It appears that it does not matter if the target is an individual, organization, or government. As long as the legal request is considered valid in the United States, the target or location of the data does not matter.
As an example, the Department of National Defence and Canadian Armed Forces make significant use of Microsoft 365. They have their own defence-tailored instance called Defence 365, which serves as a common cloud infrastructure for collaboration across DND/CAF, with stakeholders and other government departments.
In theory, any data on or using Microsoft or a U.S.-based organization’s products and infrastructure which is not isolated from the Internet could be subpoenaed by the United States government.
The data is encrypted, hopefully really hard with some safe guards like a canary, so we should be safe if they decided today to try and crack it but I see your point. If that canary is killed we need a system to move it to.
Honestly I’d like to believe that but I doubt it. This would only be believable if MS’s apps supported E2E encryption and they don’t. Any encryption likely refers to in-transit and at-rest data. Which means the server owner can read anything they like.
I recall over a decade ago, when various instituions like banks and universities were considering cloud apps. Everyone was concerned of data falling into US hands under the PATRIOT Act and how that’d breach Canadian privacy laws. I worked fot a Big 5 bank then. The cloud pushers kept coming up with various schemes to circumvent Canadian law so they can stop supporting their Canadian datacenters. I’m sure they got there eventually.
I really wish the Canadian government would look at all of this and see that we need more protection. I do not remember where I saw this so take it with a grain of salt but it is my understanding that Canada is running a fibre line over the North Pole, like the trans Atlantic and Pacific lines, to get to Sweden to integrate Canadian financial institutions more with the EU. If this is true hopefully we can also get off of Microsoft things at the national level.
I had accidentally found out my ISP was using an exchange server for their email, Exchange was probably the best option for them because they are getting out of hosting email. So I looked at the Canadian web host I got to replace my Wordpress blog with and bit the bullet after I paid for the following month of Apple’s Hide my email service I gave myself the month to move all my hide my addresses to a pseudo random email address at my domain. Then I started cancelling emails going to my ISPs address and creating new address for services that I still use or may use in the future.
Highly recommend separate email addresses for everything and the use of a pihole, give the Google the big F you!
We are so fucked if they decide to push…
The data is encrypted, hopefully really hard with some safe guards like a canary, so we should be safe if they decided today to try and crack it but I see your point. If that canary is killed we need a system to move it to.
Honestly I’d like to believe that but I doubt it. This would only be believable if MS’s apps supported E2E encryption and they don’t. Any encryption likely refers to in-transit and at-rest data. Which means the server owner can read anything they like.
I strongly hope it is true as well, especially since we are paying for their military version office, but yeah I have my doubts.
I recall over a decade ago, when various instituions like banks and universities were considering cloud apps. Everyone was concerned of data falling into US hands under the PATRIOT Act and how that’d breach Canadian privacy laws. I worked fot a Big 5 bank then. The cloud pushers kept coming up with various schemes to circumvent Canadian law so they can stop supporting their Canadian datacenters. I’m sure they got there eventually.
I really wish the Canadian government would look at all of this and see that we need more protection. I do not remember where I saw this so take it with a grain of salt but it is my understanding that Canada is running a fibre line over the North Pole, like the trans Atlantic and Pacific lines, to get to Sweden to integrate Canadian financial institutions more with the EU. If this is true hopefully we can also get off of Microsoft things at the national level.
I had accidentally found out my ISP was using an exchange server for their email, Exchange was probably the best option for them because they are getting out of hosting email. So I looked at the Canadian web host I got to replace my Wordpress blog with and bit the bullet after I paid for the following month of Apple’s Hide my email service I gave myself the month to move all my hide my addresses to a pseudo random email address at my domain. Then I started cancelling emails going to my ISPs address and creating new address for services that I still use or may use in the future.
Highly recommend separate email addresses for everything and the use of a pihole, give the Google the big F you!