Saturday, September 13, 2014

Good on you Microsoft!

So as I began writing this, I sit and stare at my other computer "preparing" to configure Windows after the latest batch of Microsoft updates have been installed.  But I won't let that bother me as it hasn't blue screened...

So in a recent ZDNET article, Microsoft is being held in contempt-of-court for not handing over data, that is stored on servers in Ireland, to US Federal Prosecutors despite a warrant.  So those of us who have worked for/with companies that have an international present, in particularly within the EU, know that it isn't a simple matter of saying "oh we own the servers, so we have the final say in what we do with that data..."  Fortunately/Unfortunately (depending how you look at it), the EU privacy laws are much stronger than most other countries.  So the fortunate part of this is that it puts our wonderful "World Police" mentality into check.  People need to play nice around here, so if a foreign government is willing to work with us on something, then cool.  If not, guess you need to go a different route in the prosecution.

So if Microsoft said, "Sure buddy!  here you go, all the foreign internetz!"  Then they risk breaking the law in the foreign country.  So damned if you do, damned if you don't.  I once had to do some forensic work on a system in another country.  That branch of the company needed to have their export folks and the privacy law dogs review the system before allowing me to take a forensic image.  Even though we were the parent company, we still had to allow them to approve it.  So it is a sticky matter when dealing with these situations.  The "Unfortunate" part of all this is if one is doing a forensics investigation on something critical like a targeted attack, well time is everything!  Lawyer types are not known for their speedy response on a decision.

So what are your thoughts?  I'd be interested in hearing them.