back to article Microsoft capitulates, announces German data centres

Call it “safe harbour” in action: Microsoft has announced it's going to go along with Germany's data privacy concerns and start hosting Azure, Office 365, and Dynamics CRM Online in that country. The decision comes hard on the heels of the company's decision to spin up some rust in the UK, with the Ministry of Defence as an …

  1. Notas Badoff
    Joke

    Fed dicks nicks pics ...

    machts nichts?

    1. thomas k

      Re: Or,rather

      Feds nick dick pics nichts?

      1. VinceH

        Re: Or,rather

        da da da

        1. mosw

          Re: Or,rather

          I prefer this version featuring Bill Gates, Steve Ballmer, a Sun workstation and a VW.

          https://www.youtube.com/watch?v=QtrmeorJdfc

  2. Anonymous Coward
    Anonymous Coward

    Good job...

    US companies aren't indemnified by the US Govt, are unable to lie to their customers and have to worry about being sued by said customers.

    1. Doctor Syntax Silver badge

      Re: Good job...

      "are unable to lie to their customers"

      AIUI they are required to lie to their customers. That's part of the problem.

  3. Anonymous Coward
    Anonymous Coward

    How is this different?

    What's to stop the US government simply forcing Microsoft HQ in the US to hand over all the data anyway?

    1. Raphael

      Re: How is this different?

      As the article says:

      "The German operator's T-Systems subsidiary will handle the data trustee functions, managing all access to customer data in the Microsoft data centres. “Microsoft will not be able to access this data without the permission of customers or the data trustee, and if permission is granted by the data trustee, will only do so under its supervision”, the announcement states.

      Since Microsoft won't be in charge of the data, even an unfavourable decision in its US court case (in which the Feds want access to e-mails stored in Ireland) won't expose German customer data to American courts or law enforcement."

      1. Anonymous Coward
        Anonymous Coward

        Re: How is this different?

        ............"“Microsoft will not be able to access this data without the permission of customers or the data trustee, and if permission is granted by the data trustee, will only do so under its supervision."................

        Don't make me laugh. This is utterly unenforceable.... "Can we come in? Ok, yes!"....In all of this, where are local EU competitors? .... Why are M$, Google and Amazon still so dominant in the EU's strongest economic zone?

        After everything that's happened post Snowden, with Germans directly affected by NSA spying... I have to ask where is everyone now? Germans are world renowned for building tech and their political elite called out for home-grown protected infrastructure. So what happened? Is everyone too busy with cheating on pollution tests???..

    2. jzl

      Re: How is this different?

      The devil will be in the detail, but if the setup is done in such a way that T-Systems's permission is required under German law, then it should be safe as Microsoft Germany will not be able to break German law to satisfy Microsoft US's requests.

      The devil is in the detail though. I'd be interested to know how they intend to prove compliance.

      1. Dan 55 Silver badge

        Re: How is this different?

        So what? MS would have to break Irish law to give away customer data to the US courts without going through the Irish court system, but there's still every chance that could happen.

        1. Stephen Booth

          Re: How is this different?

          The US courts do not seem to recognize any limits to their jurisdiction, hence requesting MS to hand over data in Ireland.

          However I think the key difference here is that even though MS can technically access the data they can claim (if they so wish) that the data is not held by them so any court order requesting access to the data becomes a court order telling them to hack a third party. Not even the US legal system should be able to force a company to perform an illegal act so MS can appeal the order saying the court should make the request of DT instead getting MS off the hook without showing contempt for the court. Under US law (which seems to have no problem claiming jurisdiction over the entire universe) DT might also be required to hand over the data as well but it is in a much better position to fight such a request.

          I suspect the premium change might be necessary to strengthen this claim and avoid DT being ruled a MS subcontractor,

          MS could do something similar by spinning off their Irish datacenters as local businesses except that might unravel a lot of their current tax avoidance schemes.

          1. Doctor Syntax Silver badge

            Re: How is this different?

            "MS could do something similar by spinning off their Irish datacenters as local businesses except that might unravel a lot of their current tax avoidance schemes."

