Out-Law / Your Daily Need-To-Know

Microsoft mulls ‘German-controlled’ cloud data centre to instil cyber confidence

Out-Law News | 16 Sep 2014 | 11:19 am | 2 min. read

The head of Microsoft Germany has said the company is considering the possibility of working with partners to develop a cloud data centre based in Germany, with the aim of alleviating national concerns over cyber security.

Illek said in an interview with Tagespiegel on 14 September that such a development could enable email and other data to be subject to German or European law.

The proposal comes amid concerns in Germany over IT security, which have prompted the federal interior ministry to announce plans to end the federal government's contract with the US internet services provider Verizon over “revelations about surveillance by the US National Security Agency (NSA) and its relations with US companies”.

According to Illek, Microsoft is “testing” the idea of a ‘German cloud system’, where data could be hosted by a partner company but not be subject to US law. However, he said: “Whether and when it will happen, I cannot say.”

Illek said Microsoft's current data centres in the Netherlands and Ireland are becoming “increasingly popular” with major clients, but he said “this is obviously not enough” for some German organisations, which suggested “there is a market for cloud services to be offered from a German data centre subject to German or European law”.

Illek said Microsoft is already talking to German telecoms providers who have developed so-called ‘email made in Germany’ encryption systems. However, he said: “It is important that the encryption of individual email systems are compatible.”

Microsoft is “constantly busy” dealing with IT incompatibility issues across European countries, Illek said.  He called on EU countries to implement common data protection regulations.

Meanwhile, US and British intelligence services are able to secretly access information from German telecoms operators, according to a separate report in Germany’s Der Spiegel newspaper. The report claimed that a programme called ‘Treasure Map’ gives the NSA and its UK counterpart, GCHQ, access to data from operators including Deutsche Telekom. The data is said to include information from networks as well as from individual computers and smartphones.

In July, German interior minister Thomas de Maiziere called for the conclusion of stalled efforts to overhaul and harmonise data protection law in Europe. In particular, de Maiziere said Germany wanted to see an “opening clause” in future regulations that would “explicitly allow” EU member states to go beyond the planned ‘General Data Protection Regulation’ (119-page / 448 KB PDF) “as needed and pass stricter national data protection legislation for the public sector”.

Last August, draft legislation that would pave the way for the introduction of tough new cyber security measures to protect ‘critical infrastructure’ in Germany were unveiled by de Maiziere.

Measures outlined in the proposals included strengthening Germany’s federal information security office and extending the investigative powers of the federal criminal police in relation to cyber crime. Companies would also be required to report attacks by hackers.

The ministry said the proposals are in line with Germany’s ‘digital agenda’ for 2014-2017, which was approved by the federal government last month. The digital agenda is a supplement to the government’s information and communication technology strategy launched in 2010 (46-page / 1.34 MB PDF).