Back in 2014, a US court decision ordered Microsoft to turn over a customer’s emails stored in Ireland to an US government agency. The order had been temporarily suspended from taking effect to allow Microsoft time to appeal to the 2nd US Circuit Court of Appeals.
I wrote a post on that issue back then and described the pending decision as a Sword of Damocles hanging atop of all of the US Cloud Service Providers (CSPs). While that decision raised massive awareness back then in the press, the news that hit my desk few days ago didn’t get much attention. In the so-called “search warrant case”, the 2nd US Circuit Court of Appeals ruled in favor of Microsoft, overturning an earlier ruling from a lower court.
The blog post Brad Smith, President and Chief Legal Officer at Microsoft, published is very well worth reading, particularly the part about the support Microsoft has experienced from other parties and the section that points out that legislation needs to be updated to reflect the world that exists today. The latter is currently on its way in the EU, with the upcoming EU GDPR, becoming effective in 2018.
From the perspective of US CSPs and their customers, the court decision is definitely good news. Despite the fact that it is “only” a court decision and updated legislation is still missing, it mitigates some of the risk particularly EU, but also, e.g., APAC customers perceived when relying on US CSPs. This helps US CSPs with their business, by removing barriers for rapid cloud adoption. It helps customers, because the risk for data being requested by US governmental agencies while being held in non-US data centers is reduced significantly. So it’s not a Sword of Damocles hanging around. Maybe it’s still a knife, so to speak, but the risk is far lower now.
What I definitely find interesting to observe is the rather low attention the good news received. But that’s not too surprising. Bad news always sells better than good news.
The decision, from my perspective, can have a significant impact on further speeding up the shift of customers from on-premise solutions to the cloud. Most are on their way anyway. Each risk that is mitigated eases customer’s decisions. Anyway, the next challenge to solve for US CSPs (and all other CSPs that do any business with the EU) will by to comply with EU GDPR. But there at least we have the legislation and do not rise or fall with court decisions.