Cloud Services and Jurisdiction

On 12th July BBC reported that “Microsoft helped the NSA get around its encryption systems so the agency could more easily spy on users of its services, reports suggest”. This comes at no particular surprise to those who where following developments about government’s access to private information hosted in the cloud.

What does surprise is the fact that some of Microsoft’s flagship products such as Outlook.com, SkyDrive and Skype have made it to the list of products that NSA had access to according to BBC.

For the vast majority of us we need not worry about using cloud services today, we’re not terrorists after all. What is worrying is the “trend”. If a foreign government (e.g. the US Government) can spy on private information of a person or company in a country beyond it’s jurisdiction (e.g. a Maltese company, based in Malta) for the sake of national security; what can stop such a government from spying on such data for other national interests besides national security?

What protection can the local country laws of the country that is hosting the cloud services (e.g. USA), provide to foreign entities (e.g. Maltese Companies)? Do we have to rely on tech firm’s promises to secure our data? A promise which is falling apart, one news report after the other.