The UK government has reassured MPs their parliamentary data is safe on Microsoft servers in Ireland, as a US judge finds Microsoft in contempt of court for refusing to hand over email data stored on a server in Dublin.
William Hague, the leader of the House of Commons, has responded to concerns raised by an MP about the security of parliamentary data stored on Microsoft’s Cloud-based servers in Europe.
“The relevant servers are situated in the Republic of Ireland and the Netherlands, both being territories covered by the EC Data Protection Directive," William Hague wrote in a letter to John Hemming, MP for Birmingham Yardley.
"Any access by US authorities to such data would have to be by way of mutual legal assistance arrangements with those countries.”
Hague implied MPs’ emails and documents would be protected from US surveillance, as the American courts would be unable to override the EU data protection regulations that protect the private information.
“The US authorities could not exercise any right of search and seizure on an extraterritorial basis,” Hague said.
Microsoft in contempt
However, Hague’s assurances were called into question after a US court found Microsoft in contempt for refusing to hand over copies of emails, stored on a server in the Republic of Ireland, to the US government.
US District Judge Loretta Preska made the judgement after Microsoft requested to be found in contempt, to take advantage of the right to appeal that follows a contempt ruling. The US government claims the emails are connected to drugs trafficking.
Parliamentary correspondence at risk from US surveillance
John Hemming MP told Computer Weekly Hague’s reassurances carried little weight in the face of aggressive legal action by the US government.
“The Microsoft case makes it clear that, in the end, the fact that Microsoft is a US company legally trumps the European Data Protection Directive," said Hemming.
"And where [the letter says] the US authorities could not exercise a right of search and seizure on an extraterritorial basis, well, they are doing that, in America, today.”
Whether or not the US Supreme Court will uphold the right to make extraterritorial searches remains to be seen, said Hemming. If Microsoft is let off, there will be implications for the security of all other extraterritorially stored data. “But,” Hemming added, “it is a secret court.”
Concerns over cloud security
“So I think the parliamentary authorities need to think very carefully about whether their chosen solution is appropriate.”
Parliament migrated MPs’ and peers’ mailboxes to Microsoft’s Office 365 cloud servers in July 2014.
Hague wrote to Hemming, an IT specialist, after he raised concerns about the security of parliamentary data stored in the cloud.
Hague’s letter was co-signed by Alan Haselhurst, chairman of Parliament’s Administration Committee.
Parliamentary data exempt from MI5 scrutiny
Parliamentary correspondence has statutory exemption from scrutiny by the British security services. Hemming questioned whether a situation in which American intelligence officials may access it at will is constitutionally acceptable.
“The law of Parliament states that the security services are not allowed access to parliamentary emails. I find it a bit odd that we establish a legal position where a foreign country’s security services are allowed access but ours are not.”