In the Asia Vision Series features we dive into key industry trends and issues with our subject matter experts and visionaries the region. In part 2 of 3 in this interview, Koh Buck Song, author and editor of more than twenty books and former political supervisor for Singapore broadsheet The Straits Times, speaks with Jeff Bullwinkel, associate general counsel and director of Corporate, External and Legal Affairs (CELA), Microsoft Asia Pacific & Japan. Bullwinkel is a former federal prosecutor with the US Department of Justice, as well as Microsoft’s most senior legal counsel in Asia. He shares the reasons behind his passion for law and driving policies around trust in technology.
One of the things that our customers are focused on, is the question of data residency, data sovereignty, and the moving of data across borders.
For those working in the IT field, recent events have created an extraordinary opportunity for the industry to learn from, observes Jeff Bullwinkel, Associate General Counsel and Director of Corporate, External & Legal affairs at Microsoft Asia Pacific and Japan.
To illustrate this, Bullwinkel recalls Microsoft’s President and Chief Legal Officer, Brad Smith, commenting that a single month – January 2015 – encapsulates what an extraordinary time we live in: “Brad recounted that it was on 21 January 2015 that we unveiled Windows 10 and announced HoloLens to the world. But on the very same day, in a country in a different part of the world, it was a very different day.”
That day in January had started out like any other. However, as it unfolded, the police arrived at the home of one of our executives in Latin America. “They arrived at the door and asked that this executive appear in court. Why? Because they wanted Microsoft to produce Skype data relating to a customer in that country,“ says Bullwinkel.
However, the problem was that it would have been unlawful under U.S. law to provide the data.
Whilst that was an interesting day, it was only the beginning of more eventful incidents to come. Less than a week later, the whole world was transfixed by the horrifying events in Paris, by the attack on Charlie Hebdo and its employees there.
That sparked the largest manhunt in France in two decades, and as the sun began to rise in the US, the FBI contacted Microsoft with an emergency request. Some of the terrorists who were at large had used Microsoft email accounts.
“They served a lawful order and we reviewed it. In precisely 45 minutes we gave the requested information to the FBI, so they could turn it over to the French authorities in Paris,” says Bullwinkel.
Closer to Asia, a similar incident had occurred in 2014, he recounted, when a lone gunman held hostage 18 staff and customers in a Sydney café during a 16-hour standoff with police. Law enforcement agencies were keen to check if the gunman had any terrorist links, based on information that might be available online. Again, Microsoft responded within a very short time. “Once we receive a lawful government request, we move quickly to verify if it is indeed legitimate cause for us to proceed,” says Bullwinkel. And in the aftermath of the recent terrorist attacks in Paris in November 2015, we received a total of 14 requests from law enforcement authorities, and responded to those requests in an average time of under 30 minutes.
These have been just some of the events that have sparked a robust global debate on two closely related priorities that Bullwinkel says are “sometimes in tension but not incompatible.” More specifically, he comments that “we need policy frameworks that allow governments to fulfil their vital function to protect national security while at the same time respect the privacy of personal data.”
Bullwinkel and others within Microsoft’s Corporate, External & Legal Affairs Department around the world have been working closely to push for clearer and more updated laws.
For example, in February 2016, Microsoft’s Brad Smith spoke before the US Congress to highlight the gap between today’s technology and regulations that are frequently out-of-date. To drive home the point, during the congressional hearing Smith displayed IBM’s first computer built in 1986, which featured dual floppy drives, a monochrome screen and 256KB of RAM. He placed it next to a Surface tablet – which has 355,000 times more storage memory than the floppy disk.
“This was to highlight the stark contrast – technology has moved forward in leaps and bounds, but many regulations in the industry have stood still for the past 30 years. The law now needs to catch up,” says Bullwinkel.
For many governments, their concerns revolve around data sovereignty as well as data access and flows – who gets access to data and how they can use it, especially across borders. If data – along with people, goods and services – can move across national boundaries more easily, this will mean more opportunities. For example, in a country like Vietnam that is becoming a knowledge-based economy, this will allow entrepreneurs to become more productive by being more connected digitally, including through the cloud.
If data – along with people, goods and services – can move across national boundaries more easily, this will mean more opportunities. For example, in a country like Vietnam that is becoming a knowledge-based economy, this will allow entrepreneurs to become more productive by being more connected digitally, including through the cloud.
Promoting the free flow of data across borders brings with it the need to contribute to the ongoing discussion about the potential tension between security and privacy interests. For example, how can law enforcement around the world balance the need for access to data with reasonable expectations of data privacy? This is where Microsoft is working hard to set the pace, based on its belief in the intrinsic duty of a corporate citizen. “We believe as a company that we have not only the ability, but also the responsibility to support law enforcement as they carry out their important security functions,” says Bullwinkel. “But that support must be provided in accordance with law and in a manner that respects due process and privacy interests as well.”
Associate General Counsel and Director of Corporate, External & Legal Affairs,
Microsoft Asia Pacific & Japan
Jeff Bullwinkel is based in Singapore and oversees Microsoft’s legal and corporate affairs teams across the region. This includes supporting commercial transactions and providing regulatory counsel to business groups on public policy issues such as intellectual property rights, privacy, Internet security and safety, competition, and international trade. Bullwinkel joined Microsoft in 2000 and was initially based in Hong Kong, where he managed the company’s public policy activities in the Asia Pacific region.
Koh Buck Song is an author who has written and edited over twenty books, and a consultant in branding, communications strategy and corporate social responsibility in Singapore. He drove the positioning of Singapore as a “global entrepolis” as former Head of Marketing, Corporate Communications and Strategic Planning at the Economic Development Board from 1999 to 2005. Buck Song was also a former a political supervisor for The Straits Times. He graduated from the University of Cambridge and the University of London in the United Kingdom, and from the John F. Kennedy School of Government at Harvard University in the US, where he was a Mason Fellow and earned a master’s degree in public administration.