Published on June 07, 2018
By Steve Youngman, VP Finance and Legal
In February we published a post addressing the court case Microsoft v. United States that would rule on whether or not the US government could compel a US-based internet service provider to produce records stored exclusively outside of the US. In this particular case, the Microsoft email records of an individual under investigation for drug crimes were stored on servers in Ireland.
The case ended up being dismissed last month after the passage of the Clarifying Lawful Overseas Use of Data (CLOUD) Act. The CLOUD Act, included as part of the US government spending bill passed in March, essentially rendered the case moot, giving criminal investigators the ability to access data stored by a US-based internet service provider, regardless of where the data is stored. The CLOUD Act also allows foreign governments to access data stored in the US as part of a criminal investigation on a case-by-case basis. The CLOUD Act provides an alternative to the Mutual Legal Assistance Treaty (MLAT) process that was used to obtain data stored overseas, which was seen by many as unduly cumbersome, often taking six-months or longer to obtain information.
Hushmail’s headquarters and all of its operations are located in Canada, we do not store any data in the United States, so the CLOUD Act will not affect how your Hushmail data is governed. Your Hushmail communications will continue to be stored on our own servers in Vancouver and governed by Canadian law. We do this for several reasons. One is that maintaining our own servers gives us the ability to protect our customers’ data from web vulnerabilities that open users up to cyber attacks. Another is that it gives our customers the peace of mind that comes with knowing that their records are protected by Canadian law and the courts of Canada.
The CLOUD Act is a multi-layered piece of legislation that presents a framework for navigating the current and developing state of international data storage, but it also leaves plenty of room for interpretation. This will likely come into play when requests for data come up against the European Union’s General Data Protection Regulation (GDPR) that went into effect last month.
For some, the CLOUD Act opens the door for privacy and human rights abuse. For others, it gives timely access to information necessary for investigation and security. Future litigation can be expected as governments continue to weigh the importance of both privacy and security in an attempt to establish standards that support both.
We will continue to follow these developments. However, our main priority will always remain the same. At Hushmail we’re dedicated to providing safe, secure, private email. What we do from a business standpoint will always be in line with this end result. As long as your communications are through one of our accounts you will always know where your data is and how it will be governed.
Sign up for Hushmail Premium or Hushmail Business today.
Steve Youngman has been part of the Hushmail team since 2000. With degrees in Commerce and Law from the University of British Columbia, he is well suited to lead our finance, privacy, and legal departments. Steve has extensive experience providing business, tax, and legal advice to entrepreneurial clients.