Sloppy corporate structure. Sloppy security. Sloppy access rights
Had Microsoft put a little bit of thought into the legal implications of its corporate structure:
- A subsidiary company would own the server farm in Ireland
- No one in the US would have access to the data, except for support purposes
- The people who do have access to the data, in Ireland, would be bound by Irish data protection laws
- The US prosecutors would have no option but to go through the Irish authorities?
Why should the US authorities go through Ireland* when they can effectively threaten Microsoft employees in the US until they get what they want (and they WILL get what they want, such is the power held by a US federal prosecutor).
* Well, other than it being fundamentally the right thing to do.