Former Microsoft Chief Privacy Officer Caspar Bowden on the Cloud Conspiracy

http://www.networkworld.com/article/2866286/microsoft-subnet/former-microsoft-chief-privacy-officer-on-the-cloud-conspiracy.html

http://www.computing.co.uk/ctg/analysis/2389869/why-i-hope-microsoft-loses-court-case-against-the-nsa-privacy-campaigner

http://www.theregister.co.uk/2014/07/31/microsoft_overseas_data_ruling/

Privacy concerns, the issue of data locality is causing a massive headaches for cloud providers.

At the 31C3 security conference, Microsoft's former chief privacy adviser Caspar Bowden presented The Cloud Conspiracy, warning "If you are not American, you cannot trust U.S. software services." He worked for Redmond for nine years, but was fired after warning Microsoft that the NSA could conduct unlimited mass surveillance on cloud computing data. But not even the EU believed it ... until Snowden.

This is great talk about cloud security. Main point of this talk is that you can't trust American companies at all. And not only cloud companies are a problem. Any American software provider will undermine your security. Non American's don't have any privacy rights at all.  

http://www.computing.co.uk/ctg/news/2341902/us-court-cloud-companies-must-hand-over-all-data-on-demand-regardless-of-where-it-is-held
Internet and cloud companies must turn over all information to US government agencies on demand, regardless of where the data is held.

That is the judgment of US Magistrates court judge James C. Francis in an action brought against software giant Microsoft. However, Microsoft claims that the judgement is just the beginning of an action intended to uphold constitutional limits on government search-warrant powers. 

Microsoft is currently fighting a legal battle against the US government over a warrant that requires it to hand over emails stored on a server in Dublin. This demand, made under the terms of the Stored Communications Act of 1986, is seemingly in violation of the Safe Harbor agreement, drawn up between the EU and the US in 2000 to allow the interchange of data despite differences in data protection laws. Under that agreement, US companies operating in the EU or processing or storing EU data must follow a set of privacy practices, such as informing individuals that their data is being collected and how it will be used.

Microsoft recently obtained ISO 27018 “Cloud Privacy/Security” certification and used the opportunity to publish a blog post by Brad Smith, General Counsel and Executive Vice President of Legal and Corporate Affairs in which he states:
http://blogs.microsoft.com/on-the-issues/2015/02/16/microsoft-adopts-first-international-cloud-privacy-standard/

Even as news of Microsoft’s 27018 compliance was making its way across social networks with journalists stating how great this was for privacy – few if any had actually noticed the caveat “unless this disclosure is prohibited by law” which is tagged onto the end of the Microsoft blog post and that is a very important point as many of the legal orders which provide access to this data come with a gagging order attached (that is to say that the company which receives the order is prohibited by law from admitting it has received it).