While Apple is embroiled in a fight with the U.S. government over a single iPhone, Microsoft is gearing up to get governments around the world to modernize laws that influence the tech sector and the way data is handled around the globe.
On Thursday, Microsoft president and chief legal officer Brad Smith will speak to the U.S. House Judiciary Committee, urging lawmakers to adopt modern rules and work with international governments to produce a clear set of statutes for U.S. companies.
The hearing, entitled “International Conflicts of Law Concerning Cross Border Data Flow and Law Enforcement Requests,” will examine how conflicting legal requirements around the world are causing delays in the application of justice both in the U.S. and abroad. Smith’s written testimony was published today (PDF).
Microsoft is the most prominent company involved in the testimony, and also may be the most prepared, based on its recent experience. It’s currently waiting on a decision from the Second U.S. Court of Appeals in New York that has arisen in part due to conflicting laws.
That ruling will determine whether a U.S. search warrant can force Microsoft to turn over data stored in a data center in Ireland owned by the company. The data, consisting of a set of emails related to at 2013 drug-trafficking investigation, is outside the investigators’ jurisdiction in Microsoft’s view, and shifting it to the U.S. may violate proposed European Union rules on transferring customer data overseas.
With companies like Microsoft storing data in countries around the world, these cases are likely only going to get more complicated. Smith outlines a scenario that could arise once the EU adopts the proposed General Data Protection Regulation, which bars transferring customer data without lengthy requests through complicated government-to-government treaties.
“They are putting technology companies in the untenable position of choosing which of two conflicting laws they must obey—and which of two laws they must violate,” Smith said in his written testimony.
If American companies do comply with U.S. law enforcement requests, they could face fines up to four percent of a company’s worldwide annual revenue for turning that data over. That would be a $3.5 billion penalty for Microsoft.
“The math is simple,” Smith said. “Unless this problem is solved, we’re talking about potential economic damages to the U.S. tech sector of billions of dollars per year, beginning in 2018.”
The solutions Smith is urging Congress to adopt range from reexamining national laws to working on improved international agreements on turning over data.
“One such approach would be to focus new legal norms on a person’s nationality or location rather than the location of the person’s data,” Smith said.
So instead of looking at where data is physically stored, Smith argues it would be better to look at the person the data belongs to in order to determine the laws that apply to that data. But Smith is also urging the government to reexamine what defines data ownership as well.
“Even when you put your content in our datacenters or on devices that we make, you still own it. The American people understand this,” Smith said. “In survey after survey, over 80 percent of those polled have said that they believe that something they write in an email and store in the cloud should not be any less private than something they write in a letter and store in a desk drawer.”
Without the changes, Smith argues, people around the world will be less likely to trust U.S. companies like Microsoft, Apple, Amazon and Google.
“These types of actions are leading to increasingly strong reactions that are undermining trust in American technology around the world,” he said. “They conflict with long-term opportunities to encourage growth, investment, and innovation in the global technology sector, a sector led by U.S. companies and contributing to millions of good U.S. jobs.”
Smith has spent an increasing amount of time dealing with these conflicting international rules over the past year. Microsoft outlined a detailed plan for international laws in October to help standardize data requests between the EU and U.S., a plan that Smith will emphasize at tomorrow’s hearing.
The issue is heating up quickly now that the EU struck down the Safe Harbor laws that previously allowed data transfer between Europe and the U.S. While Microsoft is the biggest tech company testifying tomorrow, companies across the U.S. tech sector will be affected as Safe Harbor agreements end, and many will be in the same boat as Microsoft in navigating the complex and conflicting international rules surrounding data storage.