Microsoft's Creative Solution to Data Privacy
Not long ago, Microsoft was widely seen as the archetypal evil corporate empire: A brutish monopoly, bereft of new ideas and embodying all that went wrong with first-generation tech titans. Under Chief Executive Satya Nadella, however, its creativity has been revived and its contribution to Europe's fight against U.S. Internet surveillance is evidence of that.
Last month, the European Court of Justice ruled that the U.S. could no longer be viewed as a "safe harbor" for European Internet users' data, because it made the data available to its intelligence services. The ruling was rooted in National Security Agency whistle-blower Edward Snowden's revelations of a program called Prism, which enabled the agency to peruse the private messages and other data sent by the customers of top U.S. Internet firms. According to Snowden's documents, Microsoft was the first to sign up for Prism, preceding the likes of Apple, Google and Facebook.
Now, Microsoft is the first to offer a solution to the problem U.S. companies face in Europe. And it's a good solution.
Starting next year, the American company will offer cloud services to its European customers from two data centers that are based in Germany and run by a local "data trustee," Deutsche Telekom. This means Microsoft will not be able to access the data without permission from the clients and from Deutsche Telekom, which operates under Germany's tight data protection law.
Microsoft is a top player in the cloud world. In the first half of 2015, it was number one in the world in terms of revenue from all cloud computing segments, overtaking Amazon and Salesforce, according to a recent Wikibon report:
Microsoft's scheme, in effect, shifts responsibility for permitting data transfer to the U.S. to Deutsche Telekom, which will be unmotivated to allow it in cases that might create legal problems. The partly state-owned company is subject to constant press scrutiny and takes privacy issues seriously enough to publish a special annual report on the issue.
There is, of course, the danger that German intelligence will gain access to the data (and then, potentially, share it), but German society is better than most at thwarting the excessive hunger for information that seems to afflict all secret services. In August, Germany's top prosecutor was fired for pursuing bloggers who had revealed an intelligence plan to expand Internet surveillance. A German Snowden would have become a hero for revealing a German Prism. That's why most Germans expect their cloud service providers to use exclusively local data centers.
On the one hand, Microsoft's decision to turn to Deutsche Telekom is an admission of weakness: It's telling clients that the company is unable to guarantee the protection of their data from prying eyes in the U.S. On the other hand, this is also a show of strength, put on for the U.S. law enforcement agencies Microsoft is currently fighting in court. The U.S. Department of Justice is trying to prove its right to access emails stored on a server in Ireland, something the company has resisted for two years. Microsoft, which earns more than half of its revenue outside the U.S., has now demonstrated that, as an international company, it has business relationships that allow it to act outside U.S. jurisdiction if necessary.
Besides, Microsoft is daring competitors to make a similar move; if they fail to follow suit, they will appear suspect to European customers.
The scheme's brilliance is comparable to Nadella's vision of a single operating system for all devices. Microsoft is no longer a stumbling giant: It has the ideas to lead the industry again.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
To contact the author of this story:
Leonid Bershidsky at firstname.lastname@example.org
To contact the editor responsible for this story:
Marc Champion at email@example.com