plain FUD. Windows 8 doesn't put anything but my login info on
their servers unless I ask it to.

~~~
kintamanimatt
Wait, your local login credentials (password presumably hashed) are passed to
an external server for storage? Why in the world would that improve the user's
experience?

~~~
antninja
It doesn't happen if you use a local account but you can login to Windows 8
using your Microsoft account (from Hotmail or whatever). Of course they store
those credentials on their servers.

~~~
kintamanimatt
That seems like a very odd system but a good way to snoop and see who is
logging on to a particular computer at a particular location. I can't imagine
how this would benefit the user experience one little bit though.

What happens if you've lost internet access? (Internet outages happen!) Can
you no longer log in to Windows?

~~~
kryten
It's unified authentication and automatic synchronization between all devices.

If you have no Internet access (as per no domain access on Windows), it uses
cached credentials.

~~~
kintamanimatt
That's a bit more of a reasonable explanation.

It seems convenient on the surface but I can think of many ways it's a really,
really bad idea: third party snooping, the possibility of being locked out of
your own computer if your Microsoft account is deleted/deactivated/password
changed, possible expiration of cached credentials (and therefore inability to
log in) during a protracted period of internet unavailability, etc

~~~
kryten
ALL of those are possible and have occurred to that class of account so you've
hit the nail on the head there.

------
sepbot
The title is a bit sensationalised. EU-based cloud data that is stored by
Microsoft is accessible via Patriot Act because Microsoft is a US-based
company and must comply with US laws regardless of where their data is
physically stored.

------
ireadqrcodes
The USA gets all of europe's bank transaction data above 5000€ or so :/

~~~
quantumpotato_
SWIFT?