            I doubt it would unravel it by much. The obvious approach would be to have an Irish company, not owned by MS - repeat for the hard of reading NOT OWNED BY MS - as the intermediary operating as a franchise. Franchise operations seem to have worked pretty well for Starbucks as a mechanism for handling tax avoidance. I'm sure MS can find a few lawyers not too far from home who can advise them on such details.

        2. maffski

          Re: How is this different?

          Yes, but Microsoft Ireland is owned by Microsoft US - and they are being ordered to make Microsoft Ireland break Irish law. With a 3rd party custodian Microsoft US can be ordered by the US courts to tell them to hand over the data but the 3rd party wouldn't be forced to comply.

          The scheme only works if the custodian has no business interests in the US so can't be coerced into volunteering to break EU law.

          1. Dan 55 Silver badge

            Re: How is this different?

            DT's got T-Mobile in the US so can probably be coerced. So that's two companies that Uncle Sam can go after, not one.

            Perhaps not worth the premium price.

          2. Hans 1
            Facepalm

            Re: How is this different?

            >The scheme only works if the custodian has no business interests in the US so can't be coerced into volunteering to break EU law.

            T-Mobile, cough, US, anybody ?

    3. Anonymous Coward
      Anonymous Coward

      Re: How is this different?

      billg's nuts are still low hanging fruit located in mainland USA.

    4. Doctor Syntax Silver badge

      Re: How is this different?

      "What's to stop the US government simply forcing Microsoft HQ in the US to hand over all the data anyway?"

      RTFA!

    5. Anonymous Coward
      Anonymous Coward

      Re: How is this different?

      Did you fail reading comprehension?

      Did you not bother to actually read the article before posting?

  4. Captain DaFt

    Special memo to spooks:

    ACHTUNG! Alles touristen und non-technischen peepers!

    Das machine control is nicht fur gerfinger-poken und mittengrabben. Oderwise is easy schnappen der springenwerk, blowen fuse, und poppencorken mit spitzensparken.

    Der machine is diggen by experten only. Is nicht fur geverken by das dummkopfen. Das rubbernecken sightseenen keepen das cotten picken hands in das pockets, so relaxen und watchen das blinkenlights.

    (Gotta love the classics!)

  5. Pen-y-gors

    UK customers?

    Will this be available to UK customers?

    1. Doctor Syntax Silver badge

      Re: UK customers?

      When the details of the UK data centre are revealed I wouldn't be surprised to see something similar, at least in principle. As I've written here a number of times since the MS/Ireland case started, it's the obvious solution - set up a legal firebreak. A franchise operation is the one that comes to mind but presumably the trustee arrangement is one appropriate to Germany.

      As MoD are being talked about as an initial customer for the UK site it seems likely that they've looked at what's proposed. Unfortunately they might be comfortable with an arrangement that gave GCHQ access so it might not be ideal for everyone else. If I were in a business looking for a secure hosting company I'd still be looking at Switzerland as a preferred location.

    2. nematoad
      Unhappy

      Re: UK customers?

      Maybe.

      But even if it did do you really think that the Home Secretary and minions will not be making a MITM attack as soon as it goes live?

      1. Doctor Syntax Silver badge

        Re: UK customers?

        "But even if it did do you really think that the Home Secretary and minions will not be making a MITM attack as soon as it goes live?"

        That's the problem with any country whose govt doesn't grok privacy. It'll probably need someone to take them to the ECJ. I think we'll probably see a few iterations of that before govts. start to get the idea.

  6. ckm5

    Feds will just ask the BND for the data

    Gotta love smoke & mirrors - all this will do is make access to data even more secretive than it already is. Instead of the transparency of court orders, data will instead be requested via non-public international data sharing agreements.

    The BND must be ecstatic as they now have all the excuses necessary to go trolling through anyone's data...

  7. Anonymous Coward
    Anonymous Coward

    Not buying into any of this....

    "Financial Times says customers will have to pay a premium to have their data guarded by the trustee."

