Microsoft floats Cloud for Sovereignty Microsoft is previewing a cloud service in acknowledgement of customers' demands that at least some of their data crown jewels remain within the region in which they operate. Sovereignty is a thorny area, and while the dream of the public cloud might initially have been a case of storing and processing data without regard for …
How does any of this help when the parent US company can be subpoenaed into handing the info over?
Heck, if it's done by a National security letter, they aren't even allowed to disclose they've been asked for the info.
Drilling down through the links in the Microsoft waffle I find the statement: "we defend our customers’ data from improper access by any government in the world."
I take it that a demand under the CLOUD Act would not be considered "improper" because it's sanctioned by law. In fact I recall Microsoft were pleased at the Act's passing, not, as far as I can make out, because it strengthened their hand when some US functionary didn't want to go through the proper channels in Ireland, but because it clarified things for them. US functionary now says "jump" and Microsoft can jump without any comeback from the affected customer.
Drilling further I find out how they're going to do this: "a contractual commitment to challenge government requests for data". "Challenge" not "defy". I read this as saying that they'll make sure that a demand under the CLOUD Act meets its requirements and is, therefore, proper.
What seems to be needed is an arm's length agreement whereby the EU data centres would be run by a self-contained EU-owned business over which neither Microsoft nor any other business within legislative reach of any non-EU government had any power to demand access. Does it provide for this?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
