By Kate Tummarello - 06/24/14 05:09 PM EDT
Microsoft’s top lawyer is warning that U.S. government surveillance could open the door for other countries to try to spy on data stored by tech companies in the U.S.
Speaking at a Brookings Institution on Tuesday, Microsoft General Counsel Brad Smith criticized the U.S. governments attempts to compel American tech companies to hand over data about foreign users stored abroad.
“If the data is in the U.S., its subject to the reach of U.S. law,” but if the data is stored in a data center in a foreign country, it is subject to that country’s laws, Smith said.
If the U.S. goes after data stored abroad, other countries will be emboldened to pursue data stored in the U.S., he continued.
“If ISIS takes over a country, are we comfortable saying that they should have access to the data or an Iraqi citizen living in the United States,” he asked, referring to the anti-government militant group currently rebelling in Iraq.
“If we want to protect the rights of Americans for data that exists in the U.S., we has a country need to pursue principles” that are agreed to and applied globally, he said.
Rather than “deputizing” tech companies to spy on their users for government surveillance, the U.S. should turn to established legal processes, Smith said.
He cited the Mutual Legal Assistance Treaty process, through which countries agree to share information for criminal and other investigations.
In light of last year’s revelations about U.S. surveillance, Microsoft and other tech companies have pushed the U.S. government to work with foreign governments when requesting data about those governments’ citizens.
Smith criticized the U.S. government’s sweeping warrants that require tech companies to search multiple data centers for information about targeted users.
“The government must do some legwork” and figure out which specific information is needed and whether U.S. law applies where the information is stored, he said.
He pointed to the safe deposit box, invented in the 1880s, which allows
He compared the specific warrants U.S. law enforcement officials need to access individual safe deposit boxes to the broad warrants U.S. law enforcement officials use to get tech companies to search multiple data centers.
“If this has been a solvable problem since the 1880s, I think we have to ask ourselves if there isn’t a better way to solve it in 2014 than deputizing technology companies,” he said.