Microsoft will allow non-US customers to store their personal information on servers outside of North America in a move arguably made in an attempt to regain client trust following the National Security Agency (NSA) snooping revelations.
The extent of mass surveillance, leaked by whistle-blower and former NSA IT contractor Edward Snowden, meant the US government could potentially access information about any individual whose personal information was stored on Microsoft’s US servers, even if that person wasn’t a citizen of the United States.
But now, with a change in policy that differentiates it from other major web and technology providers in the US, Microsoft has indicated foreign users will have their data stored outside the US, putting restrictions on the extent to which data can be snooped upon.
“People should have the ability to know whether their data are being subjected to the laws and access of governments in some other country and should have the ability to make an informed choice of where their data resides,” Brad Smith, general counsel of Microsoft told The Financial Times.
Customers could be able to choose the location of the server their data is stored on, Smith suggested, and while allowing customers to store data outside the US will be expensive, he argued that despite the cost, it was a sensible strategy.
“Does it [the cost] mean that you ignore what customers want? That’s not a smart business strategy,” he said.
Smith also suggested that authorities in the US and across Europe should sign agreements to not use tech firms to acquire data about individuals in regions that are not under their own jurisdiction.
“If you want to ensure that one government doesn’t seek . . . to reach data in another country, the best way to do it is . . . an international agreement between those two countries,” he said.
“Secure a promise by each government that it will act only pursuant to due process and along the way improve the due process.”
The apparent shift in Microsoft’s policy revealed by Smith has been welcomed by privacy campaigners.
“It’s incredibly positive,” said Jeff Chester, executive director of the Center for Digital Democracy, a US consumer protection and privacy group. “If they’re really making a public commitment to store [data] locally then they will be breaking with the rest of the industry,” he added.