SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
To Evade NSA, Microsoft Begins Building Data Centers in Germany
Data stored in new centers will only be accessible with permission of user or 'data trustee'
Nov 12, 2015
In an attempt to evade the long arm of U.S. intelligence that could mark a sea change in internet privacy, Microsoft has announced plans to build two new data centers in Germany that will store user information in a secure network and not allow access to anyone--including the U.S. government and Microsoft staff themselves--without explicit approval by the user or a "data trustee."
If permission is granted by the user or the trustee, Microsoft would still be required to operate under their supervision.
In this case, the trustee is T-Systems, a subsidiary of German conglomerate Deutsche Telekom. By stationing its data servers in Frankfurt am Main and Magdeburg, Microsoft will be placing user data under German privacy protections, which are some of the strictest in Europe.
The move comes amid growing public outcry over government eavesdropping in the wake of Edward Snowden's 2013 revelations that exposed National Security Agency (NSA) mass surveillance at home and abroad. And it may help address new privacy concerns arising just weeks after the U.S. Senate passed the controversial Cybersecurity Information Sharing Act (CISA), which supporters say would make it easier for tech companies to respond to security breaches--but which opponents say is nothing more than a government surveillance bill in disguise.
Microsoft, which publicly opposed CISA, has been in an ongoing legal battle with the Department of Justice (DOJ) after the company in December 2013 refused to hand over emails from a drug trafficking suspect stored on servers in Dublin, Ireland. Microsoft told DOJ officials they would have to get a warrant from an Irish court.
With that case still underway, the company's initiative signals that it may be looking for a whole new approach to privacy.
The implications of the move are significant, even if they are not necessary fail-safe. As The Verge writes:
It's an approach that's comparable to Apple's use of encryption that even the iPhone-maker can't break -- theoretically taking away the option of government authorities forcing the company to give up users' data. However, none of these tactics are ever completely secure. For example, the Snowden revelations showed that despite Europe's outward desire for data sovereignty, many local spy agencies still funneled European citizens' data to the NSA.
Paul Miller, an analyst for Forrester, notes that although Microsoft is confident in the security of German servers, this arrangement has yet to be tested in the courts. "To be sure, we must wait for the first legal challenge. And the appeal. And the counter-appeal," said Miller.
More importantly, though, Microsoft's decision could end up affecting more than just its own users. If the German trustee model becomes a recognized standard for data security, then customers of other cloud computing firms like Google and Amazon could demand similar arrangements. EU officials might also be emboldened by the move. Last month, the EU Court of Justice invalidated the longstanding Safe Harbor treaty allowing US companies to send data on European citizens back to America. The treaty is currently being renegotiated, and Microsoft's support for the data trustee model could feed into these debates.
The data centers--which are connected to each other by a private network that will operate separately from the internet--are aimed at organizations working with sensitive information, such as health or finances.
"These locally deployed versions of Microsoft's commercial cloud services adhere to German data handling regulations and customers will be able to view how and where data is processed," the company stated on Wednesday.
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It's never been this bad out there. And it's never been this hard to keep us going. At the very moment Common Dreams is most needed, the threats we face are intensifying. We need your support now more than ever. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Will you donate now to make sure Common Dreams not only survives but thrives? —Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
In an attempt to evade the long arm of U.S. intelligence that could mark a sea change in internet privacy, Microsoft has announced plans to build two new data centers in Germany that will store user information in a secure network and not allow access to anyone--including the U.S. government and Microsoft staff themselves--without explicit approval by the user or a "data trustee."
If permission is granted by the user or the trustee, Microsoft would still be required to operate under their supervision.
In this case, the trustee is T-Systems, a subsidiary of German conglomerate Deutsche Telekom. By stationing its data servers in Frankfurt am Main and Magdeburg, Microsoft will be placing user data under German privacy protections, which are some of the strictest in Europe.
The move comes amid growing public outcry over government eavesdropping in the wake of Edward Snowden's 2013 revelations that exposed National Security Agency (NSA) mass surveillance at home and abroad. And it may help address new privacy concerns arising just weeks after the U.S. Senate passed the controversial Cybersecurity Information Sharing Act (CISA), which supporters say would make it easier for tech companies to respond to security breaches--but which opponents say is nothing more than a government surveillance bill in disguise.
Microsoft, which publicly opposed CISA, has been in an ongoing legal battle with the Department of Justice (DOJ) after the company in December 2013 refused to hand over emails from a drug trafficking suspect stored on servers in Dublin, Ireland. Microsoft told DOJ officials they would have to get a warrant from an Irish court.
