from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: July 15, 2016

CFR Cyber Net Politics Microsoft Ireland Data Case

July 15, 2016

CFR Cyber Net Politics Microsoft Ireland Data Case
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Microsoft wins big in Ireland data case. The U.S. Second Circuit Court of Appeals ruled in favor of Microsoft’s challenge of a U.S. government search warrant compelling it to turn over user emails stored on a server in Ireland. Microsoft challenged the warrant in December 2014 on the grounds that the U.S. government had no authority to demand the production of e-mails stored in another jurisdiction. Had the U.S. government won the case, a number of technology companies, trade associations, and the Irish government, argued that it would embolden other countries to seek data stored outside of their jurisdiction and jeopardized cloud-based services. For more analysis, Lawfare’s Andrew Keane Woods unpacks the decision, Milton Mueller calls it a milestone for internet governance, and this NetPolitics Q&A with Microsoft President Brad Smith explains why challenging the U.S. government was worth it. No word yet on whether the U.S. government will appeal the ruling.

2. The EU-U.S. digital relationship: two step forwards, one step back. The EU-U.S. relationship went for a roller coaster ride this week. On Tuesday, the European Commission finally approved the E.U-U.S. Privacy Shield, a framework aimed at protecting the privacy of European data travelling across the Atlantic. The Privacy Shield replaces the Safe Harbor framework, invalidated by the Court of Justice of the European Union last year (CJEU). Although Privacy Shield establishes safeguards and mechanisms against the misuse or manipulation of data by public authorities, it’s likely to face a court challenge if Max Schrems has anything to say about it. Two days later on Thursday, the European Commission filed new antitrust charges against Google. The commission claims Google restricts websites from sourcing ads from its competitors, requiring third parties to give its ads premium placement, and giving itself the right to veto ads the company does not like. The new charges join two previous Commission complaints with Google’s Android mobile platform and its shopping service and an investigation into Amazon’s e-book distribution arrangements. A number of U.S. commentators claim that the Commission has an anti-Silicon Valley bias, something the Commission refutes.

3. NATO members pledge to do stuff they should already be doing. Last week in Warsaw, Poland, NATO issued a Cyber Defense Pledge, committing member states to develop the "fullest range of capabilities" to defend their national networked infrastructures, allocate resources to strengthen their cyber defense, and improve cyber skills and awareness of threats. NATO members should already be doing these things and it is unclear why NATO leaders felt a public pledge was necessary considering that NATO’s track record with member commitments (e.g. spending 2 percent of GDP on defense) is patchy at best. The Cyber Defense Pledge is the latest in a flurry of NATO-related cyber activity. In 2014, the alliance agreed that a major cyber attack against one NATO state could trigger the collective defense provision of the Washington Treaty (Article 5), and a few weeks ago recognized that cyberspace as a fifth domain of warfare.