Telstra has confirmed that the emails of its 4.2 million BigPond customers will be hosted offshore under a planned migration to the Windows Live cloud platform.
The telco, which announced the migration on Friday, originally told iTnews and several other publications that email data will continue to be stored locally in Australia.
This was not incorrect.
What Telstra hasn’t made public on its web site is that Microsoft will be hosting the service offshore. Telstra will simply store a mirror (copy) of this data in Australia to remain compliant with Australian law.
“Microsoft stores their emails as per Microsoft's network architecture and their responsibility,” a Telstra spokesman confirmed with iTnews.
“In the case of Windows Live they are stored overseas and locally to assist Telstra in meeting its legal obligations.
"This means that a copy of all BigPond emails will continue to be stored locally in Australia as well.”
This revelation could have significant consequences for small businesses that rely on BigPond email services.
As a business, storing email data offshore is mired in legal complications.
As first revealed in CRN sister publication iTnews’ Cloud Cover research report by lawyer Mark Vincent, many cloud contracts subject data to the laws of the jurisdiction in which the data is stored rather than where business is transacted.
If Microsoft stores BigPond email data in its Singapore data centre, for example, the data becomes subject to the laws of the Singaporean state, which has far fewer requirements around privacy.
It also exposes customer data to Singapore’s Computer Misuse Act [pdf], which empowers Singaporean law enforcement officers wide ranging powers to gain access to any computer stored in Singaporean territory if they suspect it has been used to commit a crime.
A recent whitepaper [pdf] by Telstra competitor Macquarie Telecom suggests that Telstra will also have to comply with over 160 Singaporean laws if customer data is stored in Singapore.
If Microsoft and Telstra stores BigPond email data in its United States data centre, the data becomes subject to US laws such as the Patriot Act, which also provides US law enforcement unbridled access to US-hosted data without requiring a court order.
Nothing new?
These risks are not new for consumers using free web versions of Gmail or Hotmail, nor for business customers of Telstra’s existing ‘T-Suite’ cloud services.
These users, knowingly or not, have already agreed to allow their data to be hosted offshore. T-Suite’s terms and conditions [pdf] state that Microsoft Exchange emails, Microsoft SharePoint and Office documents, Microsoft Dynamics CRM data and conversations using Microsoft’s Lync and Live Meeting services consumed as -a-service from Telstra “will be transmitted to and stored overseas”.
But BigPond customers would have signed up with Telstra under the reasonable expectation that their data was stored locally, by Telstra.
Telstra has confirmed that these customers will need to sign a new set of terms and conditions to allow the company to host the data offshore.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