With that case still underway, the company's initiative signals that it may be looking for a whole new approach to privacy.
The implications of the move are significant, even if they are not necessary fail-safe. As The Verge writes:
It's an approach that's comparable to Apple's use of encryption that even the iPhone-maker can't break -- theoretically taking away the option of government authorities forcing the company to give up users' data. However, none of these tactics are ever completely secure. For example, the Snowden revelations showed that despite Europe's outward desire for data sovereignty, many local spy agencies still funneled European citizens' data to the NSA.
Paul Miller, an analyst for Forrester, notes that although Microsoft is confident in the security of German servers, this arrangement has yet to be tested in the courts. "To be sure, we must wait for the first legal challenge. And the appeal. And the counter-appeal," said Miller.
More importantly, though, Microsoft's decision could end up affecting more than just its own users. If the German trustee model becomes a recognized standard for data security, then customers of other cloud computing firms like Google and Amazon could demand similar arrangements. EU officials might also be emboldened by the move. Last month, the EU Court of Justice invalidated the longstanding Safe Harbor treaty allowing US companies to send data on European citizens back to America. The treaty is currently being renegotiated, and Microsoft's support for the data trustee model could feed into these debates.
The data centers--which are connected to each other by a private network that will operate separately from the internet--are aimed at organizations working with sensitive information, such as health or finances.
"These locally deployed versions of Microsoft's commercial cloud services adhere to German data handling regulations and customers will be able to view how and where data is processed," the company stated on Wednesday.
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
In an attempt to evade the long arm of U.S. intelligence that could mark a sea change in internet privacy, Microsoft has announced plans to build two new data centers in Germany that will store user information in a secure network and not allow access to anyone--including the U.S. government and Microsoft staff themselves--without explicit approval by the user or a "data trustee."
If permission is granted by the user or the trustee, Microsoft would still be required to operate under their supervision.
In this case, the trustee is T-Systems, a subsidiary of German conglomerate Deutsche Telekom. By stationing its data servers in Frankfurt am Main and Magdeburg, Microsoft will be placing user data under German privacy protections, which are some of the strictest in Europe.
The move comes amid growing public outcry over government eavesdropping in the wake of Edward Snowden's 2013 revelations that exposed National Security Agency (NSA) mass surveillance at home and abroad. And it may help address new privacy concerns arising just weeks after the U.S. Senate passed the controversial Cybersecurity Information Sharing Act (CISA), which supporters say would make it easier for tech companies to respond to security breaches--but which opponents say is nothing more than a government surveillance bill in disguise.
Microsoft, which publicly opposed CISA, has been in an ongoing legal battle with the Department of Justice (DOJ) after the company in December 2013 refused to hand over emails from a drug trafficking suspect stored on servers in Dublin, Ireland. Microsoft told DOJ officials they would have to get a warrant from an Irish court.
With that case still underway, the company's initiative signals that it may be looking for a whole new approach to privacy.
The implications of the move are significant, even if they are not necessary fail-safe. As The Verge writes:
It's an approach that's comparable to Apple's use of encryption that even the iPhone-maker can't break -- theoretically taking away the option of government authorities forcing the company to give up users' data. However, none of these tactics are ever completely secure. For example, the Snowden revelations showed that despite Europe's outward desire for data sovereignty, many local spy agencies still funneled European citizens' data to the NSA.
Paul Miller, an analyst for Forrester, notes that although Microsoft is confident in the security of German servers, this arrangement has yet to be tested in the courts. "To be sure, we must wait for the first legal challenge. And the appeal. And the counter-appeal," said Miller.
More importantly, though, Microsoft's decision could end up affecting more than just its own users. If the German trustee model becomes a recognized standard for data security, then customers of other cloud computing firms like Google and Amazon could demand similar arrangements. EU officials might also be emboldened by the move. Last month, the EU Court of Justice invalidated the longstanding Safe Harbor treaty allowing US companies to send data on European citizens back to America. The treaty is currently being renegotiated, and Microsoft's support for the data trustee model could feed into these debates.
The data centers--which are connected to each other by a private network that will operate separately from the internet--are aimed at organizations working with sensitive information, such as health or finances.
"These locally deployed versions of Microsoft's commercial cloud services adhere to German data handling regulations and customers will be able to view how and where data is processed," the company stated on Wednesday.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.