    I forsee two things happening. The US Govt will continue to lean on M$ until they offer up a workaround... Or even worse, customers will find that their premium policy lapsed for a day and was downgraded without their consent (honest mistake mister)... And during that phase all juicy data was hoovered up and sent westward!

    Ya know, where are all the European competitors to these American giants, with their own EU based data centers?

    1. ratfox
      Go

      Re: Not buying into any of this....

      a know, where are all the European competitors to these American giants, with their own EU based data centers?

      Go ahead and build one. It's not rocket science.

  8. herman

    Backups?

    I guess the backups will still be kept on unencrypted mag tape in the USA...

  9. Anonymous Coward
    Anonymous Coward

    so? If some of this data finds its way to the NSA

    and the Germans find out about it? What then?

    Send in the Panzers?

    Extradite Sataya to Germany to face trial?

    S.F.A is what.

    This is just as useful as that bit of paper that a certain brit PM waved in the air upon his return from Germany.

    1. Anonymous Coward
      Anonymous Coward

      Re: so? If some of this data finds its way to the NSA

      This is just as useful as that bit of paper that a certain brit PM waved in the air upon his return from Germany.

      What, the bit of paper that bought us a further year to rearm? Whilst the rationale for appeasement was questionable, the simple reality is that Allied forces got defeated in France in 1940, and the inadequacy of older aircraft types was shown. At the time of the Munich crisis, the RAF had only five squadrons of Hurricanes, and no completely operational Spitfire squadrons. The bulk of RAF fighter power in 1938 was biplanes. And not only did the Luftwaffe have better aircraft, its crews had seen active duty in Spain since 1937, whereas the RAF crews had no worthwhile combat training.

      Without the bit of paper, the outcome of a war started in 1938 would almost certainly have been the military defeat of Britain through the destruction of its air force (an objective almost achieved in 1940). And having been militarily defeated, the best the country could hope for would be having to sign a non-aggression, non-rearmament pact in return for not being occupied.

  10. MainframeBob

    How is this helping with the broken safe harbour?

    If only paying customers data are safe, MS is still not off the hook.

    EU wants all personal data to be safe, not just some part of it.

    1. Paul Crawford Silver badge

      Re: How is this helping with the broken safe harbour?

      True, but its a good start.

      1. Pascal Monett Silver badge

        Indeed, it is a positive start. The idea of a trustee protecting the data is genius in its simplicity.

        The trustee does, however, need to be totally independent from any US influence to be efficient. And it needs to remain untouched by any insider corruption - such as NSA agents infiltrating themselves in the trustee's organization.

        So great idea, but expanding the issue to ensure data protection from everyone for everyone is going to be one hell of a headache.

  11. Anonymous Coward
    Anonymous Coward

    3 x sieg heil!

    for the German spooks :)

    1. This post has been deleted by its author

    2. nematoad

      Re: 3 x sieg heil!

      Godwin's Law.

      You lose.

  12. Doctor Syntax Silver badge

    The first of many

    The use of non-US intermediaries has been on the cards for a good while now. Customers are starting to be concerned about security from spying, hence the the appearance of end-to-end encryption, Google pushing for HTTPS everywhere and so on.

    The Irish access case has been a wake-up call for MS who must have been thinking about it since before the ECJ decision on Safe Harbour. The only surprise is that they now seem to be looking at establishing data centres to serve individual EU countries rather than just setting up a fire break for the Irish operation. Given the amount of time they've had, however, they've probably taken a lot of legal advice as to the best way to achieve their objective under German law. They may take different approaches in other countries.

    I think we'll see other US corporations looking at similar solutions. There's been a window of opportunity for EU companies to get a slice of the action as well. I hope some of them take it.

  13. Luke Worm

    Isn't it Germany where CIA/NSA have their "listening stations" SCS, Special Collection Service, in Berlin and Frankfurt ?

  14. Anonymous Coward
    Linux

    Location, location, location

    Where in Germany is M$ going to set up it's base?

    Munich by any chance?

    http://www.theregister.co.uk/2014/08/19/munich_dumping_linux_for_windows/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like